We're running an ISA 2006 and IIS6. Both on Windows 2003 machines. We've published a Website under an SSL connection.
Is it possible to let the ISA server pass down any client certificates to IIS (and the web application)? We need the client certificates to verify that the user may view the site.
A simple ISA rule that blockes anyone that do not have the certificate is not an option, because in that case we redirect to a login page. Ditching the ISA server is also not an option, because the administrators would kill me.