Solved

How Certificate Authentication works and validated between IIS and CA or AD ?

Posted on 2013-05-16
2
236 Views
Last Modified: 2014-01-03
There is a module "CertificateMappingAuthenticationModule" which is responsible for certificate authentication in IIS and do the certificate validation by communicating with Active Directory directory service. I am searching about how this communication process is happening.
0
Comment
Question by:ajitsunny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 39171194
What in particular are you looking for here? The only difference really is the round trip and use of an internal Certificate of Authority Server (CA).

The key process is Client Certificates using AD is that is it required that the USER and IIS be on the same domain. The authentication part is the request hits IIS and the authentication is passed back to AD for validation and back to IIS to send to client. There is a minor performance hit.

USER (domain.com) --> IIS (domain.com) --> DC (domain.com) --> IIS (domain.com) --> USER (domain.com)

The other method essentially requires you to create certificates using tools such as makecert. Once a certificate is created, it must be installed on the USER and IIS.

USER (domain.com) --> IIS (domain.com) --> USER (domain.com)

NOTE: you can only use one or the other at one time.

http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

Cheers,
Hades666
0
 

Author Comment

by:ajitsunny
ID: 39385500
Can help me on like how this communication is happening between AD & IIS... is it using any service like federation service or any other ? If it is using service.. where it is hosted and executing under which hosting environment  ?

It will be great helpful.

Thanks,
Ajit
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question