...more >>

Operating System: Win 2003 Server Soap Server: ASP.NET using WIndows Integrated Auth CLient: VB 6.0 Using Soap Toolkit 3.0 Code: '################ Begin Set gSoapClient = New SoapClient30 Call gSoapClient.mssoapinit(LocalWSDLPath) gSoapClient.ConnectorProperty("EndPointURL")...more >>

We have the following configuration... several 2000 ADS servers several NT4 BDC domain servers several IIS 6 on a 2003 member server several IIS 5 on a 2000 member server The problem is that intermittantly we will fail to authenticate via Kerberos to a web site that pulls up a lis...more >>

I'm try to set up a website under IIS6. We want to set up a website viewable to the public, and then allow a few people to edit files on the site via WebDAV. NTFS: Right now the IUSR account has Read/Execute/List permissions. The EDITORS group has Read/Execute/List/Write/Modify. IIS Direc...more >>

I have set up an ftp web site in IIS and have set up the folders. When accessing the ftp files from internet explorer I get a choice of opening or saving the file. How do I make it so it will only allow the file to be saved and not opened. ...more >>

We are running an IIS 5 server on a Windows 2000 Server using Integrated Windows Authentication to connect to our ASP.NET application. All are able to connect properly except those users running IE on a Windows XP platform (both with and without SP2). We traced the problem to the use of ...more >>

Hello, Question, what is the TRUE purpose of having a certificate for a website? just to prove the authenticity? saying this is the REAL site? Regards, Jordan ...more >>

Greetings: You can call me crazy if you like, but I would like to create an additional authentication provider for IIS. I would like IIS to throw a 300 response (this bringing up the ever famous `porn challenge') and resolve the plain-text supplied credentials using my library instead of the ...more >>

Hello, I have an asp application with a logon form that posts form content (username and pw textbox) to itself in order to process and verify. If the application is set to windows integrated authentication in iis 6.0, form data is posted well and can be accessed in the target asp page via req...more >>

I ran the latest Windows update for Windows Server 2003 on 11/24/2004. After the security hotfixes in that update were applied, I started getting the following error when I try to run a local ASP.NET Web Application in the Visual Studio .NET 2003 debugger: http://localhost/aspnet_client/sy...more >>

hi i have installed a small script on a virtual web called explore.aspx this is able to explore my whole c:\ directory, as the user asp.net is a member of the group "Domain User / User" and this user does has read permission on the whole drive c:\ how can i prevent this? is it necessary th...more >>

I have just installed the Front Page 2002 Server extensions onto my Windows 2000 server platform. I was wanting to fix one problem but created many others. It has removed the security of all of the individual users from their directories and when I add them back into the NTFS file system the...more >>

I have an IIS 5.0 server hosting multiple sites that point to the same code base. The host is the only part of the FQDN that changes per customer. The domain for all the sites will always be samedomain.com. All the sites resolve to the same IP so I use Host Header Name in IIS to direct traffic. ...more >>

I have gone through the request for certificate wizard in IIS. It's not really clear about who to send the request to. I went to Verisign's website and purchasing a certificate is EXPENSIVE!!! Is there anyway to do this free or cheap? How can I get a free/cheap certificate??? Thanks ...more >>

Hi all, Currently I have change one of our intranet website to Integrated windows authentication mode in IIS5.0 ,the website is use to let the system administrator to create user account/group in Active Directory. The are several problem happen after this change ,the account creation with h...more >>

I am trying to deploy an asp.net application on IIS 6 and when i try to access any of the pages using the "localhost" then it works, when i try to use the IP address of the computer, then I am getting an ACL error saying that "you are not authorized to view this resource" and the page cannot...more >>

Getting the http error of "HTTP/1.1 403 Access Forbidden Server" which tells me that it is not utilizing the security certificate that is installed on IIS. Additionally the error message states Secure Channel Client Authentication Required This virtual directory requires a browser that sup...more >>

Hi, I have spent hours doing research on this item and found many people with the same problem and no answers. I have an ASP web application that connects to MS SQL 2000. I was running it on Win2000 just fine, no problems whatsoever. We upgraded to Win2003 and now ASP pages take forever to ...more >>

I need to access files via SSL-encrypted WebDAV from our server at a remote site from locked-down workstations, basically with IE6 configured with limited functionality and only a few apps. The connection needs to be dropped when the browser is closed. The secure web site address can be fo...more >>

I've setup a website using Basic Authentication and SSL in IIS 5. The only people that can be authenticated are people with administrative rights, despite the fact that the file security on the wwwroot folder allows Everyone read access. Does anyone know why members of the User group can't a...more >>

How many certificates can I have on a single IIS server?...more >>

Can anyone point me to some good doco on running a custom app pool under a domain account? I have searched google and found nothing that is really good. Kevin ...more >>

I am a sharepoint newbie. I am doing a new installation; I set my web site to Basic Authentication so I could utilize SSL. With Basic Authentication set, my "crawls" fail with the following error: The content source <spss://10.10.10.5/site$$$people> cannot be accessed. Context: https://10....more >>

I have an IIS 6 Server that I have just inherited (the system admin just left the company). I have a directory that needs to be SSL protected. I have the Certificate installed (it was done before I took over), and I can require the directory only be accessed through SSL. My problem is that one...more >>

I have an IIS 6 Server that I have just inherited (the system admin just left the company). I have a directory that needs to be SSL protected. I have the Certificate installed (it was done before I took over), and I can require the directory only be accessed through SSL. My problem is that ...more >>

I've set up IIS on a Windows 2003 server to use Integrated Windows authentication. This works the way I expect it to on site - users who are logged into our domain can reach the website no problem. What I'm having an issue with (of sorts) is users off site. Using IE6 they are forced to log in...more >>

I am having a rather weird error occur when trying to connect to my web applications. Here is the scenario: - There is a application pool that I have created to host my web apps - The App pool is running under a domain account - Anonymous access is off and WindowsAuth is on - t...more >>

Hello All, IIS used to work fine but then I rebuilt my machine with XP Pro (2002). I thought some setting were altered by installing Baseline Security Analyser or perhaps the IIS lockdown tool. Today I've given up, and reinstalled XP Pro (2002). I then installed IIS and all the sub-components...more >>

Hi I have installed windows 2003 std & IIS+asp.net & MSMQ on one machine. I havenot installed RMS on this machine. ( domain member). I am afraid of doing that.... I have win2k server with AD and It works as DNS server as well.(domain controller) I havenot installed sql 2000.... Which v...more >>

Hello, we use IISLockdown with urlscan to protect our IIS 5.0. But now every time we start perfmon (Total Processor use) we get an error The configuration information of the performance library "C:\WINNT\system32\w3ctrs.dll" for the "W3SVC" service does not match the trusted performance ...more >>

IIS 6 Windows 2003 All was working fine (serving up aspx pages, etc.) I ran the Site Adminsitartor and did Check Server Health and did Tighten Security. Now everytime an anonymous user loads an aspx page in browser it asks for credentials. I have Anonymous and Windows Integrated checked ...more >>

Hi All, I am getting this error when I try to browse a web site installed on = II6, although it asks for password and user ID, and I am providing = domain admin ID and password, but it keep prompt for ID and password = then gives this error message. the web site has been set to use Anonymous ...more >>

I am getting this error at random in my ASP.NET app (i.e. at different times on different pages): You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. HTTP 401.2 - Unauthorized: Logon failed due to server conf...more >>

My problem is this. I have a folder with all of my webpages in them and you can view it through the web. BUT, if you type in the name of other folder... like our demo folder you can view all of it's contents. How can i make one folder visible to the Internet, while still maintain the other de...more >>

Hi Folks, I am trying to install a certificate authority (CA) to a fairly locked down Windows 2003 server that also runs IIS6. I have used various guides to securing the server, and I think that one of the processes involved in securing the server is preventing me from installing and running...more >>

Hello, I've recently loaded my machine with wWindows Server 2003. I have com opbjects that were created with VB6 compile on Win 2K. I've added the components to Component Services but when my .asp page does a Server.Create I'm getting the following error. "The call to Server.CreateObject fail...more >>

my https |web services for exchange seem to stop responding , which i doono wat cause it .. when i check event viewer log file it give the this error: IIS Logging for W3SVC1 has been shutdown because a disk full error has been encountered i already check all drive and there are enuf spac...more >>

Windows 2000 SP3 with latest patches installed Exchange 2000 SP3 using SSL for OWA users We created another web site in IIS and installed a Verisign certificate to enable us to use SSL for our users. Problem is every after server restart, we have to type 443 in the SSL Port textbox of that p...more >>

Hello all, I have been trawling round the net most of today and I am struggling to come up with an agreed best practice for securing an IIS6 server that is based in a DMZ, with a Win2K Active Directory. I have several concerns: What are peoples views on best practice for Firewalls (non...more >>

I am having a problem with role-based security in an ASP.NET = application. Backgound info:=20 Web Server - IIS 6.0, Win2K3 Basic Auth Domain - W2K When I browse to the web site I get the login dialog. I type in my = useid/password and I get authenticated fine. The next ...more >>

Hello, for a setup script that grants NTFS-Permissions to a folder I need the name of the iusr and iwam accounts. Many machines get renamed after IIS is installed so a simple string addition of iusr + machine name often fails. Is there a way to identifiy the iusr and iwam accounts? Thank...more >>

I experienced something strange this morning: I have two Windows 2003 servers A and B. Server A is an FTP server running IIS 6.0, and server be is an ordinary file server. Both servers have a local account called user1. Both local users also have same passwords. I have a virtual directory o...more >>

Hello, we provide a .net application on IIS 5.0. At the moment theres a diskussion with one of our customers about a securityleak in IIS in case uploading big files. Does anybody know something about such a leak. Ralf...more >>

We are reviewing network security and file transfers on our internal network. We need to transfer files to & from Unix servers to Windows servers, and have decided that FTP is our best approach. Can anyone advise what is the best method of authentication from a security point of view? Anonymo...more >>

Hi! I have a W2K3 with IIS 6. I've configure the FTP server with the next structure: e:\globalFTP\localuser\user1 e:\globalFTP\localuser\user2 e:\globalFTP\localuser\user3 Anonymous access disable; Isolation mode; I have three folders for the web pages; one for each user: e:\WEBs...more >>

1. Users can view a Word .doc file by clicking a link. Occasionally the following is displayed in the IIS Log when users try to access the file: GET /_vti_inf.html - - xxx.xxx.xx.xx HTTP/1.1 Mozilla/2.0+(compatible;+MS+FrontPage+4.0) POST /_vti_bin/shtml.exe/_vti_rpc - - xxx.xxx.xx.xx HTTP...more >>

Hi, I have IIS 6 installed and runnning. I try to denny write access to the user IUSR_%COMPUTERNAME% in the root directory using the xcacls.vbs tool: cscript xcacls.vbs d:\inetpub\wwwroot /E /D IUSR_%COMPUTERNAME%:W The following rigths are dennied: SYNCHRONIZE FILE_WRITE_DATA FILE_APPE...more >>

So I have an application that uses client certificates on smart cards. The problem is that if you "login" to a web site using the cert, and then pull the smart card, the session stays valid, for a long time. I think I understand what's happening, namely that the SSL session has been negoti...more >>

I have been receiving complaints from users that they can not get activex control updates. This seems to be the case for normal users, users with admin or power users can download updates without a problem. Did I miss something or can't domain/local users download activex updates? How does...more >>

Hi there, I am building an intranect/extranet for which I am using my SBS2000 server as a test bed. I took the asp files and database along to the customers on friday to do some pre-emptive testing on their SBS2000 server and found that I get a login prompt appear which I don't get when I b...more >>