Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2
Hi All,I have tested some websites with www.ssllab.com that are running on my Windows 2008 R2 servers IIS.There are all failing and in my opinion they are failing big. Therefore I started investigating...
View Articlehow to block all requests from URLs with MSDOS device name using isapi filter?
I recently had an audit report on my windows server 2008 r2 and it failed with the error: Microsoft asp.net ms-dos device name DoS www (443/tcp) I checked the related threads here but I am not able to...
View ArticleSecure WCF sercice on IIS with SSL and tocken
Hi, I want to secure my WCF service on IIS with SSL and Token with my apps. On the sevice side everithing seem good. When I connect to my sevice with my apps on the same computer (service and apps)...
View ArticleUpgrade to Diffie Hellman 2048bits in IIS7
Hi,On checking my website with ssllabs.com, I get warningDH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAKI'm running Windows 2008 R2 and IIS7. How can I make it to DH 2048?
View Articlebasic authentication only works localy
Hello,I've been using Basic Authentication for many years now (now on IIS8) to secure folders within a website. From today this function is corrupted it seems....When trying to connect to a subfolder...
View ArticleHow to secure the application pages in SharePoint 2013 with Claims...
I want to secure the application pages in SharePoint 2013 with Claims authentication, it does not seem to be working with AD Groups <location path="_layouts/15/settings">...
View ArticleBasic Authentication does not prompt for user credentials - IIS 8.5 shared...
HelloI am an IIS veteran and have been using this technique for many years to require a user to enter credentials before gaining access to content.For some reason however, on this particular IIS 8.5...
View ArticleIIS Log question
Hi,I'm using IIS 8.5 on server 2012.I just saw in my website log the following raw:2015-05-24 07:41:43 "My.Server.Ip" GET / - 80 - 61.240.144.65...
View ArticleError when accessing Active directory - Asp.Net web application
Hi All,I'm trying to pull user details/validating credentials against active directory and getting the below error when i run the code in Web application and i'm good with console application.I've...
View ArticleIIS 8.5 Error 404.7 Request Filtering
Hello, I have unchecked allow unlisted file name extensions and Added some file name extensions to allow list. Still I get 404.7 error while loading the website. I want to know which particular file...
View Article2008R2 SSL ERR_CONNECTION_REFUSED
Howdy!I've done a lot of searching and none of the solutions as to why https won't work on my site solve the problem.I'm running Windows Server 2008 R2 with two websites, both of which work fine over...
View Articlewwwroot file/folder permissions
I have a question on the permissions for the root hosting folders and any sub-folders/files. The main "users" account has two sets of permissions. One for the "Users" account directly which are "read...
View ArticleAuthenticate users AND allow IP at the same time.
Hi! I need to authenticate users to my URL and allso allow computers access if they have a certain IP and then skip user authentication on IIS 7.5 (windows 2008 R2)I have enabled Windows Authentication...
View ArticleIIS, Windows Auth. - Change Password at Next Logon
Does IIS return a 401 if the Change Password at Next Logon is checked for a user? This old forum post suggested it.http://forums.iis.net/t/1191719.aspxHow can I prompt users to change their password...
View ArticleVirtual Directory IP Security
Hi,I am trying to script up the creation of a website and its pretty much complete. However I have the need to restrict access to one virtual directory, which is fine and I have scripted this. However...
View ArticleHTTP OPTIONS listing disallowed verbs in IIS 8.5
I'm trying to get an HTTP OPTIONS request to reflect the available methods in a web site. At the moment it lists Allow as " OPTIONS, TRACE, GET, HEAD, POST", however I have explicitly disabled TRACE...
View ArticleSetup windows authentication for intranet site
I have already asked this question on the asp.net forum for reference http://forums.asp.net/t/2051737.aspx?Windows+Authentication+permissions but can't seem to get a concrete answer.All the...
View ArticleDigest Issue
Ok, I'm at a bit of a loss hereWe have a 2008 R2 Server with IIS installed and a site set up for Digest Auth only. this has been working fine.Recently we set up a 2nd server the same way however on...
View ArticleNeed transparent auth
Hi.I have website on IIS 6.2 (Server 2012 R2). I want to configure forced authentification. Current loged user credentials must be used for basic\windows or whatever authentification. No promts...
View ArticleIIS 8.5 offers all client certificates
Hi!Situation: WS2012 R2 / IIS 8.5, two way SSL is required, so client must have certificate for accessing website. While trying to access website, all certificates with authentication EKU are...
View Article