Hi,
We configured the IIS 7.5 to have 2 factor authentication for web site (asp.net web application).
First authentication, we enabled is 'Basic Authentication', created user in AD for this.
Second authentication, we enabled client certificate authentication for this we did below steps.
1. We installed self signed server certificate for SSL and making web site Https enabled.
2. We checked 'Requires SSL' and check 'Require' radio button for Client certificates.
3. We installed the Root CA certificate in 'Trusted Root Authorities' on server machine's certificate store.
After above configuration we tried connecting the application by entering url in browser.
We prompted for selecting the client certificate and after that prompt for basic authentication credentials.
Selecting client certificate issued from Root CA certificate and providing AD user credentials it worked.
Now we configured 'OntToOneMappings' using 'iisClientCertificateMappingAuthentication' from Configuration Editor. We want to restrict client certificates issued from Root CA to access the application.
We only want one client certificate can be valid to access application and that certificate we configure using 'OntToOneMappings'.
But it is not restricting the access to application. using any client certificate issued from root CA provides the access to application.
We understand this is not working as expected, it should allow access to only one client certificate that is configured in 'OntToOneMappings'.
Please confirm our expectation with above configuration and why it is not working.
Thanks
Kamal
↧
iisClientCertificateMappingAuthentication oneToOneMappings is not working as expected
↧