1-1 certiifcate mapping in IIS 6.0 allowing all users to access the site

Posted on 2011-04-25
Last Modified: 2012-05-11

We have a 2003/2008 AD environment with Enterprise Root CA.
I'm trying to get the 1-1 certificate mapping to work on a website running on IIS 6 on a 2003 Server so that a smartcard user can access the website using a smartcard.

After configuring the website for 1-1 mapping for user1, not only can user1 access the site but all smartcard users can access the site.  Am I missing a step?

I've only enabled 1-1 certificate mapping for user1 and have the many-1 mapping unchecked in IIS.  

I did the following to setup 1-1 certificate mapping.

To map a specific client certificate to a user account
 In IIS Manager, expand the local computer, and then expand the Web Sites folder.
 Right-click the Web site for which you want to configure authentication, and then click Properties.
 Click the Directory Security tab, and then, in the Secure Communications section, click Edit.
 In the Secure Communications box, select the Enable client certificate mapping check box, and then click Edit.
 In the Account Mappings box, click the 1-to-1 tab.
 On the 1-to-1 tab, either add a new certificate by clicking Add, or edit an existing mapping by selecting the mapping and clicking Edit Map.
 If you are adding a new certificate, browse to the certificate file and open it.


If you cannot find the certificate file, it might first need to be exported. For information about exporting a certificate for use in one-to-one mapping, see Exporting a Client Certificate for One-to-One Mapping.

 In the Map to Account box, enter a map name for the mapping. This is the name that will be displayed in the selection list on the Account Mappings box.
 Either type or browse to a Windows user account. Type the password of the account to which the certificate is being mapped.
 Click OK.

Question by:Lindows
    LVL 19

    Accepted Solution

    Did you disable anonymous access to the website?

    Try this:

    Author Comment

    I haven't had a chance to get back to this but the link you sent me has some good info.


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now