What if you need to use PKI (Public Key Infrastructure) certificates and/or Smart Cards (like Common Access Cards, aka CAC)? There are a few ways to do this, depending on how the user certificates need to map to your account store. If you use Active Directory, there are built in ways to map certificates to users and have IIS handle the handshake. Or you can use a third-party system or SSO. This assumes you have a defined user directory and pre-defined certificate mappings.
But what if you need to accept PKI/Smart Cards, but do not have a master user directory (AD, LDAP) of everyone who will attempt to access the site?
- Use a custom ASP.NET Membership provider to accept and read PKI certificates (using IIS)
- Create and login to a NEW account (AD, LDAP, SQL)
- Forward the user to the SharePoint site.
Easy? We shall see.