Solved

How Certificate Authentication works and validated between IIS and CA or AD ?

Posted on 2013-05-16
2
231 Views
Last Modified: 2014-01-03
There is a module "CertificateMappingAuthenticationModule" which is responsible for certificate authentication in IIS and do the certificate validation by communicating with Active Directory directory service. I am searching about how this communication process is happening.
0
Comment
Question by:ajitsunny
2 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 39171194
What in particular are you looking for here? The only difference really is the round trip and use of an internal Certificate of Authority Server (CA).

The key process is Client Certificates using AD is that is it required that the USER and IIS be on the same domain. The authentication part is the request hits IIS and the authentication is passed back to AD for validation and back to IIS to send to client. There is a minor performance hit.

USER (domain.com) --> IIS (domain.com) --> DC (domain.com) --> IIS (domain.com) --> USER (domain.com)

The other method essentially requires you to create certificates using tools such as makecert. Once a certificate is created, it must be installed on the USER and IIS.

USER (domain.com) --> IIS (domain.com) --> USER (domain.com)

NOTE: you can only use one or the other at one time.

http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

Cheers,
Hades666
0
 

Author Comment

by:ajitsunny
ID: 39385500
Can help me on like how this communication is happening between AD & IIS... is it using any service like federation service or any other ? If it is using service.. where it is hosted and executing under which hosting environment  ?

It will be great helpful.

Thanks,
Ajit
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now