IIS 6+ SSL Client Certificates Configuration

Tag: iis , ssl , client-certificates Author: houge1982 Date: 2010-10-24

I started down this path getting smart card authentication working in asp.net mvc in this question: ASP.NET MVC 2 and request client certificate (Smart Card authentication), which is working satisfactorily except the current issues.

Using my local Vista dev box as an example, I have Visual Studio 2008 set up to run the MVC project in the local IIS, http (port 80 default). The site is configured to use the local self-signed certificate and to accept client certificates. The controller action that I use to capture the certificate data, Authorize, is decorated with RequireHttps. This works correctly. I can navigate to the site with any path combination and get routed to Account/LogOn as expected until I validate with my smart card in the Authorize action. Still fine but here are my issues:

  1. Once I'm validated, the browser stays routed to https. I'm looking at adding tapping into the AuthenticateRequest event in my HttpModule (I'm creating a custom Principal from my cart data) to detect when to flip http to https and the other way round as needed.

  2. I discovered that if I navigate to the site with https (a new non-authenticated session), I'm immediately prompted for the client cert, before seeing my logon page. I'd like to always see the logon page first please.

Using IIS Manager in Vista, in SSL settings, I switched the site root to 'Ignore client certificates' and then configured the AccountController.cs file properties to 'Accept Client Certificates'. This then results in no prompt for certificate at the Authorize Action route so apparently it doesn't matter what the site content certificate settings are set to, only the root settings matter? Debugging, the client cert prompt happens before the BeginRequest event in the HttpModule so I apparently can't catch it?

So, is it possible to configure IIS to achieve the desired result, only being prompted for the client certificate from one controller's action method?

Thought I was done with this little project but not quite there....