Hi Team,
I am facing the below problem:
Requirement :- I have a web service running on IIS 7.5 under mutual SSL and this should purely be used for authentication. I want the client server(s) to be able to use a certificate per visit invoke the web service,
so that I can authentication per visit. I followed the instruction from
http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings.
1) On SSL setting of the "Default Web Site" and virtual directory, I select "Require SSL" and select "Require" under "ClientCertificate", my web serivce response as below:
"HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes."
2) If I changed to "Require SSL" and select "Accept" under "Client Certificate", my web serivce response as Certificate Error , but I can still access to web serivce.
What should I do to allow only client server(s) to access, when I can authenicate my web serivce?
Please Help