This project is read-only.

How to Map Certificates with Windows Accounts

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Client certificates are not mapped to Windows accounts by default. Set the mapClientCertificateToWindowsAccount property to true to map certificates to Windows accounts.

Use the following steps to map certificates to Windows accounts:
  1. Select IIS vs Active Directory Mapping.
    1. IIS Mapping is useful if you need only a limited number of mappings or a different mapping on each WCF Service.
    2. Use Active Directory mapping when the account mappings are identical on all IIS servers. Active Directory mapping is easier to maintain than IIS mapping because you only have to create the mapping in one location.
  2. Configure the IIS / Active directory for mapping the certificates.
  3. Once you have enabled the client certificate mapping feature, set the mapClientCertificateToWindowsAccount property to true.
  <behavior name="MyServiceBehaviorForWebHttp">

*       <authentication mapClientCertificateToWindowsAccount="true" />*


Additional Resources

Last edited Jun 13, 2008 at 6:50 PM by prashantbansode, version 1


No comments yet.