Client certificate mapping in IIS 7 and impersonation

Recently, when migrating an application that uses client certificate authentication to IIS 7, we noticed that ASP.NET impersonation stopped working. Client was authenticated properly, but connection to database server was being established with machine account (DOMAIN\SERVERNAME$). We didn’t find any issue in the configuration, so we raised the case with Microsoft support. It turns out …

Read More

IIS client certificate mapping and authentication methods

Apart from the well-known authentication methods available in IIS: Anonymous Basic Digest Integrated Windows you can enable Client Certificate mapping, to map users holding a specific certificate to a pre-defines user account. For some reason, this method is not alway mentioned in IIS documentation under “authentication” topic. It is, however, very useful for authenticating users …

Read More