Application pool identity to use Windows Authentication
An application I have developed use Windows Authentication and I want to pass through Windows Logon credentials to Application Pool Identity. I did try Network Service but no respite. Any help would be...
View ArticleHow to enable TLS session resumption or Optimize TLS handshake on Windows 2016
Hi,We are facing issue on windows 2016. The issue is when more than 15-20 users request token the W3wp (IIS 10) and lsass.exe using 100% CPU. By monitoring using WPA and Network Monitor we saw TLS...
View ArticleWindows authentication & Application pool identity
Dear All,I'm a little bit confused to understand the application pool identity configurations for Windows authentication. I have below two scenarios. In both scenarios, we have file uploading features...
View ArticleIIS not using Windows Identity in app pool
Hi Folks,I have a web site in IIS 10 that is configured with an application pool set to use a service account for its identity (domain/xyz).In the application there is a connection string for SQL...
View ArticleIIS10 Digest authentication keeps asking for credentials on page reload
We are using IIS10 with digest authentication.Login works fine but when i reload a page with key F5 i am getting a login prompt again onChromium 69.0.XXFirefox 62.0On Edge 42.171.334.XX it's not...
View ArticleHow hide "Server:Microsoft-IIS/8.5"
I am trying hide the reponse header "Server:Microsoft-IIS/8.5" it only appear when i get answer 5xx or 4xx.In normal flow the tag is hidden.I did try follow the...
View ArticlePHP Vulnerabilities WebPI 09/14/2018
US-CERT reported PHP vulnerabilities 09/14/2018. The product list in WebPI does not have PHP versions that are safe. Are there any plans to take care of...
View ArticleIIS admin without local server adminstrator
I would like to grant the access to non server admin user to create sites ,application modify site or application configuration and to be done remotely from windows 10 client
View ArticleEDMS Problem with IIS - Unknown error (0x80041455)
Hi,We have C# code deployed on IIS 7.5 in Windows 2008 R2. The code add/remove/search users in active directory using edms. The ARS has been upgraded to 7.0 from 6.0 so we upgraded the .net version to...
View ArticleStill Able to Browse to Page Protected by Windows Authentication and Explicit...
I have a file named "deny.asp" inside a subdirectory ("authtest") that has Windows Authentication turned on and anonymous access disabled. I set the NTFS permission on this file to explicity Deny...
View Articlelimitting usernames to be used just by one person to login
hello dearsis there any way to be used to limit a website - that is configured for directory browsing - usernames (windows basic authentication) to be used by just one person simultaneously, means that...
View ArticleIP Restriction Question
Hello, i am having trouble with hackers trying to hack my website. They seem to use VPN / Proxys i have a huge list of IP Address's i need to ban which are listed below. What would be the most...
View ArticleKerberos delegation suddenly stops working
I have a pretty standard iis (v8.5) site setup with windows authentication (negotiate) and delegation to another web-service on our network. At first everything works as expected and the users can...
View ArticleConfiguring IIS 10 on Windows Server 2016 To use Integrated Authentication
I have published an aspnet core 2.x application to a windows server 2016 running IIS 10. The application was published using Visual Studio 2017, and the application was just a basic AspNet Core...
View ArticleIIS Integrated authentication
Sorry I'm not a developer and have little experience with IIS.Short question, is there a way in IIS to see what credentials are being passed via integrated authentication, even just the user ID?I have...
View ArticleASP.NET Authentication Problem Kerberos / Negotiate / NTLM
Hello,we have a problem with our ASP.NET Application. If we open it in the Webbrowser, always a login dialog is shown, although e.g. the url is set as local intranet etc. In similar environments we...
View ArticlePKI Authentication, prompt for one certification only
We are using PKI for authentication and have no problems. When the user is prompted for their certificate, they have to select either their email certificate or identity certificate. Does anybody...
View ArticleDisable DES and 3-DES Ciphers from IIS Webservers
Hi,We are looking for how to disable Disable DES and 3-DES Ciphers from IIS Webservers?Regards,Lokesh
View Articlelocal dev. Trusted self signed certificat does not work
Hello,I locally develop a https website for tests.I created a self signed certificate from IIS following the below video and it works well but I get the warning DLG_FLAGS_SEC_CERT_CN_INVALID - Edge and...
View ArticleDisable weak ciphers in iis 7.5 windows 7 batch file
Does anyone know where I can find a way to Disable weak ciphers in IIS 7.5?TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) INSECURE128TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)...
View Article