stackoom
  简体   繁体   中英

Client Certificate Authentication on Windows Server 2012/IIS8 in Microsoft Azure receives HTTP 403.16

 原文  2014-04-17 20:44:16       iis/ azure/ asp.net-web-api/ windows-server-2012/ client-certificates

Question

We are developing an ASP.NET WebAPI that is hosted in IIS and authenticates using client certificates with iisClientCertificateMappingAuthentication. In our on-premises development environment we have tested IIS 7-8 and Windows 7-8/Server 2012, all of which work fine.

We have set up a demo environment in Azure with a VM running Windows Server 2012 R2 and IIS 8. Using this configuration we have yet to successfully pass through IIS client certificate validation, where we consistently receive an HTTP 403.16 error.

The service is consumed by a custom iOS app that we have verified is sending the client certificate, which was expected since my understanding of the error implies IIS is unable to validate the certificate that it received.

The Client Certificate Authority is installed in the Trusted Root Certification Authorities and the Client Authentication Issuers stores for the Local Computer.

Pretty much all of the resources we can find on this issue propose the solution here: http://social.technet.microsoft.com/Forums/en-US/fae724e8-628e-45a5-bf39-6e812d8a1a70/40316-problem-in-iss8-on-mp-in-dmz?forum=configmanagerdeployment where it's suggested we add a registry setting for ClientAuthTrustMode. This has not resolved the issue for us; we also did not need to do it for any of our local testing which involved the exact same OS and IIS versions.

We've spent days on this with no progress and were hoping someone may have some insight into this issue. Is there any default configuration that we have yet to come across to enable this form of authentication for VMs in Azure? It seems as though IIS on a VM in Azure is unable to actually validate against the CA in Trusted Root. One idea I had was that perhaps the certificate is being stripped from the request before it's routed to IIS, but again, that seems unlikely given my understanding of the error code.

Has anyone gotten a setup like this to work?

1 answers

solution1
 0  2014-09-22 12:22:50

我发生在这篇知识库文章上,也许它可以帮助你http://support.microsoft.com/kb/2802568

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP error 403.16 - client certificate trust issue logstash for Windows Server 2012 / IIS8 access logs Deploying React App on IIS8 Windows server (Azure VM) Deploying Website with Microsoft Windows Server 2012 (iis) Kerberos Authentication in IIS 7 Windows Server 2012 DoD CAC Authentication - Client Certificate Issue with .NET C#, Windows Server 2008 R2, IIS 7.5 create a self signed certificate in iis in windows server 2012 R2 Client Certificate Authentication between IIS reverse proxy and origin server configuring a Windows Server 2012 VM using IIS to call Azure IIS Manager on Windows SERVER 2012
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM