How do I prevent AspxSpy?
AspxSpy : http://code.google.com/p/aspxspy/downloads/list Server : Windows 2008 Sp : Service Pack 2 Hotfix : All installed IIS : All sites different user and different application pool
View ArticleIIS 8 Eventlog access when running website from UNC path
Hi,I have a strange problem with my IIS 8/.NET 4.0 website on windows server 2012 R2 when run from an UNC path (\\fileserver\wwwroot\site). I cannot log errors in the eventlog. I get following...
View ArticleIIS Security Hole Aspx and Php - Summation of 2 post
Hisome days ago i wrote this postIIS 8 Hacket permission security http://forums.iis.net/t/1219136.aspx?IIS+8+hacked+permission+securitytoday i read about other issues and find this How i do prevent...
View ArticleuseAppPoolCredentials =true
Hello,IIS below are enabled UseKernelMode, useAppPoolCredentials , authPersistNonNTLM to True. MY ASP.Net WEB API interacts with Data service and also Other WEB API (Dual Hop) Kerberos Constrained...
View ArticleSecurity: Application Pool Identities and sql server remote connections
We are suing the latest Windows Server versions, latest IIS and latest SQL server versions. For security reasons IIS and Sql Server run on separate machines, all domain joined.This following article...
View ArticleIIS 8 server 2012 error when trying to show a page that contains an MS Chart
Hello I am getting this error when trying to display a page that contains a chart. I do not see an asp.net or IUSR_MACHINENAME account when granting permissions. Is it called something else in IIS 8...
View ArticleIIS URL Authentication
I'm trying to add some security to a legacy application. This application works by taking in a query string such as "?document=book1" and showing the content of "book1". Most of the documents don't...
View ArticleIIS 7.5 Detailed Error - 401.3 - Unauthorized
when I try to view my asp file , the browser show message below:HTTP Error 401.3 - UnauthorizedYou do not have permission to view this directory or page because of the access control list (ACL)...
View ArticleDetailed Error messages not being displayed
Someone made changes to IIS to allow web site users to turn the sending of detailed error messages on and off from a web.config file. Unfortunately now none of the sites will send detailed error...
View Article403 - Forbidden: Access is denied
I have setup a FTP site in iis on my 2008 r2 server.The ftp works fine with permission, I use Anonymous Authentication with an account specified. Basic Authentication is also activated with a domain...
View ArticleCommon parent identity for Application Pool identities
The IIS runs several application pool. Each pool uses its own Application Pool identity. Each time a script sents an e-mail, a new line appears in a log file. Preferably all the pools should share a...
View ArticleHow to output claim-based authentication userID to IIS log(cs-username)
Hi experts, I am investigating how to output the authenticated userID to IIS log(cs-username)when using the type of claim-based authentication. We are trying the following two ways, but both of them do...
View ArticleCertificate for an IIS machine on the Intranet/Internal
In a big giant government agency. Trying to do (a bit rouge) HTTPS from a local machine (Win 7) with the IIS ... like a prototype/demo. Totally internal, totally "localhost or machine name" .... no...
View ArticleCentralized certificate store not recognizing new certificates
Hello,I have a central ssl store with a password.All my certificates are listed in IIS with all details. However, I have added a couple of new certificates to this store but they display in IIS with a...
View ArticleIIS 7.5 / ASP.net 4.5 - Windows authentication works 50%
Hi,I'm writing a small application which should facilitate helpdesk tasks - user creation for instance is part of that.I'm facing a strange issue with windows authentication. When I'm starting the...
View Articlerequere(not require) client certificate for site
Hi freinds!I have one site and several https binding on it by 443 port with different sertificates. I need to Requere Ssl + Requere client sertificate on one binding, but at same time another https...
View ArticleKerberos, SPNs, Kernel Mode and LoadBalanced IIS 8.5 Server Setup
Hi, I have 2 IIS 8.5 Web Servers. These host multiple WebApplications by using HostName Binding. I have them behind a loadbalancer. Each site has a Unique SiteName.I use Windows Authentication, since I...
View ArticleMicrosoft DNS Server. Suppress Server Failure Packets.
Hi, Is there a way to stop Microsoft DNS Server from replying to requests it is not authoritative for? With recursion disabled and root hints removed it still sends out Server Failure packets. Thank you.
View ArticleHow to set up .cer files in IIS Centeral certificate store?
I am trying to configure my SSL certificates in IIS 8.5 CCS.My CA gave me a bunch of .cer files for each of the domains, i requested for.These are brand new sites, i need to set up.How do i go about...
View ArticleIIS Authorization Rule Disappeared - 401's on page
I have a site setup with an application within it. To restrict access to the application I added an Authorization Rule to deny anonymous access. After testing I went back to the server to remove the...
View Article