Is there someone to know that it is possible two authentication in one IIS? because I have two sites, one is http://asite and the other is http://bsite. for http://asite is used by Windows authentication and http://asite is used by anonymous. moreover, My IIS is running by unsafe mode for some...more >>

We've got an ASP.NET 1.1 app that runs fine on LOCALHOST of an XP Pro SP2 box but won't run on a Windows 2003 server when deployed via XCOPY. It wants to authenticate against the domain via the challenge popup(which it shouldn't) and then gives an error about the customErrors being turned off ...more >>

Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under windows integrated security. In order to get around this issue it seems that we would need to create a...more >>

I switched webhosting companys not too long ago and I'm still sort of moving in. checking over my logs I noticed alot of people hotlinking to some of my files. I hadn't seen that in a long while because I setup an .htaccess file originally to prevent that sort of thing but hadn't uploaded ...more >>

All, We have a .NET application running on Windows 2003/IIS 6.0. I set up the application pool account with the network service account and have allow anonymous set for the web site. It is using the iusr machine account. In order for us to access data from our SQL Server we impersonate the ...more >>

Hi All, if you have a file name with a % in iis blocks the request and i cant find where to change it, it's not urlscan but a core option. Any idea where i can change this?...more >>

I have made myself a Secure Server Certificate through the Certification Authority in Win Server 2003. I installed it on my computer but when ever I go to my secure site through the internet, a message pops up saying that the server that the certificate came from is not trusted. How can I make t...more >>

Background: I have an https secure site on IIS. It uses digest authentication and a unique username/PW is assigned for each user. New Project: I'm going to create a new page with less secure content such as procedures, instruction, etc. I'll create a new folder and security group for seperat...more >>

In a previous post, Karl kindly suggested that I could change the internal name servers to serve up a different IP address to accomodate requests from users that need to hit http://mysite.compay.com (from the Internet) and http://mysite from the intranet. I want users to type only one common ...more >>

I have an IIS site configured to use Windows Integrated Authentication. It works fine for some users but not for other users. Not sure how to troubleshoot. Has anyone seen this before....more >>

has anybody compiled a complete list of all the registry/file permissions and user rights necessary when using an account other than network service or system for the application pool identity in IIS 6? It would be great if IIS set these for you (wizard or script) when you use a non-system acc...more >>

Hello, First of all, I am aware that there is already alot of information about this subject on this an other resources. Probably the question I am going to ask is already asked. But in the information I can find, I am losing track of what is usefull for me. So, Sorry for maybe asking a quest...more >>

I have a Sharepoint site published on ISA 2004. Requirement is let users that access this from the Internet and intranet use just one URL. Currently, on the Internet users are able to connect to my company site using: http://site.company.com (I terminate the SSL on ISA, and I can make a red...more >>

For some reason the feature "IP address and domain name restrictions" is ghosted in my IIS settings. Any idea why it can be? Anything else has to be activated first? I wanted to allow access only localhost and one external IP address, because that's all I need and lately my server has been und...more >>

Is it possible to have Secure FTP? The same way that you can have secure HTTP(https://)? Thanks ...more >>

Regarding website setup on a Active Directory Domain with a single DC and all Windows 2003 Enterprise Edition machines: I have an IIS web server on one of machines. I need to add an specific IP to the ACL so that requests from this IP can request pages from this website. How do I do this? ...more >>

Hello, The IUSR_xxx account is locked (as user enters wrong password too often which can't be for this acount) from time to time so our website is no more accessible. After unlocking the account everything works again correctly. But how can I avoid the the account locks and why does this happ...more >>

I'm trying to log to the eventlog when a session dies on the IIS. First I had problems writing to the event log from the application but after adding (A;;0x2;;;S-1-5-21-1235689106-1732415182-1711286387-513) (where the SID is the SID of the "Domain Users"-group) to HKEY_LOCAL_MACHINE/System/...more >>

we have static intranet site which seems to be working fine without any displayed errors on IE, however, I just realized that "http-error 401" is filling the log with every users' access to the site. I have cross-checked users permission both on IIS and folders. The site is configured with ...more >>

Hi, After a security audit, i was asked to look into the Response Splitting Security Issue of our webservers. I already know that i can solve it by putting a ISA server in front of the webservers. The question is, do we need to do that, or are there also other options to look in at? Th...more >>

We had an outside security analysis done and they doscoverd the session cookie set by the session state feature. Business/Marketing does not want us to use the cookieless option where the sessionid is moved into the URL. Are we at risk of session hijacking? The people that performed th...more >>

How to enable this feature under Directory Security. I want to deny a specific IP access but the button is grayed out. Any clue?...more >>