Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Certificate authentication under IIS

from [John Lightfoot] Network Security [Permanent Link]
Subject: Re: Certificate authentication under IIS
Date: Mon, 6 Mar 2006 15:15:40 -0600 
Hello,

I am trying to figure out how to use client certificates to
authenticate in IIS under
Windows Server 2003.

Specifically, I'm trying to use client certificates to map to Windows user
accounts in IIS, but I don't want to require username and password, too.
I'm trying to use one-factor authentication mapped to a Windows account with
the one factor being the certificate.  Upon presentation of the certificate
by the client, I want the IIS session to log-in the user to the mapped user
account.  I only seem to be able to require both a certificate and
username/password, not a certificate only.

I'm able to require client certificates and present the proper one to the
web site.  In the "authentication methods" configuration screen, if I
deselect "enable anonymous access" and select "integrated Windows
authentication," I can log-in by providing both the certificate and the
username/password of the mapped account.  If I deselect "integrated Windows
authentication," I get an HTTP 401.2 error, "You do not have permission to
view this directory or page using the credentials that you supplied because
your Web browser is sending a WWW-Authenticate header field that the Web
server is not configured to accept."  Is it possible to log-in a user based
only on presentation of the certificate?

Any help would be greatly appreciated.  Thanks.



John Lightfoot

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Questions regarding EFS, Laura A. Robinson
Next by Date:  Re: Re: Certificate authentication under IIS, cmcgregor
Previous by Thread:  Administrivia: Holidays, Marc Fossi
Next by Thread:  RE: Certificate authentication under IIS, Laura A. Robinson
Indexes:  [Date] [Thread] [Top] [All Lists]