Hi IIS Gurus!
I have IIS 8.5 and application hosted on it. Application server is Tomcat 8.0.37. So the whole chain is IIS+ISAPI+Tomcat.
My application is configured for smart-card authentication.
Users with smart-cards have personal certificates, issued by domain Certificate Authority.
IIS server and application are hosted inside the domain.
I've configured IIS+isapi+Tomcat for smart-card authentication, but it works only for users, who are accessing Site from domain-machine.
And I'm using Windows Authentication for this kind of configuration.
But how to configure smart-card authentication on IIS for users, trying to login to Site from outside the domain?
These users have a valid smart-card with personal certificate, issued by CA, and are able to login from inside the domain successfully.
P.S. I've tried to configure Client-certificate-mapping-authentication using this guide:
https://blogs.msdn.microsoft.com/asiatech/2014/02/12/how-to-configure-iis-client-certificate-mapping-authentication-for-iis7/
But when trying to login to Site, I am getting a 401.2 error: You are not authorized to view this page due to invalid authentication headers.
Thanks!
↧
IIS configuration for smart-card authentication for non-domain clients
↧