I found this answer on how to use Web.Config to make IIS require SSL client certs for a specific MVC controller but I can't figure out how to make it work if the user visits any other controller first.
The purpose of this requirement is that the client certificate is only used for login to access secured portions of the application. Users who are not logging in should not be prompted for a certificate.
Example: SSL cert required for Auth controller
If the user goes directly to domain.com/Auth they are prompted for a certificate as intended. However, if the user goes to domain.com/Home then clicks Sign On (sending them to the Auth controller) they receive a response of HTTP 403.7 indicating the site requires a client certificate.
答案 0 :(得分:0)
原来是一个浏览器缓存问题。