|
Home > Archive > IIS Server Security > August 2005 > Use of Client Certificates
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Use of Client Certificates
|
|
|
| Requing client certificates on the web server allows any client with
certificate to make a call to web server. How can I configure IIS6 to accept
only a handful of client certificates and silently drop others?
Thanks.
Raghu/..
| |
| David Wang [Msft] 2005-08-21, 5:50 pm |
| No configuration in IIS to do this. You will have to add the logic yourself
after IIS6 accepts the SSL connection with the client certificate.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Raghu" <Raghu@Nospam.com> wrote in message
news:OeMrxi1oFHA.568@TK2MSFTNGP10.phx.gbl...
Requing client certificates on the web server allows any client with
certificate to make a call to web server. How can I configure IIS6 to accept
only a handful of client certificates and silently drop others?
Thanks.
Raghu/..
| |
|
| David,
Can you provide pseudo logic to do this?
Thanks.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:%23uQV%23IlpFHA.2156@TK2MSFTNGP14.phx.gbl...
> No configuration in IIS to do this. You will have to add the logic
yourself
> after IIS6 accepts the SSL connection with the client certificate.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Raghu" <Raghu@Nospam.com> wrote in message
> news:OeMrxi1oFHA.568@TK2MSFTNGP10.phx.gbl...
> Requing client certificates on the web server allows any client with
> certificate to make a call to web server. How can I configure IIS6 to
accept
> only a handful of client certificates and silently drop others?
>
> Thanks.
> Raghu/..
>
>
>
| |
| David Wang [Msft] 2005-08-23, 2:48 am |
| The answers are all in my blog.
1. Take any of the ISAPI Filter samples on my blog's "Code" section as base.
2. Read my GetServerVariable blog entry to locate the necessary server
variable to identify the necessary data from the client-certificate fields.
3. See the correct way to call GetServerVariable from the same blog entry of
#2
4. Using #1, #2, and #3, assemble your pseudo logic and compile your own
custom ISAPI Filter to do what you want
5. Read my blog entry on how to troubleshoot ISAPI Filter loading if you
have troubles installing.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Raghu" <pamu@nospam.net> wrote in message
news:OYghCz5pFHA.1040@tk2msftngp13.phx.gbl...
David,
Can you provide pseudo logic to do this?
Thanks.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:%23uQV%23IlpFHA.2156@TK2MSFTNGP14.phx.gbl...
> No configuration in IIS to do this. You will have to add the logic
yourself
> after IIS6 accepts the SSL connection with the client certificate.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Raghu" <Raghu@Nospam.com> wrote in message
> news:OeMrxi1oFHA.568@TK2MSFTNGP10.phx.gbl...
> Requing client certificates on the web server allows any client with
> certificate to make a call to web server. How can I configure IIS6 to
accept
> only a handful of client certificates and silently drop others?
>
> Thanks.
> Raghu/..
>
>
>
|
|
|
|
|