Configuring client certificates for mutual authentication on IIS 8
Hafiz Mohammed

I really like this blog — every detail is explained and the whole process is easy to understand.

However, I think there is a misunderstanding. When you enable the Anonymous logon to your web site, the oneToOne mapping is not used at all. AFAIK, the IIS checks for a valid certificate during the HTTPS handshake (validity timeframe, known CA) and if your certificate is accepted, you get access to the page as an anonymous user.

I did an similar setup and as a result, I could

  • logon w/o the oneToOne mapping or
  • logon using an unmapped certifcate

Please check your setup (if this is relevant after 1.5 years time any longer ;-).

all the best — Joachim

Like what you read? Give Joachim Krumnow a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.