Home/ Questions/Q 8622175
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T06:59:14+00:00

Our project(web application C# ASP.NET MVC3 ) is hosted on IIS 7.5 and we

  • 0

Our project(web application C# ASP.NET MVC3) is hosted on IIS 7.5 and we use certificate authentication. So we have SSL-require configured IIS.

Now we have a business task to allow some users to use our system. And there is no way to provide client certificates for them. In that case we need to use some additional authentication model (user-password or ntdomain based).

I don’t know how to realize such model:

  1. User gets on our project url;
  2. If he has valid client certificate – we let him iteract with our application;
  3. If he hasn’t cert we show him a login form with “user-password”;

If we use SSL-required configured IIS users would not be able to iteract with application without valid certificate at all right? And how to authenticate with certificate if IIS is configured with SSL-Accept?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem was not so large as i thought before. IIS provides a check box to require certificate even if combobox(in SSL options of web application) is set to Accept instead of require. In that case IIS tries to get certificate at first. And if there is no cert it lets the user to iteract with application. And we can make custom authentication on that level.

    With MVC (v.3+) there is nice way to use IAuthorizationFilter in that case

    • 0