ApplicationPoolIdentity - File Permissions
Morning all,I was following this article - http://www.iis.net/learn/manage/configuring-security/application-pool-identities attempting to grant permissions to my app pool identity in the file system...
View ArticleServer unable to send a response to the URLs with sql commands "pg_sleep(1)"...
In our security testing we are injecting sql commands "pg_sleep(1)" & "case when cast" to the web URL's, the expected behaviour is to redirect the users to the home page, but unfortunately it is...
View Articleforms authentication powershell script
<div>I'm trying to use powershell to set feature delegation for Forms authentication, Window authentication and anonymous authentication. i've got the Windows and Anonymous figured out , but...
View ArticleUsers receiving other's credentials with integrated windows authentication
Hello,I'm experiencing a very puzzling issue with integrated windows authentication. It appears that if two users access the site at around the same time, it becomes possible for the second user to get...
View ArticleNot able to access website
I have a web application running off of another port than the standard 80 port. When I to access if from a remote machine, it gives me a generic not authorized message. But when I launch the website...
View Articlehttps and http
Hi, https soap calls to IIS server only work when http and https bindings are enabled. And Require SSL is turned on. Once http binding is removed, soap calls fail. Could this be a limitation to app,...
View Article"IIS APPPOOL\ASP.NET v4.0 Classic" account not able to access...
I was looking for something using Process Monitor and came across these:9:18:50.7032220 AM0.0000217w3wp.exeRegOpenKeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerflibACCESS DENIEDDesired...
View ArticleProtect files from downloading
Hello,first of all I hope I choosed good section for my problem, secondly I'm totaly new in IIS.So my problem is that I have stream server, there are only videos. Then there is my page, where I stream...
View ArticleServer Hardening breaks APPCMD?
At my job, I am taking on the role of doing .NET build & deploys. I did that at a previous job where the servers were Win2003 and my new boxes are Win2008R2SP1 but the new corporate standard has...
View ArticleDynamic IP Restrictions by filetype
HelloDynamic IP Restrictions initially seemed like it would solve a problem that I have been plauged with for years, but seems to work as a blanket rule across a whole website, and I am struggling to...
View ArticleWhy not join the IIS to the domain?
I wanted to use Active Directory Mapping (Users have a one to one mapping with a corresponding client certificate in the AD) because the web app will be accessible only to users with smart cards that...
View ArticleIIS8 Win2K12 Certificate authentication not sending the client trusted CA list
Hi,I have an IIS site on Windows 2012 with smart card authentication configured and it is working with a number of different clients. However with one paticular client the authentication is failing and...
View ArticleIIS Manager won't create user profile
Hello to everyone,I am suspicious that after installing PHP 5.4 on IIS 8.5 / Windows 8 (via MS Web Platform Installer), IIS manager gave up creating user profile when I create a new site. Before this,...
View ArticleIIS 7.5 Application Pool Identity service account generates millions of...
<div class="post-text" itemprop="description">I have a load balanced pool of 10 IIS 7.5 servers hosting 3 services. These services run under a single application pool - the identity is set to run...
View ArticleMitigating Host Header Attacks in IIS and ASP
I am researching the mitigation of Host Header Attacks in IIS and ASP. In this article written by James Kettle; there are several solutions for servers using Apache and PHP. I however am looking for...
View ArticleDo I need to use Create Certificate Request for setting up SSL, or can I...
Hello,I have not yet learned to use IIS in depth other than what was required to set things up for a Team Foundation Server application. That is working fine, but I need to convert my TFS system to...
View Article401 error 5 minutes into long-running request
Running ASP.NET MVC 4 with HTTPS under IIS 7.5. GET request works fine as long as server completes request within 5 minutes. For longer requests, however, IIS appears to be sending 401.2 at EXACTLY...
View Articleasmx Web Service connecting to provider - SSL/TLS error
Hello!I have written a asmx web service in Visual Studio 2013. The WS is connecting to a provider using HTTPS and X.509 for authentication.I have tried connecting using "basicHttpBinding" and...
View ArticleFTP access without ip restriction
Right now i can only access ftp if i set allow rule for my ip in iis 8. But i would like to access without restrictions (so all have access). But when i remove the allow i get: 530 User cannot log in,...
View ArticleParallels Plesk Panel 11.5 on IIS 8 is getting 500 error after i changed its...
I'm using Parallels Plesk 11.5 on my Windows Server 2012 with IIS 8 and by mistake i just changed its Advance Pool Settings that cause 500 error on my Parallels Panel and not opening my Panel, causing...
View Article