SSL "ghost" intermediate certificate
Hi,my IIS (Win 2012 datacenter) is serving SSL sites using a not existant intermediate SSL certificate.I explain. I have certificates issued by Lets'encrypt X3 authority. When I access web sites, IIS...
View ArticleCertificate Trust List on IIS 8.5
Can anyone provide a valid method for implementing a CTL on IIS 8.5 that doesn't require me to stand up a server that is EOL?Scouring the interwebs keeps pointing me to posts that reference a tool from...
View ArticleSSO/AD Integration
Hi,I wrote a rather simple php application for use on our Intranet. The application has two portions, one portion is supposed to be available to one group of users and the other to a second. We could...
View ArticleQuery on Eliminating hard coded Credentials from Web.config file
Hello,I am not a Developer, I am trying to guide the development team on having a secure coding standard..Problem description: Web.config files on IIS stores hard coded credentials in the web.config...
View ArticleDelegate IIS administration to users
Hi,Question from a newbie IIS user !!I have a Windows 2008R2 server with IIS - I have a domain user which must be full administrator over the IIS - no restriction in the IIS manager at all.How to give...
View ArticleRunning application pool using GMSA
Hello,We have WCF services running on IIS and the application pool is running using GMSA. The WCF service is using ADO.Net to connect to SQL Server database. Irrespective of the authentication...
View ArticleWrite permission to website user
Hi,i have created a new website on windows server 2012i am using asp script that creates a filethe problem is that by default the script works, the user has write permission to the websire folder.What...
View Article401.503 - Unauthorized
Ok, so I am in the process of setting up and hardening an IIS8 web server on Windows Server 2012 R2.I currently have the following services installed.SSH Telnet Webdav MySQL FTP PHP 5.5.34 CGIand when...
View ArticleIIS Reverse Proxy for Fiori Out
Hello Experts,I am stuck in a reverse proxy issue. I am not a network person, so may be I am missing some steps in setting up the reverse proxy.Here's the scenarioI have an external URL - www....
View ArticleForms authentication on HTML Files
I have a sub-domain that has html files and I want to secure them so that they are only accessible once the user has successfully logged in .First Method i have tried adding the below : under forms...
View ArticleError using Windows Authentication on sub-folder of virtual directory
I'm using 4.0 .NET Framework coding web application using MVC. IIS 7 is running on the production system. The web application I'm trying to run is on a Windows Server 2008 R2.In the application the...
View ArticleGroups Based On IP Range
What I would like to ideally do is have two different user groups on my server. Let's call the first one "Full Time Employees" and the second "Part Time Employees". I only want "Part Time Employees"...
View Articlerestrict access to html files in IIS 7.5
OK here is my question in another turn around I have a sub-domain (ex: test.aio.com) that contains HTML files in folders and sub folders , I need to restrict access to these files if the user is not...
View ArticleNLB aspx website authentication issues
I've been running an a site from 2008r2 Web server. Part of the function of the website is to query Active Directory and return a list of Security Groups.We're now trying to move the server behind a...
View ArticleIssue with configuring One-to-One Client Certificate Mappings
Hi thereI have the following request. I have an internet-facing SharePoint web application. Next to the username/password combination, I want the user as well to authenticate with a client certificate....
View ArticleCurrent state of Microsoft ModSecurity support ???
Microsoft published a blog post in 2012 about supporting ModSecurity with a pre-compiled MIS...
View ArticleWhy Username/Password after Certificate authentication?
On WIndows 2012 R2, I configured IIS with iisClientCertificateMappingAuthentication, One-to-one-Mapping, and SSL Required client certificate. Under Authentication, I enables only...
View ArticleWindows Security popup for forms Authentication
I am getting a Windows security popup for forms authentication application hosted on intranet server.Is there any IIS configuration to be set?Please help
View ArticleIIS 7.5 vs 8 - security
Hi!I have a question about the technology, which so far is completely unknown to me, so excuse me a very general nature of my question. Someone told me that I should not go in the direction of IIS 7.5...
View ArticleClient certificate without CDP
Hi,I have a cloud service with certificate authentication (Require client cert).netsh http show sslcert gives the below output. IP:port : Certificate Hash : 955.......
View Article