restricting execution api
Hello,Can I do something like this with IIS 8.5:out of server, I try to run a URL "https: // site / api / DoApi / Do" and nothing happened;inside the server I run the same URL "https: // site / api /...
View Articlesmard card (certificate) window problem
Hi,I have a problem with my application which is installed on IIS 10 - Windows Server 2016. Application have to use SSL, I have configured proper Bindings with certificate and alias as an Host name....
View ArticleRemote Access Users to application pool
Hi,i have 3 site on IIS1 on Server1 in my domain, for security other user connected to IIS1 from IIS2 om Server2 remotely .Users have access to IIS modules , but have not access to application pool or...
View ArticleOne user two logins to one app
Hi,I have one user that has two logins, webapp is login by IIS SSO connecterd to the domainI'd like to make that when I logged out from webapp and login to the webpage by second login (second domain...
View ArticleIIS 7.5 Cross domain authentication
I have a basic IIS 10 website joined in Domain A. I can login to the website with credentials from Domain A.We have a trust between Domain A and Domain B.Domain A trusts Domain B: Trust type: External...
View ArticleClik here to view.
Acceptable Cipher Suites for Chrome
I'm in the process of redoing the SSL/Security on some of my IIS web servers and had a question about Chrome. My website is currently getting a score of A from Qualy's, however Google Chrome...
View ArticleHaving issues with Https for IIS
I have question regarding applying SSL to IIS 8This is what I have: 1) I have a domain (mywebsite.com) from hostgator 2) An SSL certificate from GoDaddy 3) Azure VM with a...
View ArticleIIS configuration for smart-card authentication for non-domain clients
Hi IIS Gurus! I have IIS 8.5 and application hosted on it. Application server is Tomcat 8.0.37. So the whole chain is IIS+ISAPI+Tomcat. My application is configured for smart-card authentication. Users...
View ArticleSite Accessible using http but not https except when using IE
I have a site configured on my development server where http and https are both allowed on the site. In anything but IE, when you visit the site in https you get a "This site can't be reached". When...
View ArticleWhy is Lsass hitting high CPU in response to network traffic?
I have a Windows Server 2016 Datacenter virtual machine running on AWS. My server experienced a sudden increase in CPU usage from lsass.exe, rendering the server unusable. Note that this server is a...
View ArticleFolder permissions/security
What is the best way in IIS7 to control security settings to have certain web users that login into our website folder access. For Example USER123 can only view the files in USER123 folder and not able...
View Articleaccess files from wcf service to the server other than machine which have IIS...
I tried to access files from wcf service to the server other than machine which have IIS server in which wcf service is hosted.but wcf service could't access to another server's folder.Please let me...
View ArticleReverse ProxyBypass
Ao executar um teste de vulnerabilidade pela ferramenta acunetix, verificamos um ponto de atenção com um alerta sobre: Reverse_Proxy_Bypass Preciso de um auxilio para configurar uma regra de para...
View ArticleIP Address and Domain Restrictions, restrict to 127.0.0.1 seems to allow 127.*
Hi!I am trying to lock down a web site to only respond to requests from the same local machine.I have included the follwoing in the site root...
View ArticleImplementing dual authentication: PKI and username/password
I run a webserver that authenticates users with a username and password. I want to enable PKI authentication on my webserver while still allowing users to login with a username/password combination...
View ArticleSet up a Web service with basic authentication and LocalService calls
Hi,Is it possible to configure a web service so that you need basic authentication but it allows the "NT AUTHORITY\LocalService" account too? It's an MVC application deployed on a IIS 8.5, all the...
View ArticleAuthentication mode enabled on IIS is getting disabled automatically and...
The website currently has both anonymous and widows authentication enabled. Randomly, it gets disabled and we have to manually enabled it back again. What could cause the IIS to disable the enabled...
View ArticleHow to revert back to IUSR for anonymous access?
While troubleshooting an anonymous access issue the anonymous access was set to the Application Pool Identity. I'm trying to revert it back to the default IUSR account but I'm not having success.What...
View ArticleAuthentication issues
Hello I am new to IIS and inherited and old IIS 6 box that serves up files from our file share server which is working the way it should. We are in the process of creating the same shares on a Windows...
View Article