3

I found this answer on how to use Web.Config to make IIS require SSL client certs for a specific MVC controller but I can't figure out how to make it work if the user visits any other controller first.

The purpose of this requirement is that the client certificate is only used for login to access secured portions of the application. Users who are not logging in should not be prompted for a certificate.

Example: SSL cert required for Auth controller

If the user goes directly to domain.com/Auth they are prompted for a certificate as intended. However, if the user goes to domain.com/Home then clicks Sign On (sending them to the Auth controller) they receive a response of HTTP 403.7 indicating the site requires a client certificate.

Improve this question

1 Answer 1

Reset to default
0

Turned out to be a browser caching issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.