I'm trying to set up One-to-One Client Certificate Mapping on an IIS 7.5 instance on a 2008 R2 server. We had previously been running Active Directory Client Certificate Mappings for authentication, but had encountered reliablility issues. So, I'm trying to set up One-to-One Mappings on the server, but it doesn't seem to work at all. I've been in circles searching around this forum and the net, and have come up with nil. I've followed all of the guides that I've found and everything looks right, but when I attempt to log in with the certificate, I get a "530 User cannot log in." error. Looking at the logs shows me that there is no user information being associated with the certificate:
ControlChannelOpened - - 0 0 ec05c387-e41a-4395-93c2-326b84bb37e7 -
AUTH TLS 234 0 0 ec05c387-e41a-4395-93c2-326b84bb37e7 -
USER anonymous 331 0 0 ec05c387-e41a-4395-93c2-326b84bb37e7 -
PASS anonymous@FTPSClient.org 530 1326 42 ec05c387-e41a-4395-93c2-326b84bb37e7 -
QUIT - 221 0 0 ec05c387-e41a-4395-93c2-326b84bb37e7 -
ControlChannelClosed - - 0 0 ec05c387-e41a-4395-93c2-326b84bb37e7 -
I've checked all of the obvious things and made sure that the certs match. I tried enabling one-to-one mappings on the server level / site level. I am able to log in and access the directories with basic authentication using a username/password, so we don't have an issue there. And it was previously working (albeit sporadically, we think there was some communication hiccup to the DC) with Active Directory Mapping. We have disabled the AD mapping, as well... I believe that I read somewhere that you couldn't use them together.
Any ideas?