i've tried to configure in IIS 7.5 one of my paths to require client certificate - but only those who are bounded to a specific subject. The configuration is as follows:
<location path="Default Web Site/MySite/API"><system.webServer><security><authentication><iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="false"><manyToOneMappings><add name="test" description="..." userName="User" password="[enc:AesProvider:password:enc]"><rules><clear /><add certificateField="Subject" certificateSubField="CN" matchCriteria="SomeName" /></rules></add></manyToOneMappings><oneToOneMappings /></iisClientCertificateMappingAuthentication></authentication><access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" /></security></system.webServer>
My problem is that any certificate - signed by a trusted CA is accepted, and any rule i'm adding is ignored. i've read in another post (in stack overflow) (IIS Client Certificate Mapping Rule not being respected) that it's due to a fallback to other authentications, i've tried to disable all authentications - and when I disabled the anonymous, it redirected me to the logon page. I've even tried to allow any user (authorizations) but still, redirecting to the logon page. What am i missing? |