Security
Security |
|
Once a user has been granted access, the server examines both the URL and the type of request. It then checks the permissions and the SSL Client Authentication Certificate.
For WWW service, the request can indicate a Read, Write, Execute, or Script action. The applicable WWW virtual directory must have the appropriate permission enabled. Otherwise, the WWW service returns a “403.x: Access Forbidden” error, where “x” represents the type of access attempted.
IIS 5.0 might require a valid client authentication certificate before access to a resource is permitted. If such a certificate is not passed to the server, IIS 5.0 will return a “403.7: Forbidden—client certificate required” error.
Also note that the certificate might not be valid. For example, it could have expired, or the CA that issued the certificate might not be trusted.