1-1 certiifcate mapping in IIS 6.0 allowing all users to access the site
Posted on 2011-04-25
We have a 2003/2008 AD environment with Enterprise Root CA.
I'm trying to get the 1-1 certificate mapping to work on a website running on IIS 6 on a 2003 Server so that a smartcard user can access the website using a smartcard.
After configuring the website for 1-1 mapping for user1, not only can user1 access the site but all smartcard users can access the site. Am I missing a step?
I've only enabled 1-1 certificate mapping for user1 and have the many-1 mapping unchecked in IIS.
I did the following to setup 1-1 certificate mapping.
To map a specific client certificate to a user account
In IIS Manager, expand the local computer, and then expand the Web Sites folder.
Right-click the Web site for which you want to configure authentication, and then click Properties.
Click the Directory Security tab, and then, in the Secure Communications section, click Edit.
In the Secure Communications box, select the Enable client certificate mapping check box, and then click Edit.
In the Account Mappings box, click the 1-to-1 tab.
On the 1-to-1 tab, either add a new certificate by clicking Add, or edit an existing mapping by selecting the mapping and clicking Edit Map.
If you are adding a new certificate, browse to the certificate file and open it.
If you cannot find the certificate file, it might first need to be exported. For information about exporting a certificate for use in one-to-one mapping, see Exporting a Client Certificate for One-to-One Mapping.
In the Map to Account box, enter a map name for the mapping. This is the name that will be displayed in the selection list on the Account Mappings box.
Either type or browse to a Windows user account. Type the password of the account to which the certificate is being mapped.