I am new to IIS. I have a microsoft sql server with user id and passwords stored in it. I need to get IIS to use the sql database for authentication. 1. Is this possible? 2. If so, can someone point me to documentation or an example. Thanks...more >>

Dears, after I setup plesk hosting control panel its setup by default the mail enable standard version which free version from mail enable ,,, any how I decided to upgrade to mail professional edition because I want to use its web mail service on my existing server configuration any h...more >>

if i have this on and i go to my server (http://server) it will continuously reload the page. if i turn it off and use basic it prompts for creds and then works ok. It was working ok a few days ago. I dont think anything has been changed, but there are unfortunatelly a lot of people working on...more >>

So I've been reading a lot of posts about running a couple web sites on an IIS6.0 box where each web site has a separate application pool associated with it. One of the web sites is using Integrated Authentication only on it. When a user points their IE browser at the site, they get prompted...more >>

hi, i have created a simple webservice (Helloworld example from VS2005) i have put this webservice on my server and i setup a virtual directory on IIS 6 (i have SBS 2003) i have set a new application pool for this vistual server, with standard identity (Network service) i have disabled ano...more >>

Can anyone tell me why I'm getting the following error in my security log. all of a sudden, my symantec reporting server isn't recieving updates. Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 9/28/2006 Time: 5:07:23 PM User: Server...more >>

I have a web application in IIS 5.0 (W2K). I have annonymous access (IUSR) on for my web application. But my default web site have not enabled annonymouus access. The default web site only have Integrated Windows Security on. Whenever I access my web application I get windows user / name passwo...more >>

We will be launching a new WWW site in the next few weeks, and for internal reasons (reasons I can't go into here), the new web site will need to be entirely https. I'm trying to determine what issues, if any, there will be when doing this. The new site is entirely different, so we expect i...more >>

Hi all, I have a Windows 2003 web server configured with a couple of production websites and a couple of non production test web sites. My prod sites have purchased security certificates. These have installed w/o problems. I would like to export the same security certs and then import...more >>

Hi Experts: I have a certificate (below). I just wonder, why the CN part (which is *.test.com) appear in the format of "\x00 ..."? Certificate Subject Name=/C=US/ST=CA/L=SanJose/O=Adobe/OU=Customer Support/CN=\x00*\x00.\x00t\x00e\x00s\x00t.\x00c\x00o\x00m I'd like to know WHY and WHEN ...more >>

I have a win2003 server with IIS that is on my active directory domain (company.internal.com) and is accessible from the Internet by the domain name (webserver.external.com). If I install an ssl certificate, will there be a problem that the server is in a different domain (AD Domain) than the ...more >>

Hi, I have a website hosted on MS IIS. It has a news section fed by a database to allow the owners of the site the ability to update the news pages themslves. Last week a message was added by an Iranian hacker (see the end of this post.) What I don't understand is how they were able ...more >>

I have a brand spanking fresh install of IIS on Windows Server 2003 R2. It has anonymous access enabled on the default website and NOT integrated windows authentication. I only want anonymous access. I have made sure that the Anonymous account (IUSR_computername) has Read, "Read & Execute" and...more >>

I've done quite a bit of searching on this and I haven't found a satisfactory answer besides a few expensive add-on packages. I'm hoping someone has some ideas. Basically, I'm getting brute forced to death on my IIS FTP sites. They haven't found their way in yet, but, this weekend, I had 11 ...more >>

Corporate intranet running on windows server 2003 web edition, IIS 6.0 When I turn on integrated windows authentication and turn off anonymous access, my allowed users can only access static content. When they try to access asp pages they get the message "You are not authorized to view this p...more >>

I would like to know if anyone has links related to the implications of running a SSL site as a virtual directory site rather than a root website. Thanks. -- spam999free@rrohio.com remove 999 in order to email me...more >>

I would like to know if anyone has links related to the implications of running a SSL site as a virtual directory site rather than a root website. Thanks. -- spam999free@rrohio.com remove 999 in order to email me...more >>

Since we moved to a new Dell server with SBS 2003, I have had no end of problems setting things up the way we want them. I am trying to set up a Sharepoint Site that we can access via the Internet - sounds pretty simple (it is in Server 2003) I can get as far as setting up the DNS, setting...more >>

Hi - can I have a site on one ip and have SSL on a different IP or does the site have to be on the same ip as ssl? If I can, then how? Huge thanks ... Chris...more >>

Hi Is there any setting in Windows 2K3 or IIS 6 that can allow my public website only to be accessed between certain times/days. Rather than scedule the service teh stop is there anyway to serve a custom error and deny access to the pages. Thanks. ...more >>

Hello, I have and OWA site that is configured with a Windows Certificate. I want to configure the site w/ a certificate from Thawte. However, when I to into the website properties/Directory Security tab the Server Certificate button is greyed out and not available. In an attempt to make th...more >>

Hi, I can't quite figure out why I am having such a hard time with this. I got it to work ONCE on about the 4th attempt, left it alone overnight and checked that it was still working in the morning, but then it stopped working when I attempted to add a third site and I haven't been able to...more >>

We have an internal web application that is soon going to be needed to be accessed by our members via the web. Internally it works fine (probably because there are no security restrictions). I am trying to configure a new IIS6 box to provide this web app without compromising security. The...more >>

Dear all, I've created an alias (CName) in DNS for my web server running on IIS 6.0. Web Server FQDN : myweb.domain.com (not using host header) Alias for Web Server : kirk.domain.com A SSL cert has been created from the alias. Clients will be accessing the backend server, SQL2K, Using...more >>

i do have web application on my local machine and when i run the application i get in the default page which is that the main page and after that i getting error message saying that INVALID URL ACCESS but every thing seem fine to me and i am sure that the problem with the IIS configration so an...more >>

Hi I've built a .NET application server running SQL 2005 and the default version of IIS on Server 2003, that's IIS6, correct? Would be able to tell me if Server SP1's Security Configuration Wizard is also compatible with this setup? ...more >>

I'm running Windows 2003 sp1 and have Sharepoint running. I have Integrated Authentication turned on. If i go to the web site and enter in domain\username and password and check off 'remember password', i'll initally log into the site fine for the first time. If i close the browser and go t...more >>

Hello, I am having problems with certain companies that are "scraping" data from websites and I want to block the IP ranges owned by those companies. How do you figure out what the subnet mask to block a range of computers? Lets say that I want to block 10.10.32.0 - 10.10.63.255 and yes I ...more >>

Can anyone tell me what configuration I need to do on IIS 6 Windows 2003 server to be able to access the server as well as to access through a ftp tools as well as dreamweaver MX Thank you ...more >>

We bought and installed "True 128-Bit SSL Certificates" package from Verisign on our IIS server. We currently use it for our webstore. Our contractor is developing another webstore (as addition to the exiting one) for us. They're developing the store at their site. They are asking us to pr...more >>

Hi, I apologize for the extensive cross-posting but I'm getting desparate. We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with ...more >>

Hi, I have a web application hosted on a Win2K3 server. This is the Default Web Site on the server (I have right cliked on Default Web Site and pointed to a directory within the server). So users can access the application by typing http://servername. I have checked "Integrated Windows Authen...more >>

Hi, I have an XML web service which exports a method that allows consumers of the service to update a backend system using an out of process com server. The only way I can get this to work is to set the Anonymous access user to administrator or another high access user which is obviously no...more >>

Recently our web service provider changed its web site platform HTTP to HTTPS and before we got some data from the internet site with our web service( XML ) affter the changes somehow our code doesn't work. When we call the link via internet browser everthing works well but if we connect the s...more >>

any setting can protect the special folder that not allow user to download from browser/url, but the files/directories can access by aspx/asp script(Content Management System), how i can setup this up? use NTFS permission or IIS can do this?? e.g: userA type http://localhost/website1/download...more >>

I want to run two versions of a web application on the same server, on two different websites. The only difference is that I want to run one with Windows Integrated authentication, and one with Basic plus SSL. The first website already exists. The server is W2K3. I can export the configuratio...more >>

A web site w/ ASP script was running normal on Web Server w/ win2k Server at the beginning stage few years ago. Then found it was hacked or homepage was changed by hacker occassionally last years. The outsource webpage designer suspected that internal network computers were infected by such...more >>

Hi, I have two machines that are on the internet that can share files between them. They are otherwise firewalled.They are not on the same domain, but they can see each other and share files in windows. They are p1 and p2. p1 shares the directory pics with p2. p2 logs in as p1\pics to se...more >>

I have Windows 2003 in a domain and running a web application on it (Sharepoint). I have IIS's authentication set to Windows Integrated Authentication. I was looking for users to be able to login automatically to the web application using the credentials that they used to login to their com...more >>

Hi everybody, I'm running a windows 2003 server with IIS6. My server’s certificate has some CRL distribution point defined. By default the CRL is valid for 1week. I would like to know how to get the a new CRL every 1 hour ? I tried with some variable in the metabase but it's a bit confuse...more >>

hello, We have a win2k3/iis6 member server. I've created a new anonymous user which works fine. I've created a group on the member server, not a domain group, for all accounts that need anonymous access including the new anon user, but when I remove explicit perms for the new anon users a...more >>

Hello, I am managing a secure site using IIS running on Windows server 2003. I noticed that my secure site is also accessable via HTTP. How do I disable HTTP and force users to only use HTTPS when logging in? Thanks....more >>

Hello, I am trying to get username information by using User.Identity.Name.ToString, if i logged in with username to given network place, it is ok! It returns SERVERNAME/username. Otherwise if I logged in with "name.surname@SERVERNAME.com" it again returns SERVERNAME/username although i want it...more >>

Have a Windows 2003 SP1 server with Virtual Server 2005 R2 installed. Have the problem, that Windows Authentication doesn't work at all when connecting to the Virtual Server Administration Website: Getting Error 500 - internal Server error. When configuring the site with "Basic Authentication"...more >>

I am planning on posting our public website on IIS running under Windows Server 2003 R2. Can anyone point me at any good sites or white papers for the best practices for securing the site for public access? I am planning on making the server a member of our corporate domain for access to i...more >>

We recently migrated from a Win2k/iis5 web server to another server with Win2k3/iis6. For a virtual directory we have password protected an individual file, disabled Anonymous access in iis for the file, removed the anonymous user from NTFS perms on the file and added a new user in the NTFS ...more >>