So, to answer my own questions .. all of the above can be achieved using Web.config. The next section of Web.config requires SSL through the System / Access section and configures one-to-two client certificate mapping. These sections are locked in applicationHost.config, so anyone who wants to edit them in Web.config will need to unlock them. There are many tutorials on this, so I wonβt go into it.
<security> <access sslFlags="Ssl, SslNegotiateCert" /> <authentication> <anonymousAuthentication enabled="false" /> <iisClientCertificateMappingAuthentication enabled="true" manyToOneCertificateMappingsEnabled="true"> <manyToOneMappings> <add name="Authentication Certificate" enabled="true" permissionMode="Allow" userName="foo" password="bar"> <rules> <add certificateField="Issuer" certificateSubField="CN" matchCriteria="*.stackoverflow.com" compareCaseSensitive="false" /> </rules> </add> </manyToOneMappings> </iisClientCertificateMappingAuthentication> </authentication> </security>
Stupid idiot
source share