This project is read-only.

How to map certificates with windows accounts

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Client certificates are not mapped to Windows accounts by default. Set the mapClientCertificateToWindowsAccount property to true to map certificates to Windows accounts.

Use the following steps to map certificates to Windows accounts:
  1. Select the IIS vs Active Directory Mapping.
    1. IIS Mapping is useful if you need only a limited number of mappings or a different mapping on each WCF Service.
    2. Use Active Directory mapping when the account mappings are identical on all IIS servers. Active Directory mapping is easier to maintain than IIS mapping because you only have to create the mapping in one location.
  2. Configure the IIS / Active directory for mapping the certificates.
  3. Once you have enabled the client certificate mapping feature, set the mapClientCertificateToWindowsAccount property to true.
<serviceBehaviors>
  <behavior name="MyServiceBehaviorForWebHttp">

     <serviceCredentials>
      <clientCertificate>
*       <authentication mapClientCertificateToWindowsAccount="true" />*
      </clientCertificate>
     </serviceCredentials>

  </behavior>
</serviceBehaviors>

Additional Resources

Last edited May 8, 2008 at 4:26 AM by prashantbansode, version 1

Comments

No comments yet.