ISAPI Filter, developed for IIS 6 and Windows 2003, does not work on IIS 7.5...
I have an ISAPI Filter, developed overwriting the "CHttpFilter" class, in particular "OnAuthentication" method, where i replace "auth-> pszUser" and "auth-> pszPassword" to impersonate the user....
View ArticleRestrict all web activity to public web directory
Hello,I'm running a windows server 2008 R2 server with SP1. IIS is version 7.5. While checking my logs I'm seeing many attempts at traversing my web directories. What is the best way to limit all...
View ArticleClik here to view.
AD group authentication
Hello!I have a problemwhen setting upaccessto the FTP server bygroupsActiveDirectory.In theIIS snap-in, I adda dedicated domaingroup to accessFTP.But the membersof this group did notreceivethe...
View ArticleSSL certificate chain validation failed: -6986
HiWe were trying to extablish https connection and we are using 2 SSL certificates in that flow.Hardware Load balancer ->IIS -> Hardware Load balancer -> WeblogicFrom first HLB to IIS port...
View ArticleIIS repeatedly asks for password
Hi all, I have IIS 7.5 on Windows 2008 R2. In IIS I have website and within that website I have two applications. One will take initial requests, authenticate, start application and send request to the...
View ArticleKerberos problems using URL Rewrite
Hi,I have a web service running in IIS on machine A, with Windows Authentication enabled and a specific user authorized - a domain account. I need to call that web service from an ASP.NET website...
View ArticleTrying to add virutal directory with command line
I am able to add the directory but I cannot set the connect as option with the command line. Is there any way to do this?We cannot use pass through authentication and need to set the user to connect as...
View Article403.16 Forbidden in IIS 8.0
Hi all,I am struggling with the code 403.16 Forbidden situation on an IIS 8.0. The additional message i get is:"A Secure Sockets Layer (SSL) client certificate identifies you as a valid user of the...
View Articleasp.net impersonate with windowsidentity
Hi,I have created a new asp.net website. I use SharpSvn dll to connect in Svn (with url).Asp.net website use WindowsAuthentication, that is why i use impersonate to use WindowsIdentity to connect Svn...
View ArticleSQL Connection string
I have an internal SQL server which is accessed by a publicly facing IIS web server. Both the SQL and IIS servers are internal domain member servers, but the IIS server is accessed by both internal and...
View Articlecertutil error
I do not know whether this is right forum. If not, please let me know the right group. We have a mult-odmain certificate created from our company certification authority. This certificate does not have...
View ArticleNeed help in IIS8 application pool
Need help in IIS8 application pool, as i am getting an error message after creating and allocated to site, the same demo site is working in default app pool but not in newly created...
View ArticleHow to increase iis url length to 3MB
Hi,I Got "HTTP Error 414. The request URL is too long. " Error for sending morethan 32766 characters in url . I also change UrlSegmentMaxLength is (32766 in Decimal),MaxRequestBytes is (16777216 in...
View ArticleToken delegation using LOGON32_LOGON_NETWORK_CLEARTEXT
Hi,How safe is it to use LOGON32_LOGON_NETWORK_CLEARTEXT?We have the following scenario:Web server A is using Win32 LogonUser. Then it needs to invoke an asmx method on server B.If the used logon type...
View ArticleSMTP service on IIS 8 looks like vulnerable to STARTTLS command injection
Hello,In 2011 a flaw of STARTTLS was discovered allowing command injection: https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=555316&SearchOrder=4 (technical explanation:...
View ArticleIIS 8 hacked - permission security
Hi,i've web server for host web site.The security follow what is suggest herehttp://www.iis.net/learn/manage/configuring-security/ensure-security-isolation-for-web-sitesOn the folder are setting...
View ArticleMany-to-One IIS mapping not working on IIS 7.5
Hello folks - We have web server in the DMZ that has been configured to use Many-to-One client certificate mappings. I have set the rule on to allow the connection to come through based on the Issuer...
View ArticleWebsite connection timeout after disabling SSL v3.0 and switching to SHA 256
Hi,Our server is Windows Server 2012 with IIS 8.5 and we run several web applications on it.Last week, we disabled SSL v3.0 and implemented Forward Secrecy on our server for the POODLE attack. And we...
View ArticleRuntime Error
Hello,I am creating a new site starting from another site already exitente, I copied all the files, including web.config. When trying to open a page displays the following message in the log and error...
View ArticleSchannel Windows Server 2008 R2 IIS7.5 #Nightmare #Help
Been having issues for a few days now, the server is fully up to date with Windows patches.Using IIS Crypto is enabling TLS 1.0/1.1/1.2 and disabling SSL2/3Removing as suggested by MS...
View Article