Hi,

i am using windows 2003 server os with sp1. It acts as a stand alone
CA also.In that i configured two websites namely website1,website2
with require client certificate property.I created one client
certificate for website1 name certificate1. Without creating client
certificate for website2 i can able to access website2. But website1
running under tcp port:35 ssl port:446 ,website2 runs under tcp port:
90 ssl port:447. somewhere i missed. It is not supposed to allow the
client to access the website which he/she doesn't have client
certificate. Can you please help me out on this.


                                  Thanks in advance.

Client certificates are just for *authentication* - identifying who the user
is.

Authorization is the process for allowing/denying access to resources. If
the resources are just files on the hard drive, then use NTFS permissions to
control who can read the files. If this is some application you wrote, you
can write some logic in your application to allow/deny specific users.

When the user presents their client certificate, IIS merely maps that
certificate thumbprint to a user account (whether 1:1, M:1 or via Active
Directory mapping). That's why when a user accesses Website1 and Website2
they are the same user (if presenting the same certificate). What you need
to do is now control what the user can do when accessing each individual
website.

Cheers
Ken

<poci***@gmail.com> wrote in message
Show quoteHide quote

Certificate Mapping - Debugging
iis 6 ssl redirect initial login encrypted?
web site access OK by IP but not by name
Unable to access site with FQDN
Restricting access from my site to other sites
IIS requiring Client "Machine" Certificate... possible?
webpage permissions
Client certificates
Managing Virtual Directories in IIS
Cannot Access Site when away from Office w/VPN, on Domain Machine, Fine on non Domain Machiens...