IIS6 Certificate Mapping issue

External Since: Nov 27, 2003 Posts: 1

Hi,

My web application should have to use client certificates
for user authentication. What I want to do at this point
is only set up IIS6 to refuse access on some client
certificates. (I don't want to map certificates to user
accounts at the moment.)
In the IIS6 config client certificate mapping is enabled
on a specific virtual directory's subdirectory and I set
up a Many-to-1 mapping. I created a rule with the
action "Refuse Access" and specified some criteria in it.
The problem is, that the IIS do not mind the above
settings, because it accepts the refuseable certificates
too. Sometimes it works! But only in case when there is
only one criteria defined in the Mapping Rule. If I set up
an another criteria, or delete one from the list, it goes
wrong again....
Does anybody have any experience with certificate mapping?
Any suggestions will be appreciated! Thx.

External Since: Sep 02, 2003 Posts: 912

Can you not revoke the client certificates? Try here for more:
microsoft.public.inetserver.iis.security

Thank you. I hope this information is helpful.

Tim Coffey [MSFT]

This posting is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use. © 2001 Microsoft Corporation. All rights reserved.
--------------------
| Content-Class: urn:content-classes:message
| From: "Szabolcs Nagy" <nagysz DeleteThis @mavinformatika.hu>
| Sender: "Szabolcs Nagy" <nagysz DeleteThis @mavinformatika.hu>
| Subject: IIS6 Certificate Mapping issue
| Date: Thu, 27 Nov 2003 04:41:43 -0800
| Lines: 21
| Message-ID: <087b01c3b4e3$d023d150$a501280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcO049Aj2YSnIPR/SB+3CSfEYguCag==
| Newsgroups: microsoft.public.inetserver.iis
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis:285650
| NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
| X-Tomcat-NG: microsoft.public.inetserver.iis
|
| Hi,
|
| My web application should have to use client certificates
| for user authentication. What I want to do at this point
| is only set up IIS6 to refuse access on some client
| certificates. (I don't want to map certificates to user
| accounts at the moment.)
| In the IIS6 config client certificate mapping is enabled
| on a specific virtual directory's subdirectory and I set
| up a Many-to-1 mapping. I created a rule with the
| action "Refuse Access" and specified some criteria in it.
| The problem is, that the IIS do not mind the above
| settings, because it accepts the refuseable certificates
| too. Sometimes it works! But only in case when there is
| only one criteria defined in the Mapping Rule. If I set up
| an another criteria, or delete one from the list, it goes
| wrong again....
| Does anybody have any experience with certificate mapping?
| Any suggestions will be appreciated! Thx.
|
|
|