Intranet running on IIS 8.5 with only Windows Authentication enabled returns 402.1 and then 403 error

Question

WE've got an ASP.Net MVC application running on an internal server. We are using only Windows Authentication to allow access to portions of the site.
When we set IIS to require an SSL connection (using internally generated cert) we always get a 403 response.

If I turn off the SSL Required switch everything works correctly. But as soon as I turn it on the 403 error is back on.

Is this the way it is suppose to work?
Is there a workaround?
Is it related to the self generated cert?

Updated Info The initial error is a 402.1 error that then gets routed to to 403.14 error message.

please add the 403 sub-code to your question, check the IIS logs for it. — Peter Hahndorf, Oct 28 '17 at 04:18

score 0 · Answer 1 · answered Oct 27 '17 at 21:02

0

Explicitly specify https:// in the address bar, or enable some form of HTTP to HTTPS redirection, preferably through URL REWRITE MODULE for IIS

answered Oct 27 '17 at 21:02

Jonathon Anderson

288
1
3
10

Explicitly using https://myserver/ doesn't work. That is when I get the 403 error. – John S Oct 27 '17 at 21:25
When you required SSL, how did you configure the client certificate portion? – Jonathon Anderson Oct 28 '17 at 23:11
Client Cert was configured to accept any – John S Nov 01 '17 at 16:15
Also tried setting the Client Cert to ignore – John S Nov 01 '17 at 19:23

Intranet running on IIS 8.5 with only Windows Authentication enabled returns 402.1 and then 403 error

1 Answers1