Mapping Certificates

Note

The information in this topic is valid only for servers that require client authentication.

 

When a server application requires client authentication, Schannel automatically attempts to map the certificate supplied by the client to a user account.

After the security context has been established, the server application can use the QuerySecurityContextToken function to obtain an access token for the user account to which the client certificate was mapped. Also, the server can use the ImpersonateSecurityContext function to impersonate the client.

For more information on authentication, see Performing Authentication Using Schannel.