On Apr 24, 7:35=A0am, "Paul Calderon" <pcalder...@gmail.com> wrote: > I have 3 Machines > > Machine 1 (DCom Container) Windows 2003 Server > > Machine 2 (Web App Container) Windows 2003 Server > > Machine 3 (Developer Machine) Windows Vista > > Machine 1 have just the components we need to ...more >>

Why are you trying to do this throught IIS rather than through a reverse proxy? Otherwise, look up how current proxies implement this functionality - I presume it would be the same. The only issue is that when the client connects to your IIS/CGI server, it does so using a particular FQDN (s...more >>

No - you can't just pass on the Kerberos service ticket. Your CGI (probably using the Windows security APIs) needs to get a new service ticket to the backend server. How Kerberos works (explains the concept of a service ticket) http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/20/512....more >>

Hi, The requested URL is encrypted. Cheers Ken -- My IIS blog: http://adopenstatic.com/blog "Izorich" <Izorich@nospam.nospam> wrote in message news:2DC2E393-7C21-4741-89B4-59E8A5AC53C4@microsoft.com... > HTTPS protocol transfers data using encryption. Is request URL encrypted > o...more >>

Have a question about an IIS server with multiple commerce web sites and single SSL certificate Here is the scenario (single server, single static IP) www.TheCompany.com this top level company website has the SSL certificate www.Product1.com \\CompanyServer\c\web\Product1 www.Product2...more >>

HTTPS protocol transfers data using encryption. Is request URL encrypted or is it available in plain text when packets are transmitted? I'd like to use query part of URL to pass request id and I wonder if that request ID is encrypted or not. for example: https://host/page.aspx?myId=myIdV...more >>

I have 3 Machines Machine 1 (DCom Container) Windows 2003 Server Machine 2 (Web App Container) Windows 2003 Server Machine 3 (Developer Machine) Windows Vista Machine 1 have just the components we need to access from network (GIS Components) Machine 2 have the website over IIS6 (c...more >>

Hi, I'm trying to get a CGI to use delegated Kerberos authentication. The environment is IE6 on the client (A) and IIS6 on two servers (B and C). Delegated authentication is working with ASP, according to http://support.microsoft.com/kb/314404 but when I substitute the CGI for "Test1.as...more >>

On Apr 23, 4:34=A0pm, "Paul Calderon" <pcalder...@gmail.com> wrote: > I'm developing an web application with DCOM interfaces. > > When I run the application from VS2005 (internal Web Server), I don't have= > any problem accessing to the DCOM hosted by another machine. > > When I run the appl...more >>

I'm developing an web application with DCOM interfaces. When I run the application from VS2005 (internal Web Server), I don't have any problem accessing to the DCOM hosted by another machine. When I run the application from a virtual directory configured in IIS 7 (Windows Vista), I can acc...more >>

Hi there, We are working on setting up a shared hosting environment for intranet/internet use. Multiple Load Balanced servers to host .NET applications in both C#.NET and VB.NET. Most of the applications were delivered to us with instructions to use sql passwords but we would like to move t...more >>

Hi all, trying to get the following setup to work: Http SPNEGO SPNEGO via CORBA IE <---------------------> IIS <---> CGI <--------------------------------> AppServer So basically using IIS as a primitve frontend for an AppServer that can do Kerberos Auth i...more >>

On Apr 21, 8:48=A0am, ElCarso <elca...@somewhere.com> wrote: > Hi every body, > I wonder why it is forbidden for a CGI application to do certain things, > which I consider quite harmless from a server point of view, like for > instance play a sound or encrypt/decrypt data. > > I have a CGI app...more >>

Hi every body, I wonder why it is forbidden for a CGI application to do certain things, which I consider quite harmless from a server point of view, like for instance play a sound or encrypt/decrypt data. I have a CGI application that runs from within a CGI folder on a Windows Server 2003....more >>

I am not sure whether the IIS 5 and W2k specific material is available any longer in the guidance series off the websites www.microsoft.com/security www.microsoft.com/technet/security but much of the material has not changed greatly to the newer release versions (except for things not available...more >>

On Apr 20, 5:17=A0pm, dragons...@gmail.com wrote: > Thanks for the response Ken. =A0Yes they are all on the same domain. > > Further investigative work last week revealed something which may be > important: =A0basically, Kerberos operates as expected from one specific > make of machines on our ...more >>

Thanks for the response Ken. Yes they are all on the same domain. Further investigative work last week revealed something which may be important: basically, Kerberos operates as expected from one specific make of machines on our network - other machines, with a different build, fail. I ha...more >>

You did not mention whether you are using http or https. If you are using http but aexp2b.asp uses https then the change password page will not be found. Open aexp2b.asp find the line that contains https - change it to http and save the file. "Vic" wrote: > Configured IIS6 on W2003 us...more >>

its called a firewall. "Jack" <jl@knight.com> wrote in message news:%23ufgZxgoIHA.4308@TK2MSFTNGP06.phx.gbl... > How to segregate my machine from the internet while not disconnecting my > cable modem? > > Thanks > Jack > ...more >>

How to segregate my machine from the internet while not disconnecting my cable modem? Thanks Jack ...more >>

Hi, If I start using IIS service on my machine, would my machine be exposed to intruders from the outside world? would that be a good idea to disconnect the cable modem everytime I start the server? I want to test my app locally and safely within my own "virtual" network but don't want to ...more >>

Yes it does, you may, however, need to raise the forest and domain functional levels. Before doing so, read the steps and, more importantly, the implications: http://support.microsoft.com/kb/322692 A user account of forest2 will receive a referral TGT from AS (Authentication Service) in fo...more >>

Hi, It seems that you have most of the bits in place. However, for some reason, something is misconfigured hence it's not working. Enabling Kerberos logging on all the servers in question (which will give us what the servers think they are seeing) as a well as getting packet captures of ...more >>

"When you get prompted for the username/password, if you enter the correct credential, does it succeed or fail." Yes "Is HTTP KeepAlive enabled." Yes I can solve the problem by settings both Anonymous and Integrated Windows Authentication, but is this good practice? On Apr 16, ...more >>

Are all the machines in the same domain? Cheers Ken <dragonsjmd@gmail.com> wrote in message news:0ca5054e-b2b5-4cd6-96e0-d5c37d727025@s13g2000prd.googlegroups.com... > Hi All > > First time poster to this group,and this is my first experience > looking into the intricacies of Kerberos...more >>

I will attempt to open a support incident. -- Thanks, Tim "David Wang" wrote: > The best way to resolve this will be for you to open a support ticket > with Microsoft PSS to get an explanation/fix. > > IIS6 is not installed by default so the C2 complaince team couldn't > have kn...more >>

In that case, you are only going down the Anonymous and ASP.Net Forms Authentication path. You might as well not enable Integrated Windows Authentication. As for good practice -- it always depends on what you are trying to accomplish. There are no hard/fast rules for security, only relative d...more >>

The best way to resolve this will be for you to open a support ticket with Microsoft PSS to get an explanation/fix. IIS6 is not installed by default so the C2 complaince team couldn't have known. I can also tell you that C2 complaince was not on the IIS6 team's radar during development, so it ...more >>

I currently have a Windows Server 2003 doamin running Active Directory(doamin.local) We setup and installed an IIS server in the DMZ for customer to be able to access order status(using local ids and passwords) We have now decided to setup a site for our Outside sales employees to be able to...more >>

Hi Tim, I agree with David. You should be able to safely ignore these access denied failures and stop auditting to avoid the security events. Network Service account should only requires Read permission on these certificate store related registry entities. By default, Local Users group alre...more >>