all groups > iis security > recent posts
Re: IIS6, IIS7 and VS2005
Posted by David Wang at 4/24/2008 6:43:40 PM
On Apr 24, 7:35=A0am, "Paul Calderon" <pcalder...@gmail.com> wrote:
> I have 3 Machines
>
> Machine 1 (DCom Container) Windows 2003 Server
>
> Machine 2 (Web App Container) Windows 2003 Server
>
> Machine 3 (Developer Machine) Windows Vista
>
> Machine 1 have just the components we need to ... more >>
Re: Getting SPNEGO HTTP headers to a CGI?
Posted by Ken Schaefer at 4/24/2008 5:20:47 PM
Why are you trying to do this throught IIS rather than through a reverse
proxy?
Otherwise, look up how current proxies implement this functionality - I
presume it would be the same. The only issue is that when the client
connects to your IIS/CGI server, it does so using a particular FQDN (s... more >>
Re: Delegated Kerberos through a CGI
Posted by Ken Schaefer at 4/24/2008 4:58:34 PM
No - you can't just pass on the Kerberos service ticket. Your CGI (probably
using the Windows security APIs) needs to get a new service ticket to the
backend server.
How Kerberos works (explains the concept of a service ticket)
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/20/512.... more >>
Re: Is HTTPS Url Exposed?
Posted by Ken Schaefer at 4/24/2008 4:56:18 PM
Hi,
The requested URL is encrypted.
Cheers
Ken
--
My IIS blog: http://adopenstatic.com/blog
"Izorich" <Izorich@nospam.nospam> wrote in message
news:2DC2E393-7C21-4741-89B4-59E8A5AC53C4@microsoft.com...
> HTTPS protocol transfers data using encryption. Is request URL encrypted
> o... more >>
IIS / SSL / Site Security / Multiple Sites
Posted by Travis McGee at 4/24/2008 2:51:51 PM
Have a question about an IIS server with multiple commerce web sites and
single SSL certificate
Here is the scenario (single server, single static IP)
www.TheCompany.com this top level company website has the SSL certificate
www.Product1.com \\CompanyServer\c\web\Product1
www.Product2... more >>
Is HTTPS Url Exposed?
Posted by Izorich at 4/24/2008 12:27:00 PM
HTTPS protocol transfers data using encryption. Is request URL encrypted or
is it available in plain text when packets are transmitted? I'd like to use
query part of URL to pass request id and I wonder if that request ID is
encrypted or not.
for example:
https://host/page.aspx?myId=myIdV... more >>
Re: IIS6, IIS7 and VS2005
Posted by Paul Calderon at 4/24/2008 9:35:06 AM
I have 3 Machines
Machine 1 (DCom Container) Windows 2003 Server
Machine 2 (Web App Container) Windows 2003 Server
Machine 3 (Developer Machine) Windows Vista
Machine 1 have just the components we need to access from network (GIS
Components)
Machine 2 have the website over IIS6 (c... more >>
Delegated Kerberos through a CGI
Posted by AWillemsen at 4/24/2008 6:50:04 AM
Hi,
I'm trying to get a CGI to use delegated Kerberos authentication. The
environment is IE6 on the client (A) and IIS6 on two servers (B and C).
Delegated authentication is working with ASP, according to
http://support.microsoft.com/kb/314404 but when I substitute the CGI for
"Test1.as... more >>
Don't see what you're looking for? Search DevelopmentNow.com.
Re: IIS6, IIS7 and VS2005
Posted by David Wang at 4/24/2008 4:25:02 AM
On Apr 23, 4:34=A0pm, "Paul Calderon" <pcalder...@gmail.com> wrote:
> I'm developing an web application with DCOM interfaces.
>
> When I run the application from VS2005 (internal Web Server), I don't have=
> any problem accessing to the DCOM hosted by another machine.
>
> When I run the appl... more >>
IIS6, IIS7 and VS2005
Posted by Paul Calderon at 4/23/2008 6:34:42 PM
I'm developing an web application with DCOM interfaces.
When I run the application from VS2005 (internal Web Server), I don't have
any problem accessing to the DCOM hosted by another machine.
When I run the application from a virtual directory configured in IIS 7
(Windows Vista), I can acc... more >>
SQL Connections.NET Integrated security Hosting Multiple Applications on Single IIS
Posted by Rex Gibson at 4/23/2008 5:38:05 PM
Hi there,
We are working on setting up a shared hosting environment for
intranet/internet use.
Multiple Load Balanced servers to host .NET applications in both C#.NET and
VB.NET.
Most of the applications were delivered to us with instructions to use sql
passwords but we would like to move t... more >>
Getting SPNEGO HTTP headers to a CGI?
Posted by schlenk at 4/23/2008 6:25:08 AM
Hi all,
trying to get the following setup to work:
Http SPNEGO SPNEGO via CORBA
IE <---------------------> IIS <---> CGI
<--------------------------------> AppServer
So basically using IIS as a primitve frontend for an AppServer that
can do Kerberos Auth i... more >>
Re: CGI limitations?
Posted by David Wang at 4/21/2008 11:44:43 AM
On Apr 21, 8:48=A0am, ElCarso <elca...@somewhere.com> wrote:
> Hi every body,
> I wonder why it is forbidden for a CGI application to do certain things,
> which I consider quite harmless from a server point of view, like for
> instance play a sound or encrypt/decrypt data.
>
> I have a CGI app... more >>
CGI limitations?
Posted by ElCarso at 4/21/2008 8:48:00 AM
Hi every body,
I wonder why it is forbidden for a CGI application to do certain things,
which I consider quite harmless from a server point of view, like for
instance play a sound or encrypt/decrypt data.
I have a CGI application that runs from within a CGI folder on a Windows
Server 2003.... more >>
Re: Intranet web server security
Posted by Roger Abell [MVP] at 4/21/2008 6:26:25 AM
I am not sure whether the IIS 5 and W2k specific material is
available any longer in the guidance series off the websites
www.microsoft.com/security www.microsoft.com/technet/security
but much of the material has not changed greatly to the newer
release versions (except for things not available... more >>
Re: Kerberos and ASP NET application
Posted by DaveMo at 4/21/2008 5:53:04 AM
On Apr 20, 5:17=A0pm, dragons...@gmail.com wrote:
> Thanks for the response Ken. =A0Yes they are all on the same domain.
>
> Further investigative work last week revealed something which may be
> important: =A0basically, Kerberos operates as expected from one specific
> make of machines on our ... more >>
Re: Kerberos and ASP NET application
Posted by dragonsjmd@gmail.com at 4/20/2008 5:17:17 PM
Thanks for the response Ken. Yes they are all on the same domain.
Further investigative work last week revealed something which may be
important: basically, Kerberos operates as expected from one specific
make of machines on our network - other machines, with a different
build, fail.
I ha... more >>
RE: Still expired password changing using IISADMPWD with IIS6
Posted by edlai at 4/20/2008 11:42:00 AM
You did not mention whether you are using http or https. If you are using
http but aexp2b.asp uses https then the change password page will not be
found.
Open aexp2b.asp find the line that contains https - change it to http and
save the file.
"Vic" wrote:
> Configured IIS6 on W2003 us... more >>
Re: IIS with localhost
Posted by Dave at 4/19/2008 9:20:49 PM
its called a firewall.
"Jack" <jl@knight.com> wrote in message
news:%23ufgZxgoIHA.4308@TK2MSFTNGP06.phx.gbl...
> How to segregate my machine from the internet while not disconnecting my
> cable modem?
>
> Thanks
> Jack
>
... more >>
Re: IIS with localhost
Posted by Jack at 4/19/2008 6:58:55 PM
How to segregate my machine from the internet while not disconnecting my
cable modem?
Thanks
Jack
... more >>
IIS with localhost
Posted by Jack at 4/19/2008 6:17:40 PM
Hi,
If I start using IIS service on my machine, would my machine be exposed to
intruders from the outside world? would that be a good idea to disconnect
the cable modem everytime I start the server?
I want to test my app locally and safely within my own "virtual" network but
don't want to ... more >>
Re: intranet cross forest trusts
Posted by Tiago Halm at 4/18/2008 7:42:51 PM
Yes it does, you may, however, need to raise the forest and domain
functional levels.
Before doing so, read the steps and, more importantly, the implications:
http://support.microsoft.com/kb/322692
A user account of forest2 will receive a referral TGT from AS
(Authentication Service) in fo... more >>
Re: Kerberos
Posted by Ken Schaefer at 4/18/2008 9:38:32 AM
Hi,
It seems that you have most of the bits in place. However, for some reason,
something is misconfigured hence it's not working.
Enabling Kerberos logging on all the servers in question (which will give us
what the servers think they are seeing) as a well as getting packet captures
of ... more >>
Re: HTTP 401.2 - No permissions: login failed because of server configuration
Posted by bob at 4/17/2008 8:33:52 PM
"When you get prompted for the username/password, if you enter the
correct credential, does it succeed or fail."
Yes
"Is HTTP KeepAlive enabled."
Yes
I can solve the problem by settings both Anonymous and Integrated Windows
Authentication, but is this good practice?
On Apr 16, ... more >>
Re: Kerberos and ASP NET application
Posted by Ken Schaefer at 4/17/2008 7:18:17 PM
Are all the machines in the same domain?
Cheers
Ken
<dragonsjmd@gmail.com> wrote in message
news:0ca5054e-b2b5-4cd6-96e0-d5c37d727025@s13g2000prd.googlegroups.com...
> Hi All
>
> First time poster to this group,and this is my first experience
> looking into the intricacies of Kerberos... more >>
Re: IIS/Network Service registry audit failure for Disallowed cer
Posted by TimG at 4/17/2008 6:11:01 PM
I will attempt to open a support incident.
--
Thanks,
Tim
"David Wang" wrote:
> The best way to resolve this will be for you to open a support ticket
> with Microsoft PSS to get an explanation/fix.
>
> IIS6 is not installed by default so the C2 complaince team couldn't
> have kn... more >>
Re: HTTP 401.2 - No permissions: login failed because of server configuration
Posted by David Wang at 4/17/2008 3:26:29 PM
In that case, you are only going down the Anonymous and ASP.Net Forms
Authentication path. You might as well not enable Integrated Windows
Authentication.
As for good practice -- it always depends on what you are trying to
accomplish. There are no hard/fast rules for security, only relative
d... more >>
Re: IIS/Network Service registry audit failure for Disallowed cer
Posted by David Wang at 4/17/2008 3:24:05 PM
The best way to resolve this will be for you to open a support ticket
with Microsoft PSS to get an explanation/fix.
IIS6 is not installed by default so the C2 complaince team couldn't
have known. I can also tell you that C2 complaince was not on the IIS6
team's radar during development, so it ... more >>
Domain Authentication for IIS located in DMZ
Posted by Richard Alexander at 4/17/2008 1:06:03 PM
I currently have a Windows Server 2003 doamin running Active
Directory(doamin.local) We setup and installed an IIS server in the DMZ for
customer to be able to access order status(using local ids and passwords) We
have now decided to setup a site for our Outside sales employees to be able
to... more >>
Re: IIS/Network Service registry audit failure for Disallowed certific
Posted by wjzhang@online.microsoft.com ( at 4/17/2008 8:37:48 AM
Hi Tim,
I agree with David. You should be able to safely ignore these access denied
failures and stop auditting to avoid the security events. Network Service
account should only requires Read permission on these certificate store
related registry entities. By default, Local Users group alre... more >>
|