Another authentication option available with IIS 4.0 is to assign personal digital certificates to users. You can purchase certificates from Thawte or VeriSign, or you can use Microsoft Certificate Server, which is included on the Microsoft Windows NT 4.0 Option Pack CD-ROM, to issue your own certificates. You can then set IIS up to require the connecting browser to present its certificate, and you can map specific certificates to designated user accounts. IIS can then authenticate the user automatically without having to present a logon dialog box. Using certificates for authentication has the most promise in an intranet environment in which you can control which browsers are in use and enforce rules such as requiring certificates.

This method isn’t widely implemented because it has at least two drawbacks. First, this system isn’t easy to administer. Second, IIS associates the certificate with a particular browser, not a user. Anyone accessing a computer that can access the Web site would be authenticated.