Hi, We are using our third party component for doing authentication and authorization with IIS6 web server on win2k3 X64 EE. Here we are using IMPERSONATION concept for this integration. Can anybody describe the required configuration which are needed at IIS 6 for successfully impersonat...more >>

i can view the page at port 80 http://XXX.com/testpage.html i set the web testpage to SSL at IIS (secure communication, tick require ssl & 128 bit) then i view this URL path https://XXX.com/testpage.html the IE return "cannot display the web page" 443 port has no problem cos it is inte...more >>

Currently I have 1 SSL cert for Exchange (expiring in October 08) I would like to purchase a certificate that would service Exchange (OWA/OUtlook Anwhere), Terminal Server, and a third server. Would someone please make a recommendation on the best and mose effecient approach to serving al...more >>

Hi all, Does it has any way to veiw the active connection from the remote PC to the IIS? For example, could it show the computer name of the remote PC if it opens any HTTP connection on the IIS? many thanks, Sunny...more >>

Even though I have configured the IIS 7.0 (Windows 2008) properly to send errors to the Browser, somehow it just does not work. The only thing I get in the browser is : 500 - Internal Server Error - for ..asp pages. It does write into the logs fine with ....line number of the error, etc. but...more >>

Hello On our webserver I configured the default website to allow "integrated authentication" only. Now if I try to visit the website, no matter from what destination from within the domain, I get an access denied error when trying to log in. The security event log shows failed authentication...more >>

Hello: In IIS 7.0, you can edit a handler mapping in the Handler Mappings applet (like for AspClassic), then click Request Restrictions button, Access tab, and select the "Write" permission. But even when the "Edit Feature Permission" in that site/folder is set to Read+Script+Execute, the ...more >>

Hi all! I have a website configured to authenticate users using certificate mapping. Athentication works fine with certificates issued from our old enterprise root CA. We have recently installed new PKI infrastructure with an offline root CA and enterprise subordinate (issuing) CA. When I t...more >>

David, to what extent have you ever applied PhoneFactor to Terminal Services? Any special considerations?...more >>

If I go to a site that is https with the www on the URL no issues. If I go there without the www I get a certificate warning. What gives? Thanks, Bill ...more >>

Note -- some background, question at end. I am using OWA for both internal and external people. I have two different ways I want to access the site: 1) webmail.mydomain.com/exchange 2) servername/exchange Before I installled the CA signed certificate for webmail.mydomain.com I had...more >>

Hi, I heard many comment about not putting IIS on a domain controller. Can someone tell me what is the implication of it? Thanks...more >>

I'm installing a webapplication on win2003 server. As soon as I enable the 'Integrated windows security' I get a very strange error: - accessing the website from a PC within the network, doesn't work (HTTP500 The page can not be displayed) - accessing the website from outside the network, usin...more >>

Windows 2000 server running IIS has static IP and is in a Windows 2000 domain, "corp.com". IIS default website is configured to use integrated authentication User running Internet Explorer 6/7 browses to http://server and authenticates with no issue. User running Internet Explorer 6/7 brows...more >>

Hi all - My site has been hot by the latest wave of SQL Injection attacks. I (sorta) understand what I need to do to fix things, but it is going to take a *lot* of work that'll be pretty time consuming as the site is a hodge podge of classic ASP and ASP.Net and hand rolled scripts etc. What...more >>

I have an IIS6 site running asp.net 2, and we are using Windows Integrated Security. As you know, we just check a box, there is no more IIS configuration beyond that. Some of our security people want us to use LDAPS, not just LDAP, to talk to AD (the assumption being IIS talks to AD via LDAP)...more >>

Users cannot right mouse click on email address and add to contacts in OWA. Forbidden 403 http internet explore. Receive error Type: Application, Event Type: Error, Event Category: Kernel Rule, Event ID:256 Computer: Mail. The Process C:\windows\system32\inetsrv\w3wp.exe (as user NT AUTHORITY\...more >>

What permissions are granted to Everyone group via the following permissions: _______ Special Cfo/Ad,Cfi/Wd Can find anything on the web or MSDN that explains what this grants or if needed related to annoymous IIS access....more >>

I smacked around the web designer, he changed his code, we cleaned up the DB, and I thought all was right with the world. Enter cached pages on search engines.... It took a simple e-mail to Yahoo and an online form for Google. But I cannot get Microsoft Live Search to remove cached entries t...more >>

hi, i m using the following script for importing my certificate into trusted root authority of IE and it is working fine for ie6 and ie7 in XP but it is not working in vista ie7.what can be the problem.is there any solution <SCRIPT language="VBSCRIPT"> on error resume next Dim Str, CEnr...more >>

Dear All, I'd like to know what we can do against sql injection, in sql2003 and iis6.0 environment. Does exist a sort of tool able to filter inpunt url string in order to stop this kind of sql injection? Regards ...more >>

Hoping to get some help with a permissions? error we are getting. I'm not a very technical person, so please bear with me. Our intranet site defaults to allow anonymous access. There is a virtual directory defined (with anonymous access turned off) that connects to a secure network share....more >>

Not sure if this is a post for the IIS forum or the IE forum, but every time we visit a certain page on our own IIS 6 Website with an SSL certificate installed IE 6 gives us the error "The following page contains both secure and unsecure items.' No other browsers (eg Firefox, Safari, etc...) ...more >>

Hi All, I have IIS6.0 website for which I wish to use SSL encryption. I did the following to secure it. 1. II've set SSL port to 4043. I have another app (App A) using port 443. 2. I secured the Application Directory using a Enterprise Root CA which I created for App A (using built-in MS ...more >>

Hi all, I have downloaded ISS 5.1 and created a local server, however when trying to access it I get the error HTTP 401.1 - Unauthorized: Logon Failed Internet Information Services I have WinXP Pro SP2 I have tried various solutions via google, including article 896861, which spoke of...more >>

Is there a way to transfer an authenticated user token (and session with redirect) from an ASP.NET 2.0 application (using Forms based or Basic Authentication against AD) to a different ASP.NET2.0 application. The different ASP.NET applications will be on different physical machines. I would ...more >>

Hello: Novice to asp development. Hence, need help. When requesting a certificate from the CA server, one has to type in http://servername/certsrv in the url of the browser. I am wondering whether this page can be customized? If so, could please let me know how? Do I need to use ASP.NET...more >>

I have an internal-only web app which I want to use a Windows Integrated Security to control access. Using IIS 6 I setup the Properties - Directory Security - Authentication and Access Control ensuring Anonymous Access is NOT checked and Integrated Windows Authentication is checked. I gave...more >>