SSL diagnostics tool for IIS

Microsoft released SSL diagnostics utility. I just found it mention in an article called Troubleshooting SSL in IIS. However, it has one drawback: it comes as installable MSI package. If you don’t want to install anything on your server, just run a one-time scan of it, I created a ZIP package with just the executable …

Read More

Client certificate mapping in IIS 7 and impersonation

Recently, when migrating an application that uses client certificate authentication to IIS 7, we noticed that ASP.NET impersonation stopped working. Client was authenticated properly, but connection to database server was being established with machine account (DOMAIN\SERVERNAME$). We didn’t find any issue in the configuration, so we raised the case with Microsoft support. It turns out …

Read More

IIS client certificate mapping and authentication methods

Apart from the well-known authentication methods available in IIS: Anonymous Basic Digest Integrated Windows you can enable Client Certificate mapping, to map users holding a specific certificate to a pre-defines user account. For some reason, this method is not alway mentioned in IIS documentation under “authentication” topic. It is, however, very useful for authenticating users …

Read More