转载一篇关于结合权限保护和SMARTCARD用户认证的文章

  • Article

Using Smart Cards to Authenticate Clients

Updated: June 1, 2008

If you are using smart cards in your organization to provide additional security and control over user credentials, you can now use those smart cards when obtaining rights account certificates and use licenses from RMS. To configure the RMS root cluster to require client authentication, you need to enable Secure Sockets Layer (SSL) for the Web site on which you provisioned RMS and configure the authentication method in Internet Information Services (IIS). You can use the following steps to perform this task:

To enable smart card authentication on RMS server

  1. Log on to RMS server as local administrator.

  2. Click Start, point to Administrative Tools, and then click Internet Information Services Manager.

  3. Expand the item with the name of a cluster server, right-click the Web site folder, click Properties, and then click the Directory Security tab.

  4. In the Authentication and access control area, click Edit, clear all check boxes, and then click OK.

  5. In the Secure Communications area, click Edit, select the Enable the Windows directory service mapper check box, and then click OK.

  6. Expand the Web site folder, expand the _wmcs virtual directory, and then expand the virtual directory (either Licensing or Certification) for which you want to configure authentication.

    • To configure smart card authentication for licensing, right-click license.asmx, click Properties, and then click the File Security tab.
    • To configure authentication for certification, right-click certification.asmx, click Properties, and then click the File Security tab.

  7. In the Secure Communications area, click Edit to open the Secure Communications dialog box.

  8. Select the Require secure channel (SSL) check box, and then click one of the following:

    • Require client certificates, if you want only clients with client-side certificates such as smart cards to be able to connect to the service.
    • Accept client certificates,if you want clients to have the option to supply authentication credentials using either a smart card certificate or a user name and password.

  9. Select Enable client certificate mapping, and then click OK.

  10. If you want to use client authentication for both certification and licensing, repeat steps 5–8, but select the alternate virtual directory the second time.