• IIS Admin Blog

  • How to Secure a Web Site Using Client Certificate Authentication

8th October 2007

How to Secure a Web Site Using Client Certificate Authentication

In this tutorial I am going to demonstrate how to secure a web site using a client certificate. I don’t intend to explain in detail what a client certificate is or how it works. If you don’t know then I suggest you read this Microsoft KB article before we get started :

IIS and client certificates

http://support.microsoft.com/?id=907274

In a nutshell a client certificate provides an extra layer of security for a web site – you can configure a web site so that any user wishing to connect is required to provide both a valid client certificate and a valid password. This is commonly known as ‘two factor authentication’ – the two factors are ‘something that you know’ and ‘something that you have’. In this scenario the ‘something that you know’ is your password and the ‘something that you have’ is your client certificate.

I am also going to expand on the final comments in the above KB article and demonstrate how to perform User mapping with a client certificate.

Read the rest of this entry »

posted in IIS 6.0 | 6 Comments

  • Calendar

  • October 2007
    M T W T F S S
    « Sep   Sep »
    1234567
    891011121314
    15161718192021
    22232425262728
    293031