Hello folks - We have web server in the DMZ that has been configured to use Many-to-One client certificate mappings. I have set the rule on to allow the connection to come through based on the Issuer of the certificate. However the rules are not working , the web server is allowing connections to go through even if a client certificate from an unauthorized source is provided. Also reading the documentation on setting this up it has been said that all other forms of authentication must be disabled. However if I disable Anonymous Authentication , the website stops functioning completely with the following error (HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.). I just can't get this client certificate mapping to work.
Any help in this matter would be highly appreciated.