Solved

How Certificate Authentication works and validated between IIS and CA or AD ?

Posted on 2013-05-16
2
234 Views
Last Modified: 2014-01-03
There is a module "CertificateMappingAuthenticationModule" which is responsible for certificate authentication in IIS and do the certificate validation by communicating with Active Directory directory service. I am searching about how this communication process is happening.
0
Comment
Question by:ajitsunny
2 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 39171194
What in particular are you looking for here? The only difference really is the round trip and use of an internal Certificate of Authority Server (CA).

The key process is Client Certificates using AD is that is it required that the USER and IIS be on the same domain. The authentication part is the request hits IIS and the authentication is passed back to AD for validation and back to IIS to send to client. There is a minor performance hit.

USER (domain.com) --> IIS (domain.com) --> DC (domain.com) --> IIS (domain.com) --> USER (domain.com)

The other method essentially requires you to create certificates using tools such as makecert. Once a certificate is created, it must be installed on the USER and IIS.

USER (domain.com) --> IIS (domain.com) --> USER (domain.com)

NOTE: you can only use one or the other at one time.

http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

Cheers,
Hades666
0
 

Author Comment

by:ajitsunny
ID: 39385500
Can help me on like how this communication is happening between AD & IIS... is it using any service like federation service or any other ? If it is using service.. where it is hosted and executing under which hosting environment  ?

It will be great helpful.

Thanks,
Ajit
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question