iis security: Forgive me if this question is something I already know, but I think
there's a mismatch between my expectations and reality. Wouldn't be
the first time *that* happened, of course.

I've successfully got certificate server set up, and I've got account
mapping going. But when a user with a certificate accesses a vdir so
configured, they are getting prompted for credentials. That's not
what I expected: I was thinking that the certificate would be all
they would need.

So I'm looking for confirmation: even if the certificate mapping is
working correctly, should the users be prompted to login? If that's
the case, its it safe to say that the having the certificate
requirement is essentially just a third credentially requirement?

If so, fine -- so be it. If not, what should my next troubleshooting
step be?

I'm happy to RTFM if somebody can point me to a good M to F'n R. :)

Thanks!

Kent Tegels



SQL Sever Express Blog (Good for FAQs): http://tinyurl.com/6r4gb

SQL Server Express BOL (The docs you need): http://tinyurl.com/4ctjx

[quoted text, click to view]



[quoted text, click to view]

Direct config, AD isn't an option here. At least not immediately or
easily.



[quoted text, click to view]
is

[quoted text, click to view]



[quoted text, click to view]
access

[quoted text, click to view]

Yes.



[quoted text, click to view]

Nothing helpful there.



Danke,

Kent Tegels



SQL Sever Express Blog (Good for FAQs): http://tinyurl.com/6r4gb

SQL Server Express BOL (The docs you need): http://tinyurl.com/4ctjx

Hi,

"Kent Tegels" <kent@tegels.org> schrieb:
[quoted text, click to view]

via AD or via direct config?

[quoted text, click to view]

it depends ... does the useraccount that is mapped to the cert have access
to the files in question?

[quoted text, click to view]

check the W3-logfile and activate logging on all possible fields.

Jochen

I've dug myself out of this. Turns out that I didn't allow anonymous
access and the user in question didn't have DACLs were they should.
Once I started allowing anonymous but required certificates and gave
the anonmyous ASP.NET process to directory, it all started working
and the the impersonation process I wanted to achieve turned out fine.


Thanks!

Kent Tegels



SQL Sever Express Blog (Good for FAQs): http://tinyurl.com/6r4gb

SQL Server Express BOL (The docs you need): http://tinyurl.com/4ctjx

Hi,

"Kent Tegels" <kent@tegels.org> schrieb:
[quoted text, click to view]

you should at least see a 403-error when you try to access the file. What
username is listed there? Enable auditing for that file and check eventlog.

Jochen