We deploy a ASP.NET 1.1 web app by creating a new website. The entire website is set to SSL. We are hearing back from our operations people, it then is not possible to turn off SSL for a few directories under the website. Shouldn't it be possible to go into the directories and turn off Re...more >>

Hi, I have this issue with our company Intranet. All servers are on the same domain. Basically we picked up the old intranet which was running on IIS4 and moved to IIS6. In the process the server and some code was changed to use integrated auth and specific IE settings on the clients was i...more >>

Our company Intranet site is comprised of multiple "subwebs" (for lack of a better term). Each subweb has its own unique IIS Authentication method. The root of the Intranet has Integrated Authentication set (so users who are logged onto our network do not have to supply a username and password...more >>

Hi, I have a site that I want to use basic auth over SSL. I want a single login (I'm going to be the only user). The machine currently has a few user account already that I don't want to remove. How do I limit IIS to ONLY allow a single login to access the web (i.o.w. only this user ID wi...more >>

Good Afternoon, Recently one of the following windows updates / hotfixes for my Windows 2000 Server, altered the security settings of my "IIS Out of Process Pooled Applications" COM object. This caused my web server to stop working... The account that was displayed was the IWAM_machine a...more >>

Here is my setup: IIS 6 on Windows 2003 member server -IIS Server called serverA.foo.com - I have a virtual directory to a webpage I have setup authentication on the web page to 'Integrated Windows Authentication' and 'Basic authentication'. - default domain: foo.com - Realm: foo.com I wa...more >>

Is there a way to keep IIS running solely in RAM? panic...more >>

Is basic authentication useful against automated attacks (e.g. those attacks using buffer overflows). Regards, Bulent ...more >>

Hi. I've been running into a problem with one of my customers. For some reason whenever we do a reboot on our customers machine I am required to open IE and try to go to his web pages before they start working again. I don't even have permissions to access his web pages and I get an access denie...more >>

Hello, When only port 443 is open for OWA is does not work. When i open port 80 and port 443 is work. Can anyone tell me why? Windows 2003 server Exchange server 2003 Thx, Mo...more >>

Hi everyone, I have developed an ASP.NET web application and have deployed it to a production server. The web application has only a single page with the page_load event having no code in it. The virtual directory in IIS is setup with anonymous access only. The user that virtual directory i...more >>

We're having quite a strange problem with our web server. On our production server (Win2003 Web Edition) we're running web services that are collecting data from web requests and reports them back with informations. From time to time we get no response back, or just response with error, defin...more >>

The "Send errors to browsers" property under ASP debugging settings should be turned off by default. Like in asp.net no debug info should be send to the browser unless it is explicitly turned on. This will prevent many attacks, such as sql injection. Howard ...more >>

Hello! I'm trying to figure out if there's a way to determine what pages have been set for SSL on my site. The site consists of a couple of thousand pages (a university site) and we're developing a new site for launch in the summer. Naturally, I want to be sure we set SSL on the new pages as w...more >>

Hi, I have a user control embedded into web browser(IE 6.0) for scanning image from a scanner. When the image is scanned, I want to upload this image to server side by using HttpPost class(a third party class, not from .NET Framework directly), within the user control. It seems that I am ge...more >>

Sorry, I posted this to the wrong group a few minutes ago. It belongs here... Hi, I have an IIS ASP website that requires a user to be authenticated on our domain to be let in. However, if a user is already authenticated on the domain they are allowed straight into the ASP web without...more >>

What are the security risks with a webserver having one nic into the dmz on the firewall and the other nic into the production network, with the webserver belonging to the domain, but logged on locally at all times. I am assuming that in order to get it to retrieve the info from a msde data...more >>

I get this message in some browsers when I go to http://www.mysite.ac.uk/mysite which is meant to redirect to https://www.mysite.ac.uk/mysite: "specified request cannot be executed from current Application Pool". I think there is an answer to this somewhere but I cannot locate it. Something ...more >>

Hi, I have an Intranet Web site which generates an HTML document on the server-side, and then, on the client-side, runs MS Word, which opens this HTML document, adds some Word formatting, prints it, and then saves it (via the http://host/site/folder/file.doc from which it was received). ...more >>

Hello: I am new to this employer. They have an IIS 5.0 Server in a DMZ that is a member of workgroup not domain. The name of workgroup is same as domain. Script writes route to internal domain ip range through firewall. I have researched this type of practice in MS technet and found no re...more >>

Hello I want to create a WebService which belongs to a custom application pool & doesnt allow anonymous access. I created a user Named "TestUser", and added it to the IIS_WPG group. Then i created a new application pool "TestAppPool" which is run by TestUser & Created a WebService that runs...more >>

I had sent some file permission on my IIS server and boom they all reverted back. Could this have been a hack?...more >>

hello. i disabled the file system object for my iis 6. but i have a search code for my site written by asp that uses the fso. if i enable fso, other users who upload their files by ftp to server read others files, server's system info, drives etc. how can stop this. can i enable fso for som...more >>

HI, I changed by mistake the password for the IUSR_ account on the Exchange 2003 machine which is also a domain controller. Now OWA is not working. Is there any simple way to return things to the way they were? Amit ...more >>

Hello all, I am trying to find information about how to generate the csr programmatically from IIS 6.0. Can somebody point me to more info or scripts that already exists? Sincerely, Linda ...more >>

Hi , I am using windows server 2003 with service pack 1 and integrated Authentication. In the local intranet all are working correctly, but from another geographical location through vpn we are trying to open the file it was displaying 401.1 error. please find the IIS web log below: ...more >>

Hi ! I've experienced a bad problem with user authentication on a custom asp.net application running on a windows 2003 server. This is the scenario. There is a windows 2003 server with SP1 and IIS 6.0 on which are running a lot of asp.net/vb.net applications. It's on a local intranet with activ...more >>