A: To facilitate web server access control management, IIS 6.0 allows administrators to map IIS client certificates to Windows accounts—a feature called certificate mapping. You can use certificate mapping to apply resource permissions defined for Windows accounts to users that authenticated to your IIS web server using an SSL client certificate.
Certificate mapping is still supported in IIS 7.0, but it isn't exposed in the IIS 7.0 GUI. To define certificate mappings, you must edit the IIS 7.0 configuration files, which is a lot of work. Instructions are available at this site.
The good news is that Microsoft recently released a client certificates plug-in for IIS 7.0 that administrators can use to define certificate mappings from the IIS 7.0 management GUI. x86 and x64 versions of the plug-in are available for download.
You can find screenshots and other useful information in this MSDN blog.Related Reading:
- Q. How do I set which certificate to use with IIS 7 HTTPS?
- Q: Does Microsoft IIS 7.0 include a feature to protect an IIS web server from Denial of Service (DoS) attacks? Does Microsoft’s ISA Server 2006 include a similar feature?
- Q: What is the easiest way to set up access control restrictions on the content of our intranet websites that are hosted on an IIS 7.0 web server?
- Q: Do I still need to install the URLscan tool on my Microsoft IIS 7.0 Web server to filter malicious data from incoming HTTP requests?