IIS Server Security - Requiring matching client certificate and password?

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2006 > Requiring matching client certificate and password?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Requiring matching client certificate and password?
janaagaard@gmail.com

2006-02-26, 10:27 am

Is is possible to require client certificates and then have a dialog
box ask for the corresponding client's password?

Right now I've followed the guide "Using Client Certificate
Authentication with IIS 6.0 Web Sites"
(http://www.windowsecurity.com/artic...ation-IIS6.html).
As this guide states this only verifies that the certificate that the
user provides has been issued by a root that the web server trusts.

I can make a mapping of the certificate to a user name and password, so
that I don't have to enter my credentials. But for security reasons I
would still like to get a dialog box asking for the users' password.
The users' certificate shows up in active directory, so my guess is
that it should be possible to link the user name and user certificate
together.

We're running Exchange 2003 with Service Pack 1. Service Pack 2 will be
installed soon - will this make any difference? IIS is version 6.0. Our
traffic is routed through an ISA Server 2004 firewall, so this might
also provide some possibilities.

Thanks for any help provided. =)

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com