iisClientCertificateMappingAuthentication manyToOneMappings

wkugler — Tue, 24 Nov 2009 13:35:32 GMT

We want to use iisClientCertificateMappingAuthentication to allow access for Clients with certain certificates only. We want to use manyToOneMappings to keep the number of entries small and minimize administrative burden. We experienced that the rules do not work reliable. E.g. on some certificates a match with certificateField Issuer, certificateSubField CN does not work, where certificateField Issuer, certificateSubField C does work. Are there any known problems with manyToOneMappings?Furthermore we did not find any information concerning following questions:If two or more rules are added, are they combined with OR or with AND?

Does the field matchCriteria handle Wildcards? If so, how are wildcards handled?

Thanks for your answers.

config reference comment

barkills — Thu, 14 May 2009 16:36:05 GMT

(I renamed this post since the long URL was breaking the site design - Pete.)

Config reference link:
http://www.iis.net/ConfigReference/system.webServer/security/authentication/iisClientCertificateMappingAuthentication

That reference material really should include a reference to the SSL configuration module, explicitly reminding admins that they need to change the default setting of *Ignore* client certificates to *Accept* or *Require* if they want any of the certificate mapping functionality to actually be usable.

I would have added this as a comment, but the reference material doesn't support comments ...

Search results matching tag 'iisClientCertificateMappingAuthentication'

iisClientCertificateMappingAuthentication manyToOneMappings

config reference comment