Securing asp.net mvc area with client certificate

Question

I have some troubles with configuring requesting for client certificate to protect mvc area. I can easily configure this for whole application, but is it possible to do this only for one area (admin for example) ?

Answer 1

So, the easiest way to achieve this, is to create a folder named as your area and set required SSL settings on this folder using IIS Manager. Then you can delete this folder. IIS Manager will set required settings in applicationHost.config file. Or you can manually edit applicationHost.config.

Here is the applicationHost.config manual.

Answer 2

You can add SSL requirements to specific controllers by adding [RequireHttps] at the top of the controller like so:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Net.Http;
using System.Dynamic;

namespace com.yourdomain.Controllers
{
    [RequireHttps]
    public class SomeController: Controller
    {
       //some logic here
    }

}

In your case this would be something like your admin controller