Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 3 down vote favorite

I'm migrating a web app from an IIS 6 server to an IIS 7 server and I'm having some troubles with getting the client's certificate.

The piece of code that I'm using looks like this:

        HttpClientCertificate cert = Request.ClientCertificate;

        if (cert.IsPresent)
        {
            ...
        }

On the IIS 6 server, the cert.IsPresent is always true. However, on the IIS 7 box, it is always false. Both tests were done with IE 8 from the same computer. The only change was the Server URL, so the client should be setup correctly.

I'm not getting any SSL connection errors (I'm accessing the page via https) and I've set the SSL Settings -> Client certificates: to Accept (same as the IIS 6 configuration).

I've gone through and configured the IIS 7 server as closely as I could to the IIS 6 server, but I'm still not getting the cert.

Are there other areas that I need to look at for configuration?

Also, if I set the Client certificates: to Required, I get a 403.7 error on the IIS 7 box. I don't know if that is a symptom, but just in case the information is useful...

share|improve this question

2 Answers

up vote 4 down vote accepted
+50

Basically it boils down to the fact that the client can't provide the client certificate. That's why you get the 403.7 error when you require it. I believe you need this:

http://blogs.msdn.com/b/puneetgupta/archive/2009/08/03/where-is-the-client-certificates-ui-in-iis-7-0.aspx

Please let me know if this helps.

/Daddy

share|improve this answer
Hmmm... I'll take a look and see if this works. I didn't have client cert mapping enabled in IIS 6, I just enabled accept cert and everything worked. Thanks, I'll let you know if this fixes the problem – joe_coolish Jun 21 '11 at 19:04
That got us on the right track! Thank you :) – joe_coolish Jun 23 '11 at 5:26
up vote 2 down vote

I came across this question while looking for more information about how to get certificates in IIS 7 vs. IIS 6. I see that @whosrdaddy's solution worked for the asker. There is something else that I had to hunt down.

One of the differences between IIS 6 and IIS 7 is that IIS 6 has the "Directory Security" tab in each web site's configuration. In order to make the web server request certificates in IIS 7, you must click on the "SSL Settings" feature for the Web Site or Virtual Directory you are configuration to see the "Client certificates:" setting: Ignore, Accept, or Require.

Make sure that this is not set to "Ignore", or else you will never get your certificates to work!

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.