Hi Bob,
I may have misunderstood your post, but,
> " Then I added a mapping between a client certificate and a newly created
> local windows account that
doesn't belong to any User Group"
All local users belong to the USERS group, each time you create one, it's
automatically part of this group...
--
Cheers,
Ed
"Bob" <bobatkpmg.RemoveThis@yahoo.com> wrote in message
news:%23z5ztR9GGHA.2036@TK2MSFTNGP14.phx.gbl...
>I have a web server running Windows 2003 with SP1. I need to use a client
> certificate to control the access to a path. Under Properties ->
> Directory
> Security -> Security Communications (Edit) of the folder, I checked
> Require
> secure channel and Require client certificates. Then I added a mapping
> between a client certificate and a newly created local windows account
> that
> doesn't belong to any User Group. I then tested it from a remote IE
> browser. IE correctly detected that the page requires client certificate
> and prompted me to select one. I selected the one that's mapped on the
> server, it showed me the page. It all seems to work but my question is
> the
> user account on the server the client cert is mapped to does not belong to
> any group, so it has no ACL access to the file system folder (that the web
> path points at), how come I was able to view the page? I was expecting an
> Access Denied error. I disabled Anonymous Access, Integrated Windows
> Authentication, Basic Authentication etc, that is, everyting on the
> Directory Security -> Authentication and Access Control tab, but the
> result
> is the same. This is really odd as it seems that if you have a valid
> client certificate, you can get in regardless of what account it's mapped
> to
> on the server.
>
> Any help with explaining this behavior, or what I did wrong would be much
> appreciated.
>
> Bob
>
>
FAQ
Profile
Private Messages
Log in
