Windows credentials being cached by user
Hi there,I'm hosting a form on IIS that requires windows authentication to log in. This works completely fine, however, when the user logs in for the first time their device caches their credentials so...
View ArticleIIS Crypto best practices and ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY issue
On an ASP.NET Web api, I receive ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY issue after like every 2-3 months, which I resolve by going to IIS Crypto, clicking 'Best practices' and reboot.I know that...
View ArticlePUT/DELETE/OPTIONS method return 401 page
I'm using a .net core web api 3.1 hosted on remote IIS server, with PUT/DELETE/OPTIONS request I got a 401 page.Here is the stackoverflow question
View ArticleDisable windows WWW-Authenticate challenge
Hi,Currently I have an application where I only need windows authentication on particular endpoints, but since this is configured server wide this is currently not possible for me. For context, I have...
View ArticleProblem in making DFS Sub-Structure available with HTTP on IIS 10.0
Hi, i want to make the "Projects" Part of our DFS Structure accessible by HTTP. (\\company.com\dfs\projects\...)I've installed IIS on Server 2019 (webserver.company.com)Set up an Application Pool...
View ArticleHttpWebRequest GetResponse blocked or getting timeout
Where can I make IIS10 allow outbound internet access for its scripts?I have a generic handler that requests some info from an external site over http using HttpWebRequest. I get a timeout on my...
View ArticleLooking for Data Security Privacy Consulting Services for your business
Hello All,PartnerBO provides the most powerful Intelligent Data Platform Data Security & Privacy Consulting Services that help organizations manage data, mitigate risk, and ensure they meet...
View ArticleHow to identify SFTP and TFTP in windows server 2016?
Hi All,I wanted to know how to check the status of the TFTP and SFTP?I have used server manager add roles and features to verify TFTP client status and for SFTP using FTP server status.is there any...
View ArticleIssue setting up centralized certificate store and SNI
Hello,I'm trying to set-up a centralized certificate store and SNI under IIS 10 so I can host multiple domains using the same port. I have a store, which seems to be working (I can see the...
View ArticleDynamic IP Restrictions by file type?
Hi, I've tried using WebKnight, which is similar to Dynamic IP Restrictions, but some pages on my sites have tons of images and js and css and so a single page request would result in potentially a...
View ArticleHow do you enable HSTS in IIS on Server 2016 version 1607?
PCI scanning reported the vulnerability, "HSTS Missing From HTTPS Server".This blog addresses the problem but specifically states that native HSTS support only became available in Server 2016 version...
View ArticleNot able to access the IIS website outside the VM.
Hi ,I have created demo website in IIS and in binding section i have given hostname dev-grt-api.net and port i have given as 80 default port number. But i have access the page inside VM but i am not...
View ArticleGroup Managed Service Accounts and iis Client Certificate Mapping Authentication
Has anyone managed to get this working? I have numerous Group Managed Service Accounts (gMSA) all working well on the server - except when trying to use it as the account for one of my IIS Client...
View ArticleHow to Add IP range for Dynamic IP Restrictions IIS10? Allow and Deny
I have have 2 or more IP addresses that I want to ALLOW to view a website. Nobody Else.Logically I should only have to add the ALLOW IP addresses and NOT the DENY addressesIt does not make sense to...
View ArticleClik here to view.
IP restrictions block all except one does not work
Hi, Our website is hosted on one of our Azure virtual machines. I'm trying to restrict all IP access to our site except one particular IP address. I have the following configuration at my Site...
View ArticleIIS/TLS, reject certificates with wrong policy identifier number
Hi!I would like to know, is it possible to filter IIS/TLS traffic by using policy identifier number in end user certificate. My goal is to accept only certificates with specific policy identifier...
View ArticleHow do you enable "secure renegotiation" in IIS on Windows 2012 R2
I see that my IIS web server does not support "secure renegotiation", and I'm wondering how I fix that.I don't see anywhere to toggle that setting.Condition on ssllabs.com for better result
View Articlewebsite asks for login information when using https instead of http
I have just installed an SSL certificate on my AWS-EC2 instance (running IIS 10) and would like to run the site over https.http works fine but when using https I always get a login prompt instead of...
View ArticleSSL site requires password
Maybe this is an beginner's problem, but I do not find any online resource solving it: I've got a minimal https site in IIS (let's assume it's "MySSLSite") on a Win Server 2019 with a physical path...
View ArticleServer 2012 R2 + Webdav + issues mapping drive
Server 2012 R2 with Webdav setup, server is remote to office. Attempting to connect over the internet via HTTPS.I can access server via web browser (https://server:port/folder) - logon with defined...
View Article