530 error logging into FTP site with local admin account
I have a Windows 2008 FTP site which allows a local admin account to login locally or remotely. I have a Windows 2012 FTP site that will only accept domain accounts to login. I have removed the FTP...
View ArticlePrivate IP Address Leaked in HTTP Headers
I am running into an issue, where "Private IP address leaked in HTTP headers" vulnerabilities are being detected. The version of IIS that is being utilized is IIS7, and I used the following...
View ArticleInternal Network Address Information Disclosure
Hi All, I have a web portal that is integrated to CRM. The security team conducted an assessment on the portal and reported that the portal server IP is exposed. I need to quickly fix this. I have...
View ArticleDMZ account app pool identity from web server to SQL Server
We have very strange problem on our production web app. Our web application is external facing and uses impersonation for app pool identity using a DMZ account. However randomly we see our application...
View ArticleDisable Renegotiation
Guys i have a question:I have two servers an IIS7.5 Win2K8 R2 SP1 64 bitand one Win 2K12 R2 standard IIS 8Im trying to disable renegotiation but the only thing i could find is:Generating 2 DWORD under...
View ArticleAccess to file share
I have an ASP.NET site that access files on a file share. The site is configured for windows authentication. The file share is currently open to all Intranet users (Everyone). I would like to lock...
View ArticleHow to host an internal .mp4 that can't be downloaded?
I'm running version 8.5 of IIS on Server 2012 R2. We have an internal only website. I need to host a couple of .mp4 videos that can be viewed on the website, but not downloaded. We don't want the...
View ArticleClik here to view.
TLS mutual authentication - misleading instructions (causing status code 401 2)
Hion the page https://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthenticationthere are detailed instructions how to get Client Certificate Mapping...
View ArticleADFS IIS
Hi,I am configuring a website using ADFS. The ADFS server already has a SaaS set up as a relying party and this SaaS service will have links back to the home network for document storage. My question...
View ArticlehttpOnly configuration is causing 500 error
HelloRunning IIS 8.5 on Win2k12 R2.Installed a web.config at C:\inetpub\wwwroot. The working contents are:<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer>...
View ArticleUnable to host WCF with unmanaged dlls and linked libraries on IIS
Hi,Am trying to host the WCF service on IIS which refers and links to unmanaged { c++ } dlls and libraries respectively. As per some forums and discussions I followed the following methods to achieve...
View ArticleWindows Security on IIS - more friendly logon page?
Hi everyone,I hope that someone is able to help.We've an IIS site that's using Windows Authentication for all users. As this uses a different domain, all users have to enter credentials into the usual...
View ArticleHow to grant access to iis 7 to non administrator user account
I have a web hosting environment, where I have a difference of access permissions on each team that acts on the server. I am having trouble applying IIS access to users of the "Remote Desktop Users"...
View ArticleWindows authentication get 401.1
Hi,I want to test windows authentication on my IIS site. When I access the website, it pop up the prompt for credential. I input the username and password which has been created in my operating system,...
View Article401 Error Windows Authentication for text/html content-type - Issue with IE
Hi IIS experts, I am pretty new to the IIS . we are using IIS 8.5 and the box is windows server 2012. we started integrating the IIS with our caching and loadbalancing toll called dispatcher...
View Articleproblem setting up virtual directory to unc path
i am using ftp user isolation that works perfectly fine and i have a virtual directory m_drive in ftp setup to unc path \\host1\media , this works fine i log in with my ftp client (filezilla) and see...
View ArticleIIS Impersonation with Windows Authentication
We have an application developed under MVC4 and running on IIS 7, using asp.net 4.5.Our application is configured for windows authentication (no provider is selected so I assume that means NTLM),...
View ArticleWindows Authentication-Enabled Directory Throws Credential Challenge
My question for the forum is: why am I being challenged for credentials? Here is my set up:- Windows Server 2008 R2- IIS 7.5- Server operates in a domain A. - Domain A has a Trust with Domain B.Site:...
View ArticleOutbound rule not firing on HTTP redirection
Hi,I have a requirement to mask the server HTTP header. This is working for the application by using a rewrite rule in the application web.config file.However, the application also has an inbound rule...
View ArticleHow do I enable ALPN and TLS session resumption (client tickets) in Windows...
According to the following TechNet article ALPN and TLS client-side session resumption should be supported in SChannel in Windows Server 2012...
View Article