We are developing an ASPAP WebAPI that is hosted in IIS and authenticated using client certificates using iisClientCertificateMappingAuthentication. In our local development environment, we tested IIS 7-8 and Windows 7-8 / Server 2012, all of which work fine.
We created a demo environment in Azure with a virtual machine running Windows Server 2012 R2 and IIS 8. Using this configuration, we still have to successfully pass the verification of the IIS client certificate, where we successively receive the HTTP 403.16 error.
The service is used by the regular iOS application that we checked, sends the client certificate, which was expected, because my understanding of the error implies that IIS cannot verify the received certificate.
The client certification authority is installed in trusted root certificate authorities and in client authentication stores for the local computer.
Almost all the resources that we can find on this issue are offered here: http://social.technet.microsoft.com/Forums/en-US/fae724e8-628e-45a5-bf39-6e812d8a1a70/40316-problem-in-iss8 -on-mp-in-dmz? forum = configmanagerdeployment
where he suggested adding a registry setting for ClientAuthTrustMode. This did not solve the problem for us; we also did not need to do this for any of our local testing, which used the exact OS and IIS versions.
, - . - , , Azure? , IIS Azure CA Trusted Root. , , , IIS, , , .
- , , ?