I have a WCF client application hitting a WCF web service running under IIS 7.5 on Windows 2008 Server R2. I have a "client" certificate on the client machine, and a "server" certificate on the server machine. I have successfully configured IIS and the client app to use straight "1-way" SSL. However, I am not able to get "2-way" SSL (SSL w/Client Certificate REQUIRED) to work.
I have taken the client certificate, exported as Base-64, formatted the resulting text string, and added that in as an entry under IIS Client Certificate Mapping on the IIS server. I've tied this to a Windows user, and given that user access to the folder where the web service runs from. I have done all of this configuration at the site level under IIS Manager.
The problem shows up when I DISABLE anonymous authentication. If I do this, then IIS gives me a return code of 500 and an accompanying error telling me I must enable anonymous authentication. This is not what I want. If I RE-ENABLE anonymous authentication, then any client using a valid client certificate is able to make the web service call. I want to limit the ability to call the service only to those clients that present a client certificate that I have mapped to the Windows user.
Has anyone else come across this?
Thanks!
Brian
