• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

1-1 certiifcate mapping in IIS 6.0 allowing all users to access the site

Hello,

We have a 2003/2008 AD environment with Enterprise Root CA.
I'm trying to get the 1-1 certificate mapping to work on a website running on IIS 6 on a 2003 Server so that a smartcard user can access the website using a smartcard.

After configuring the website for 1-1 mapping for user1, not only can user1 access the site but all smartcard users can access the site.  Am I missing a step?

I've only enabled 1-1 certificate mapping for user1 and have the many-1 mapping unchecked in IIS.  

I did the following to setup 1-1 certificate mapping.

To map a specific client certificate to a user account
1.
 In IIS Manager, expand the local computer, and then expand the Web Sites folder.
 
2.
 Right-click the Web site for which you want to configure authentication, and then click Properties.
 
3.
 Click the Directory Security tab, and then, in the Secure Communications section, click Edit.
 
4.
 In the Secure Communications box, select the Enable client certificate mapping check box, and then click Edit.
 
5.
 In the Account Mappings box, click the 1-to-1 tab.
 
6.
 On the 1-to-1 tab, either add a new certificate by clicking Add, or edit an existing mapping by selecting the mapping and clicking Edit Map.
 
7.
 If you are adding a new certificate, browse to the certificate file and open it.
 

  Note

If you cannot find the certificate file, it might first need to be exported. For information about exporting a certificate for use in one-to-one mapping, see Exporting a Client Certificate for One-to-One Mapping.

1.
 In the Map to Account box, enter a map name for the mapping. This is the name that will be displayed in the selection list on the Account Mappings box.
 
2.
 Either type or browse to a Windows user account. Type the password of the account to which the certificate is being mapped.
 
3.
 Click OK.
 


0
Lindows
Asked:
Lindows
1 Solution
 
CoccoBillCommented:
Did you disable anonymous access to the website?

Try this: http://www.iisadmin.co.uk/?p=11
0
 
LindowsAuthor Commented:
I haven't had a chance to get back to this but the link you sent me has some good info.

Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now