question

olivierrabache-8771 avatar image
0 Votes"
olivierrabache-8771 asked ElevenYu-MSFT answered

Use smart card with rdweb access

hi

it s possible to use a smart card (piv yubikey) to connect rdweb like rdp.

thank you
br

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElevenYu-MSFT avatar image
0 Votes"
ElevenYu-MSFT answered

Hi,

Please check if below two possible solutions work for you.

  1. Choose Logon method as Smart Card Authentication under deployment properties-->RD Gateway
    34925-image.png

    Meanwhile, please ensure that Smart Card redirection in session host isn't disabled.
    Computer Configuration >> Administrative Templates >> Windows Components >> Remote desktop service>> Remote desktop session host>> Device and
    Resource redirection
    - Do not allow smart card redirection.

  2. Open the IIS manager MMC on the server hosting RDWeb>under connections in the left pane go to sites>Default web site>RDweb>Pages>Application Settings>
    use GatewayCredentialsSource to configure the authentication method
    options:
    0 = Ask for password (NTLM)
    1 = Smart card
    4 = Allow user to select later

    34828-image.png

Thanks,
Eleven


If the Answer is helpful, please click "Accept Answer" and upvote it.




image.png (68.2 KiB)
image.png (99.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

olivierrabache-8771 avatar image
0 Votes"
olivierrabache-8771 answered ElevenYu-MSFT commented

Hello,
thank you for the answer but I misspoke.
it is the authentication on the web page where I would like to have the smart card or mfa without third party software.

thank you

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Above solutions should let the authentication on the web page to use smart card instead of username/password.

Is that what you need? If not, could you please share screenshots to show what exactly you want?

Thanks,
Eleven

0 Votes 0 ·
olivierrabache-8771 avatar image
0 Votes"
olivierrabache-8771 answered

35358-web.png



web.png (134.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElevenYu-MSFT avatar image
0 Votes"
ElevenYu-MSFT answered

Hi,

Thanks for your reply. Understand your requirement now.

Unfortunatelty, there is no such configuration to let use smart card to logon to the RD Web access page. But after your sign in, you can use smart card for authentication to open remoteapp on the web page by above 2 provided configurations.

In that case, we suggest that that you could post your requirement to Remote Desktop UserVoice so that others can vote for it. Hope the feature can be released in the future.
https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services

Thanks,
Eleven


If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.