ASP.NET Request.ClientCertificate returning empty on IIS 7

Question

I'm migrating a web app from an IIS 6 server to an IIS 7 server and I'm having some troubles with getting the client's certificate.

The piece of code that I'm using looks like this:

        HttpClientCertificate cert = Request.ClientCertificate;

        if (cert.IsPresent)
        {
            ...
        }

On the IIS 6 server, the cert.IsPresent is always true. However, on the IIS 7 box, it is always false. Both tests were done with IE 8 from the same computer. The only change was the Server URL, so the client should be setup correctly.

I'm not getting any SSL connection errors (I'm accessing the page via https) and I've set the SSL Settings -> Client certificates: to Accept (same as the IIS 6 configuration).

I've gone through and configured the IIS 7 server as closely as I could to the IIS 6 server, but I'm still not getting the cert.

Are there other areas that I need to look at for configuration?

Also, if I set the Client certificates: to Required, I get a 403.7 error on the IIS 7 box. I don't know if that is a symptom, but just in case the information is useful...

Answer 1

Basically it boils down to the fact that the client can't provide the client certificate. That's why you get the 403.7 error when you require it. I believe you need this:

http://blogs.msdn.com/b/puneetgupta/archive/2009/08/03/where-is-the-client-certificates-ui-in-iis-7-0.aspx

Please let me know if this helps.