Friday I have a folder on a web that I have protected by requiring the entry of a username and password. This works fine. BUT, after entering such and displaying pages in the protected folder, ALL of the other pages not in the folder display the login dialog. And consequently the other ...more >>

I have set up URL Authorization on virtual folders in a site that is being used for webdav access. All works fine without URL Authorization, not only do people get the folder list, they actually see only those folders they have rights to because access-based enumeration is enabled. So far so g...more >>

A particular scenario of IIS security settings causes a problem with IE browsers (v6 & v7) whereby no post data is sent to the server and the http header content-length is set to 0. To reproduce this behaviour, follow the steps below: 1) Create a web application with a default.aspx page ...more >>

Hi, I have installed a certificate (private, just so that our users can have SSL connections to our IIS6 / Exchange 2K3 server) and have enabled the Certificate. I get the error: The page cannot be displayed This happens even if I try to connect to https://localhost rather than through ...more >>

Hi all, I am running a website on a windows 2003 r2 server. The website is configured to use integrated security. If I try to access the website, I get an authentication box where I type in the username and password, but the prompt keeps coming back. If I put the website in the intranet zo...more >>

Hello, I have a website with a third party SSL cert installed. Require SSL in configured on the site. My problem is if someone types www.preferredipa.com in a browser they get the following message: HTTP Error 403 403.4 Forbidden: SSL required This error indicates that the page you are t...more >>

Hello, I have a aspx page which try to access a mapped network drive using "Directory.getFiles". I have test the page under W2K IIS5 and it works fine. However, when I move the page to window 2003 server with IIS6, an "DirectoryNotFoundException" was thrown with a message "Could not find a ...more >>

I cannot access a Windows-authenticated web site locally even though I can access it remotely. I have a simple web implementation that hosts an IIS / ASP.NET based web site. I recently "upgraded" Windows XP 32-bit to Windows Vista 64-bit in a fresh installation on a seperate hard drive. In ...more >>

Hello, I'm having problems with setting up the Kerberos Authentication. No matter what I do, the client always tries to use NTLM package. Well, I have a IIS Server on a member server. The Default Web Site, has only the "Integrated Windows authentication" box checked. The Internet Explorer,...more >>

Hello everybody, I spent some time reading this forum and Technet resources, still I can't find the anwer to my VERY basic question : I have a W2K domain, with an IIS6 intranet server. The asp code of the intranet site has to access files located on a W2K3 server, same domain. The user get a...more >>

Having a little problem with Windows Integrated Authentication on IIS 6 on W2k3 Std SP1 and wondered if anyone has an idea as to what is wrong, as I cannot find anything. I have an IIS site with just one page, default.htm, as a test webserver. This server will require secure access in the f...more >>

I have an asp.net web application which posts a request to another asp.net web application. I am coding in C# using Visual studio 2003, with .Net Framework 1.1 on a Wiondows 2003 server (running IIS 6.0.). In order to have all code running as managed code, I changed existing code which uses MSXML Se...more >>

Hi, A few questions about the urlscan utility. I want to apply it to a website on Windows 2000 SP4 with IIS 5.0. The specific change needed is disabling HTTP TRACE. I couldn't seem to find these answers elsewhere. 1) There are several sites on the server. How can I apply the urlscan ...more >>

Hi My problem is I have a website where I need to use windows authentication and the impersonate a user. My problem is the only way my website can recognize this impersonation is if enable anonymous access is not selected in IIS. But if this is not enabled anytime the website is loaded ...more >>

Hi, I have installed a Thawte SSL and SGC certificate on my IIS server for the following address: www.heritageresp.com We have also installed ISAPI_Rewrite to redirect our old address which is pointing to the same box and has the same IP address: www.heritagefunds.ca When people got...more >>

Hi!, I installed Visual Studio 6.0 with SP6 in my Windows XP with SP2 and IIS 5.1, When I try to create a new project in my VI 6.0, I can't do it because a message appears "unable to contact server" after write my localhost name an click next. I'm sure that there is a problem with my F...more >>

Hi Win2k3 Server Std with sp1\IIS6. We have just done an IIS install and are getting 401.3 Unauthorized errors on the default website. On inspection the iusr account has no effective permissions on the wwwroot folder. Looking at other IIS installations that work ok iusr has: Traverse Fol...more >>

Hello, Recently, I am working on a web server migration from W2K with IIS5 to Window 2003 SP1 with IIS6. There is an ASP page in my web site that use VBScript to create object from DLL. I have enable ASP in IIS6 and when I run the ASP page, an error "Microsoft VBScript runtime error '800a0...more >>

I want to use Anonymous authentication to a website served by IIS 6.0 and Windows 2003 that is the front end for a database on a separate computer that requires user logon to access the data. I also want to use SSL to encrypt the return of the data from the browser to the anonymous user. It ...more >>

We have an IIS 6.0 website hosted on Win Server 2003 SP1 that uses Windows Integrated Authenication. Clients are XP SP2 with IE6 or IE7. All have latest patches. Website listed in the Trusted Sites list in IE. Windows Integrated Authentication enabled in IE. The problem is that approximatel...more >>

I'm setting up SharePoint Services and one of the requirements in the install guide is: Change the IIS authentication method to be Negotiate/NTLM Authentication. By default, Windows SharePoint Services configures virtual servers with Integrated Windows authentication. Note that you must b...more >>

Hi.I have a big problem right now. I am running a ftp server running on windows server 2003 and iis 6.0. To my horror when i checked my ftp site log file, i found thousands of 331 and 530 entries using the administrator account. I knew someone out there was trying to do a dictionary based atta...more >>

As I understand it you can buy a Wildcard SSL certificate for *.domain.com Can you get a certificate for lower domain cover too ? i.e. *.*.domain.com so test.server.domain.com would work or any other combination Jon ...more >>

I am configuring MS Access Internet Synchronization which I've done several times on Windows 2003 without issue over the past few years but this I can't get the anonymous user to be able to create files in my dropbox directory. On the surface, this looks to be a permissions issue but I don't ...more >>

Hi We're struggling with a problem involving ASP code that needs to retreive the site users AD groups. I have read that WIA will not do pass through authentication as so the code cannot query directly - we currently get a 'table does not exist' error. (The AD is running in 2000 native mode by...more >>

Hi all, I'm using the IUSER to access (reading) files over a network. The files reside on a remote server, and the IUSER has the necessary authentication to read the files. But I keep receiving a 401 Access Denied. What am I doing wrong. Could someone please help me. Many Thanx Regards, ...more >>

Hello: I am trying to decommission an only IIS server. How can I tell how much traffic I have on my server? Harrison ...more >>

I have a front end server with Exchange 2003 and Windows SharePoint Services 3.0 installed on it. WSS and Exchange both share the same virtual directory in IIS. I am currently setting up the WSS as an intranet portal for our corporate users and both Exchange and WSS use SSL. My problem lies...more >>

I'm wondering if IIS 6.0 stores the AD information? I'm using IIS 6.0 and Win 2003 Active Directory in Native Mode. We're currently working on a web application that references AD to get the username associated with the login. The system does the lookup correctly and gets the name from Ac...more >>

I ran into some problems between my test and production web servers. TEST SERVER: 2003 Server 32bit Default IIS setup Default SQL setup SELFSSL test cert ..net 2 running 32BIT PRODUCTION SERVER: 2003 Server 64bit NTFS locked down to prohibit WEBUSERS (IUSR/IWAM) IIS: not on sys...more >>

Here's the issue, we have several hundred users who we share files with through our IIS 6 server, using ColdFusion. We use a long numerical string for the folders, but the end files are always the same. For example, reports.pdf. The problem is, someone could try to guess another's file, w...more >>

Hello, We recently got audited and were told that we need to do the following: Disable SSLv2. Only SSL3 and TLSv1 should be enabled. Also, disable the ciphers EXP-RC4-MD5 and DES-CBC-MD5. We're using IIS6. Any help in how to do this would be greatly appreciated. Thanks, Russ...more >>

Hello, I have been looking around the web, went through the step-by-step guides and I wanted to know if I can do these following things and HOW: 1) I have found no where to protect http://localhost/WebApp/Browse.htm with a different role than http://localhost/WebApp/Edit.htm. So my questio...more >>

I have a domain xyz.com and a member server running Windows 2000 Server. I have created an application which I would like to host it on IIS. The first level of security that I would like to implement is that, this website should allow access to users only from xyz.com. Hence in the Directory S...more >>

I have just purchased a falsh program that updates weather data ivery 2 seconds and shows temp, wind direction/speed etc with gauges. I have set it up on my local server on XP Pro, iis v.5, Everything works the way it is supposed to until I select to lock the program which should save the conf...more >>

We have a web-serve with IIS 6.0 on Server 2003. SSL is enabled, and the appropriate folders are check-marked to require SSL communication. Our problem is this: If SSL is enabled for the site (http://mysite/) under folders (/IT/) and (/fred/) then SSL works for the designated folders. The...more >>