Secure ASP.NET MVC application with SSL and client certificate authentication

Question

I\'m looking to secure an ASP.NET MVC application with SSL and client certificate authentication. I\'m using IIS 7.5, Windows Server 2008 R2.

I\'d like to know whether i

Answer 1

So, to answer my own questions.. all of the above can be achieved through the Web.config. The following section of the Web.config requires SSL through the system/access section, and configures many-to-one client certificate mapping. These sections are locked in the applicationHost.config so anyone wishing to edit them in the Web.config will need to unlock them. There are many tutorials on that so I won't go into it.