I want to enable certificate based authentication on my Windows 2012 Server. I see two different types of authentication possible:
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
What are the differences between those two authentication types?
The only difference I could find is that the IIS Client one enables one-to-many certificate authentication
Best Answer
"Client Certificate Mapping Authentication" is intended for use with Active Directory.
Imagine a scenario in which you've deployed User Authentication certificates using AD CS and configured the Certificate Template to allow Active Directory storage. Now you can employ "non-IIS" Client Certificate Mapping Authentication on an AD member server with IIS installed, and have IIS automatically map the certificate to a user by querying Active Directory
"IIS Client Certificate Mapping Authentication" is intended for non-AD CS certificates and standalone servers.
Since Active Directory will not be used to map certificates to users in this scenario, you'll need to define the mappings in the configuration files, either as one-to-one mappings or many-to-one mappings.