IIS Server Security - Re: IIS website - only allow users with client cert from our CA. P

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2006 > Re: IIS website - only allow users with client cert from our CA. P





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: IIS website - only allow users with client cert from our CA. P
Joe in Valrico

2006-02-17, 10:41 pm

David,

You need to build a Certificate Trust List. Include only the Trusted
Root(s) you wish to permit certificates issued from for access to your site.

http://www.microsoft.com/technet/pr...03c5ed86fe.mspx



"David Wang [Msft]" wrote:

>
> IIS supports the behavior you want, but there is no built in feature to
> discriminate SSL users based on the issuer of their client cert.
>
> This sounds like the sort of custom behavior that one should write an ISAPI
> to extend IIS behavior to accept/reject requests based on the detected
> CERT_ISSUER
>
> IIS can communicate with SSL as long as it has a Server Cert. "Require
> Client Certificates" simply means that the client MUST produce a Client Cert
> from any trusted root in order to do SSL with the server. SSL specifications
> did not say that the server can discriminate based on parameters such as who
> issued the cert; only whether the cert is valid or not; you will have to
> implement such custom logic yourself, and IIS supports you in doing that.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Frank" <Frank@discussions.microsoft.com> wrote in message
> news:4DDF4830-7E8F-411D-936A-0C58077F4305@microsoft.com...
>
>
>
>
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com