Client certificate authentication skip / continue 403 errorRSS

2 replies

Last post Jun 18, 2020 09:30 AM by Yuk Ding

  • Client certificate authentication skip / continue 403 error

    Jun 17, 2020 02:50 PM|ChristophThurnheer|LINK

    Dear froum,

    have a working website, protected by SSL certificate authentication (SSL settings: require SSL: accept). Is there a possibility if a user provieds an "unknown" certificate towards ISS to continue to the website? As of now, we get an 403 error.

    Background: many companies have configured which certificate they provide towards the web, so the user has no choice to select the correct certificate. However, the user should be allowed to see some content of the website, even without login / incorrect certificate. The web application does recognize if the correct certificate is available and does then display the full website. Without some parts are invisible.

    So IIS should continue even without a correct certificate. Technically unauthorized access as a user without any certificate.

    Thanks,

    Chris

  • Re: Client certificate authentication skip / continue 403 error

    Jun 18, 2020 01:01 AM|lextm|LINK

    ChristophThurnheer

    However, the user should be allowed to see some content of the website, even without login / incorrect certificate.

    That can be done by redirecting such requests to another site, or a page excluded from authentication, usually via custom error page setting.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Client certificate authentication skip / continue 403 error

    Jun 18, 2020 09:30 AM|Yuk Ding|LINK

    Hi ChistophThunheer,

    What's the sub-status code of 403 error did you receive when you access the website? By default accept certificate allow user to pass client certificate to server side. But it won't return 403 without any authentication especially you don't use IIS client certificate authentication.

    You can re-construct your application in AOP authorize level. You may need to use code to verify the certificate and return different authorize users for valid cert and invalid cert. So your server can return different content based on different authorize user.

    If you don't want to do like that, you can also create a website for invalid certificate user to access. Then set 403 status error page  to redirect to this site.

    Best regards,

    Jokies Ding 

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.