I want to implement "Client Certificate Mapping Authentication with Active Directory" to provide enterprise security to our planned API.
- I just added a Client Certificate to my test user in the Active Directory.
- Installed the Client Certificate to my client
- Then I installed the Server feature "Client Certificate Mapping Authentication" (NOT IIS).
- Afterwards I enabled the feature in IIS at Server-level under authentication.
- Then a set SSL as required and disabled anonymous authentication.
Sadly its not working :( I can choose my Client Certificate from a list when opening the API but then I get 401.2. Wireshark shows that the Client and the Server are having a handshake but the Server never asks our DC directly or via LDAP for the user of some kind.
What did I have do wrong?
I also tried the request from a Client in the same subnet and without the proxy to avoid firewall and/or proxy issues...
In general SSL is working: When I enable anonymous auth the API is working.
Kind Regards
