Solved

How Certificate Authentication works and validated between IIS and CA or AD ?

Posted on 2013-05-16
2
230 Views
Last Modified: 2014-01-03
There is a module "CertificateMappingAuthenticationModule" which is responsible for certificate authentication in IIS and do the certificate validation by communicating with Active Directory directory service. I am searching about how this communication process is happening.
0
Comment
Question by:ajitsunny
2 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 39171194
What in particular are you looking for here? The only difference really is the round trip and use of an internal Certificate of Authority Server (CA).

The key process is Client Certificates using AD is that is it required that the USER and IIS be on the same domain. The authentication part is the request hits IIS and the authentication is passed back to AD for validation and back to IIS to send to client. There is a minor performance hit.

USER (domain.com) --> IIS (domain.com) --> DC (domain.com) --> IIS (domain.com) --> USER (domain.com)

The other method essentially requires you to create certificates using tools such as makecert. Once a certificate is created, it must be installed on the USER and IIS.

USER (domain.com) --> IIS (domain.com) --> USER (domain.com)

NOTE: you can only use one or the other at one time.

http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

Cheers,
Hades666
0
 

Author Comment

by:ajitsunny
ID: 39385500
Can help me on like how this communication is happening between AD & IIS... is it using any service like federation service or any other ? If it is using service.. where it is hosted and executing under which hosting environment  ?

It will be great helpful.

Thanks,
Ajit
0

Join & Write a Comment

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now