http 500.0.64 IIS with Client Certificate Required
Hi All,* We have IIS7, ARR configured for website, SSL + Client Certificate Required.* This setup is running fine with many partners, but only for 1 partner we are getting below error into our IIS...
View ArticleIIS Manager Permissions
Hi, Is it possible to add a user to the IIS Manager Permissions within IIS using PSDSC. I have created a DSC script that creates a local user installs IIS and then deploys the msdeploy package, but...
View Articlemultiple SSL certificates on single site with same IP and Port
Hi,My IIS server is 8.5 and has self signed certificates to a site. My server is having only one site. Server self signed certificates are going to expire shortly. So, we need to generate one more self...
View ArticleUnable to access Shared directory using IIS 7.5
Hi Pals,I am working on IIS 7.5 running on Server 2008 R2. I have created a main site and under the main site, I have added other sites as application so I have a parent URL and sub application which...
View Articlewindows authentication force specific DC instead of default controller
Hi,due to finding ourselvs in a beginning of a international domain migration we need to find an interim solution to keep local (legacy, .NET) webapplications running until new FMO takes place.The...
View ArticleMultiple user recognition behid one IP
Hi guys,I need your help.I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.The process is as...
View ArticleHTTP Error 403.14 - Forbidden on IIS8 production server. But working fine in...
I have mvc4 web application with Windows authentication enabled on IIS8, Which is working fine.After few days I have got a change order to update the application . I have done required changes and...
View Articlecyber attacks (via ScriptResource.axd?)
Hello everyone,Sorry for my poor Englishin recent months we are literally ravaged by cyber attacks on ours websites that cause insertion on them of various hidden strings (<div style = "display:...
View ArticleIIS Smart Card authentication - Request.IsAuthenticated = false
Hi! I configured a website to use IIS Smart Card authentication (IIS 7.5 and ASP.NET 4.0).I am querying Request.IsAuthenticated but it always comes back = false even though the user entered correct PIN...
View ArticleIIS 8.5: Change authentification mode for url sub path
We have a client intranet web application running as a remote proxy on IIS 8.5 with Windows Authentication enabled. Now, we need to disableWindows Authentication and enable Anonymous Authentication on...
View ArticleHow to mask IIS fingerprint?
Hello everyone,Recently I started my adventure with ASP.NET/IIS environment and I am improving security of my server currently.I'm trying to mask fingerprint of my server before aggressors. Output of...
View ArticlePen Testing - HttpOnly and Secure Cookies
Hi GuysBeen scratching my head on this one for a couple of days now and not sure what to do. We had external company do some pen testing and there is one cookie that is being flagged as non secure...
View ArticleIntranet Site Auth Broken when off Network for domain joined workstations
I'm investigating an issue where I believe I've found a solution, but I have no idea why it works. Looking for some sound reasoning on the below :)Website currently has Anonymous and Forms...
View ArticleMake Client Certificate from existing GEOTRUST Root Certificate
I have a root certificate from GEOTRUST (RapidSSL) and I want to make a client certificate that user need to get access for my website.Now I have a problem to create that:makecert -pe -n...
View ArticleHow does deny IP address by concurrent request work?
Can someone please explain to me how deny ip by concurrent request works? I have it set to 10 concurrent and 20 within 5000msThank you
View ArticleOCSP stapling not working
I run a website on Windows Server 2012 R2 (IIS8.5) and am busy beefing up the TLS security. Running SSL Labs tests against the machine shows that it is not using OCSP stapling. I have read in several...
View ArticleUNC / SAN / Shared Content / Password Challenge
I am in the middle of going to shared config and content at work. I have the shared config going fine. The shared content is another story.It is being reached by a UNC path that is on a SAN. I know...
View ArticleHow to remove Server Name "Microsoft-IIS/8.5" from HTTP headers?
Hello everyone,I've changed server name according to steps described in this thread ( http://forums.iis.net/t/1226447.aspx?How+to+remove+Server+Microsoft+IIS+8+5+header+banner+in+IIS )At the first...
View Articleabout "Remove Sample Applications" of MSADC
We got question from our key customer that following 2 URLs mentioned some files need to be deleted for security...
View ArticleWeb Application prompting for credentials? Error 401.2
Hi folks.We have IIS running on a server that is currently hosting a single website (Default Web Site) and several Web Applications. They currently use Windows Authentication and successfully...
View Article