I have written a ISAPI filter. It handles all the request urls and generate
output. None of the urls are mapped to file system.

Now I want anonymous access to most of the urls served by this ISAPI filter.

However for certain urls, I want to enable client certificate based
authentication.

You will have to write your own code in your ISAPI filter to handle this.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"Kshitiz" <Kshitiz [at] discussions.microsoft.com> wrote in message
news:A55C3D3B-58E2-46BA-8AD0-E0D9C6A80E4F [at] microsoft.com...
>I have written a ISAPI filter. It handles all the request urls and generate
> output. None of the urls are mapped to file system.
>
> Now I want anonymous access to most of the urls served by this ISAPI
> filter.
>
> However for certain urls, I want to enable client certificate based
> authentication.

On Aug 27, 11:18 pm, Kshitiz <Kshi... [at] discussions.microsoft.com>
wrote:
> I have written a ISAPI filter. It handles all the request urls and generate
> output. None of the urls are mapped to file system.
>
> Now I want anonymous access to most of the urls served by this ISAPI filter.
>
> However for certain urls, I want to enable client certificate based
> authentication.


Configure IIS to enable SSL and require Client Certificates for those
URLs. If they don't exist as vdirs or physical directories in IIS,
then create IIsWebDirectory and IIsWebFile nodes as appropriate
placeholders for them in the Virtual namespace. Of course, none of
them need to map to the file system

Then, use GetServerVariable() with the various documented server
variable names to read the relevant Client Certificate data and do
your custom authentication/authorization.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Hi David,

Thanks for your inputs. However if you can elaborate more, it will be
helpful. I do not know how to define those URLs. Please provide more input on
that. If you can point to some document that will be great. Please provide
inputs on how to create
IIsWebDirectory and IIsWebFile without mapping them to physical directory.

Also I do not want to hard-code client certificate verification in my code.
I want it to be outside, which can be modified easily as per client
certificate.

Thanks,
Kshitiz

"David Wang" wrote:

> On Aug 27, 11:18 pm, Kshitiz <Kshi... [at] discussions.microsoft.com>
> wrote:
> > I have written a ISAPI filter. It handles all the request urls and generate
> > output. None of the urls are mapped to file system.
> >
> > Now I want anonymous access to most of the urls served by this ISAPI filter.
> >
> > However for certain urls, I want to enable client certificate based
> > authentication.
>
>
> Configure IIS to enable SSL and require Client Certificates for those
> URLs. If they don't exist as vdirs or physical directories in IIS,
> then create IIsWebDirectory and IIsWebFile nodes as appropriate
> placeholders for them in the Virtual namespace. Of course, none of
> them need to map to the file system
>
> Then, use GetServerVariable() with the various documented server
> variable names to read the relevant Client Certificate data and do
> your custom authentication/authorization.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>