locked
Client certificate authentication skip / continue 403 error RRS feed

  • Question

  • User1606132742 posted

    Dear froum,

    have a working website, protected by SSL certificate authentication (SSL settings: require SSL: accept). Is there a possibility if a user provieds an "unknown" certificate towards ISS to continue to the website? As of now, we get an 403 error.

    Background: many companies have configured which certificate they provide towards the web, so the user has no choice to select the correct certificate. However, the user should be allowed to see some content of the website, even without login / incorrect certificate. The web application does recognize if the correct certificate is available and does then display the full website. Without some parts are invisible.

    So IIS should continue even without a correct certificate. Technically unauthorized access as a user without any certificate.

    Thanks,

    Chris

    Wednesday, June 17, 2020 2:50 PM

All replies

  • User690216013 posted

    However, the user should be allowed to see some content of the website, even without login / incorrect certificate.

    That can be done by redirecting such requests to another site, or a page excluded from authentication, usually via custom error page setting.

    Thursday, June 18, 2020 1:01 AM
  • User-460007017 posted

    Hi ChistophThunheer,

    What's the sub-status code of 403 error did you receive when you access the website? By default accept certificate allow user to pass client certificate to server side. But it won't return 403 without any authentication especially you don't use IIS client certificate authentication.

    You can re-construct your application in AOP authorize level. You may need to use code to verify the certificate and return different authorize users for valid cert and invalid cert. So your server can return different content based on different authorize user.

    If you don't want to do like that, you can also create a website for invalid certificate user to access. Then set 403 status error page  to redirect to this site.

    Best regards,

    Jokies Ding 

    Thursday, June 18, 2020 9:30 AM