Is Kerberos delegation possible with clientCertificateMappingAuthentication enabled? Can anybody confirm or deny that it works?
I've found an old post reporting a very similar problem to what I'm having right now. But it's not clear if the problem has a resolution or this is an unsupported configuration.
We recently migrated a couple of our MVC apps to SSO using ADFS with basically the following approach: https://www.cloudriven.fi/en/cloud-9-en/how-to-implement-sso-for-asp-net-mvc-application-with-adfs/ I've noticed sometimes when the browser attempts to access a static file, I get a 401.2 error and the app reverts to NTLM negotiation. This is okay on our network as the users are logged in and it only seems to happen with a handful of files, however for remote access, this seems to happen for all files and users have to enter their credentials, sometimes several times. We have another application on another server configured the exact same way with no problems. Has anyone come across this behavior?
Here is the trace: https://1drv.ms/u/s!AquuuuC3yZ55hkLix_TCaVVblSL8
And the xsl file if anyone needs it: https://1drv.ms/u/s!AquuuuC3yZ55hkNbh3qHdRijQXGy
I have this same configuration running on IIS6 with no problems. This problem is only occurring on IIS7. I also noticed a really odd behavior where if I grant read access to everyone for a folder where I am getting 401 errors, then I'll get 401.2 errors for files in another folder that previously had no issue.
I have done this before but can't seem to get my new web site working on my test server.
This is a subsite. So... https://mysite.com/subsite Other subsites work just fine but this new one is giving me issues. Web.config
<authentication mode="Forms"><forms defaultUrl="Default.aspx" loginUrl="PKILogin.aspx" timeout="2880" /> </authentication> <authorization><deny users="?" /></authorization>
If I comment out the deny users = "?" then I can load the PKILogin.aspx page without any issues. But of course this doesn't force the user to hit the login page if the have a bookmark deeper in my website.
Any ideas?
Sorry if this is in the wrong section, I assume based on the logs I have a permissions issue.
My objective is to use WebDav as a backup location with Symantec System Recovery. I currently am able to browse via File Explorer without any issues but there is something missing I think that Symantec wants
Here is the log, if you can offer any insight that would be amazing, thanks you.
019-01-09 21:48:39 10.10.0.220 GET /webdav/wcheung/desktop.ini - 443 ocnet\wcheung 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 304 0 0 46
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 15
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 21:51:52 10.10.0.220 PROPFIND /webdav - 443 - 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 401 0 5 0
2019-01-09 22:00:07 10.10.0.220 PROPFIND /webdav/wcheung/desktop.ini - 443 ocnet\wcheung 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 46
2019-01-09 22:00:07 10.10.0.220 GET /webdav/wcheung/desktop.ini - 443 ocnet\wcheung 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 304 0 0 46
2019-01-09 22:00:08 10.10.0.220 PROPFIND / - 443 ocnet\wcheung 10.3.0.3 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 46
2019-01-09 22:00:24 10.10.0.220 PROPFIND /webdav/wcheung - 443 OCNET\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 62
2019-01-09 22:00:39 10.10.0.220 PROPFIND / - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 15
2019-01-09 22:00:39 10.10.0.220 PROPFIND /webdav - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 31
2019-01-09 22:00:39 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 404 0 2 31
2019-01-09 22:00:39 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_C_Drive001.v2i - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 404 0 2 15
2019-01-09 22:00:39 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i.tmp - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 31
2019-01-09 22:00:44 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_C_Drive001.v2i.tmp - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 404 0 2 93
2019-01-09 22:01:29 10.10.0.220 PROPFIND /webdav/wcheung - 443 ocnet\wcheung 78.94.153.27 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 78
2019-01-09 22:01:29 10.10.0.220 PROPFIND /webdav/wcheung - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 46
2019-01-09 22:01:29 10.10.0.220 PROPFIND /webdav/wcheung - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 15
2019-01-09 22:01:29 10.10.0.220 PROPPATCH /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i.tmp - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 423 1 0 31
2019-01-09 22:01:29 10.10.0.220 PROPPATCH /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i.tmp - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 423 1 0 46
2019-01-09 22:01:29 10.10.0.220 PROPFIND /webdav/wcheung - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 207 0 0 31
2019-01-09 22:01:34 10.10.0.220 DELETE /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i.tmp - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 423 1 0 78
2019-01-09 22:01:34 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_SYSTEM_DRV0-1_Drive001.v2i_s01.tmp - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 404 0 2 15
2019-01-09 22:01:34 10.10.0.220 PROPFIND /webdav/wcheung/ITAdmin-X1-LPT_C_Drive001.v2i_s01.tmp - 443 ocnet\wcheung 74.81.115.24 Microsoft-WebDAV-MiniRedir/10.0.17134 - 404 0 2 15
Hi All: Perplexing issue here. I have a directory structure like:
root
well-known
otherdirectory
and in IIS i have a website set up with the root pointing at root with multiple hostheaders:
web1.website.com :80
web2.website.com :80
I set up a virtual directory in iis:
.well-known --> well-known
If I place a file like "me.txt" in the well-known directory, I can view it in a browser using:
http:..web2.website.com/.well-known/me.txt
but I get a 404 error if I try to view the file at the URL:
http:..web1.website.com/.well-known/me.txt
why would it work for one binding but not the other?
There is no web.config in root, and ASP and parent-paths is enabled
I'd like to manage a IIS server remotely with the IIS Manager. When selecting "Connect to Server" I get prompted for user name and password, which works fine, however I'd like to use a smart card here instead.
Is this at all possible? Should I be looking at the "Client Certificate Mapping Authentication" or is that only for websites, not IIS Manager?
Thanks.
Using IIS on Windows 2012:
I have a classic ASP site. All the pages within the site are .asp files, but I have a few that are HTML in a Virtual Directory and do not have any ASP code in them to prevent access to them. Anyone can access these HTML files without logging into the site. Is there a way to use IIS Security to prevent access to these HTML files but still allow the users that are logged into the ASP session to access them? I have tried removing Authorized Users from the permissions, I have tried using the URL Authentication to DENY ANONYMOUS . I have tried putting Application Pool permissions access only on the directory. No luck. Please help!
Hi,
I have a need to force a site to transmit cookies over SSL only. I tried editing the web.config file for the site by adding
<httpCookies requireSSL="true" />
as I had read in some posts. However this just broke the site.
What do I need to do?
Thanks
Hi, how to add the HSTS header in IIS for a web application this is optional response header that can be
configured on the server to instruct the browser to only communicate via HTTPS.
Hi, I wanted to check if it is possible for a web application to support both Claims-based Authentication and Windows Authentication i.e. if Windows Auth fails then the web application falls back to Claims-Based authentication?
Hi everyone,
I having un problem with authentication integration. My principal Website is the Default Web works without Bind. Below the Default WebSite, there is many virtual directory and application The sites open bacause the DNS request. When i add the Binds for Http and Https the applications below default web site (I.E mywebsite.com/XYZ) application XYZ stop authentication. I followed many steps about create spn for http for the website (mywebsite.com) for using machine account and domain user accout. But i dont have success. you have any ideais about what happening? The principal site (myswebsite.com) works fine
The message erro from xml failed request tracing rules is:
ModuleName WindowsAuthenticationModule
Notification 2
HttpStatus 401
HttpReason Unauthorized
HttpSubStatus 1
ErrorCode 3221225581
ConfigExceptionInfo Notification AUTHENTICATE_REQUEST
Dear Team,
In our organisation,we have disabled all weak protocols in server 2012 R2 and we have the following issues now.
1.Our Internal application running on IIS 8.5 having login issues.
ex:-we have installed the application core part in different server and from there we have the console where we can see our Jobs information which is configured on IIS.
before we disable the weak protocols no issues,console page working in without enter the username and password it will redirect to the home page.
we investigated that,if we skip below registry key we are able to access the console page without issues.
we are suspecting that is thre something we could chnage some settings in IIS server.
I really would need someone help if there is any alternate fix for this SHA key.
Thank you for your help.
Regards,
Jaya
Hi I have a dotnetcore 2.2 application I am trying to deploy to IIS 8.5
It uses Windows Authentication
My IIS settings are:
Authentication:
Anonymous Authentication Disabled
Basic Authentication Disabled
Digest Authentication Disabled
Windows Authentication Enabled
Application Pool
.NET LCR Version: No Managed Code
Managed pipeline mode: Integrated
Identity: ApplicationPoolIdentity
Load User Profile: true
When I run the app I get HTTP 500 Internal Server Error
If I use the same settings above except:
change Application Pool Identity to: Custom Account and
enter my Windows credentials
it works but I need it to pick up the Windows logged in user.
web.config file:
<configuration>
<!--
Configure your application settings in appsettings.json. Learn more at http://go.microsoft.com/fwlink/?LinkId=786380
-->
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\WebIM.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
</environmentVariables>
</aspNetCore>
</system.webServer>
<system.web>
<globalization uiCulture="en-AU" culture="en-AU" />
<authentication mode="Windows" />
</system.web>
</configuration>
Can anyone help out here?
Much appreciated,
Kathleen
As per organization policy, Software should be installed by IT team only so in order to implement this, We have disabled the Admin rights to All users everything is working fine except the .net developers, they have to work VS and IIS.
IIS would work only when users are provided with Admin rights.
How can i resolve this situation without providing local admin / special privileges to developers.
Hello,
I am trying to add a new AD account of type "Managed Service Accounts" into IIS Web Service Client Certificate Validation using the "IIS Client Certificate Mapping Authentication" One-to-one implementation from Configuration Editor (system.webServer/security/authentication/iisClientCertificateMappingAuthentication).
I successfully added another simple account that has username/password, but when trying to add the MSA account, I am getting a communication 401 Unauthorised error when communicating with the Web Service.
Does IIS support using MSA accounts in "IIS Client Certificate Mapping Authentication One-to-one implementation"?.
Hello,
Hopefully this is posted in the right spot. We are having trouble with a 2 way SSL setup with our customer. We pinned the problem down to our application pool user and the certificate on our end. So here's the issue: From the tracing our customer and us did, we found out that the 2 way ssl process we have setup works up to the point at the end where we have to send our cert over to them. That's the problem, it is not sending our cert over to them. All of our application pools use a domain service account to talk back to our sql backend. This is how we had it setup during testing. We decided to remove that domain user and just use local system as the user for it, and it was then able to complete the 2 way ssl process successfully. The only issue is that now it couldn't talk to the sql backed because we removed that user.
So my issue is how to retain that domain service user and have it pass on the cert stuff the other side needs. What I have tried to fix this issue is two things. First I logged on with the domain service account user and installed the cert under it (I also made that service user a local admin on the machine). I also tried to take our cert under the computer account and gave full control security permissions to the domain service account, IIS_IUSRS, and even Everyone, by changing "manage private keys for it. Both of these attempts did not fix the issue.
So how can I get our domain service account to grab this cert and send it over to the client? Any help would be much appreciated.
Thanks
Hi,
There is a change on the client to limit SSL connection to use only use TLS1.1 or TLS1.2 protocol.
After the change, the client is unable to connect to the server via HTTPS. HTTP connection is still working fine.
The event view at the client is showing "A fatal error occurred while creating a SSL client credential. Internal Error 10013".
Anybody encountered the same issue? Can someone direct me to a solution? Thanks.
Also i am not sure why the error is showing fatal error creating SSL client instead of TLS client since SSL is disabled at both client and server.
Client Terminal: Windows 10 Enterprise 2015
Server OS: Windows Server 2012 R2 standard
IIS version: 8.5
Client Registry and Server Registry excerpts is appended below. Thanks in advance.
Dennis
==Client Registry==
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
==Server Registry ==
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
Hi,
I have created a simple website in IIS, just a index.htm file. I can browse the page locally usinghttp://localhost but when I try and view the same page anywhere else on the network I get the following message:
"You do not have permission to view this directory or page"
Looking in the IIS logs I get the following error
2019-02-15 10:23:10 192.168.0.10 GET / - 80 - 192.168.0.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:65.0)+Gecko/20100101+Firefox/65.0 - 403 2 5 48
I am running as IUSR, and appear to have the following permissions at various steps:
c:\ [IUSR:(RX)]
c:\inetpub [IUSR:(RX)]
c:\inetpub\wwwroot [IUSR:(RX)]
c:\inetpub\wwwroot\index.htm [IUSR:(RX)]
Any ideas what the problem is?
Thanks
Is there a way in IIS of customizing the 301,302 response body?
For example when you access the site without a document name the server responds with a 301 Moved Permanently. Unfortunately it also includes the response content:
<head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="http://example.com/example/">here</a>
</body>
Where the host above (example.com) seems to be taken from the request header Host: example.com. So even though the this site actually blocks forged headers (through code) the redirect (to an error page) includes the above (with a 302) and would include any forged header. A 3rd party that provides pen testing lists this as a security vulnerability (which I concur) but I don't seem to have any control over this in IIS.
We have few web server and all are working fine
but newly created server with same web application having some issue with google chrome while authenticating
We have added out site into trusted-sites in IE settings and IE works fine but google chrome keep asking credential not able to find out solution for the same.