Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

How Certificate Authentication works and validated between IIS and CA or AD ?

There is a module "CertificateMappingAuthenticationModule" which is responsible for certificate authentication in IIS and do the certificate validation by communicating with Active Directory directory service. I am searching about how this communication process is happening.
0
ajitsunny
Asked:
ajitsunny
1 Solution
 
Brad HoweCommented:
What in particular are you looking for here? The only difference really is the round trip and use of an internal Certificate of Authority Server (CA).

The key process is Client Certificates using AD is that is it required that the USER and IIS be on the same domain. The authentication part is the request hits IIS and the authentication is passed back to AD for validation and back to IIS to send to client. There is a minor performance hit.

USER (domain.com) --> IIS (domain.com) --> DC (domain.com) --> IIS (domain.com) --> USER (domain.com)

The other method essentially requires you to create certificates using tools such as makecert. Once a certificate is created, it must be installed on the USER and IIS.

USER (domain.com) --> IIS (domain.com) --> USER (domain.com)

NOTE: you can only use one or the other at one time.

http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

Cheers,
Hades666
0
 
ajitsunnyAuthor Commented:
Can help me on like how this communication is happening between AD & IIS... is it using any service like federation service or any other ? If it is using service.. where it is hosted and executing under which hosting environment  ?

It will be great helpful.

Thanks,
Ajit
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now