-
Posted to
IIS7 - Web Farms
by
Ken Schaefer
on
07-25-2009, 10:20 PM
Hi darianva,
You raise a good question - there's no one "best" way to do this.
I would start by asking how you handle password expiry for service accounts elsewhere in your organisation? Do you have automated tools? Or do you rely on documented written processes? or some combination of scripts and processes etc?
Secondly, you ...
-
Posted to
IIS7 - General
by
Ken Schaefer
on
04-04-2008, 2:50 PM
Hmm,
The only way I can think to do this would be to set the authN settings in your applicationHost.config file (via the <location> tags). That way you can specify each individual website and separate authN mechanisms (Forms and HTTP based).
As you can see at the moment, trying to store that in an web.confg file doesn't work ...
-
Posted to
Security
by
Ken Schaefer
on
04-04-2008, 2:26 PM
Create a Windows account on the member server that has the name username and password as in the domain (or corresponding local account on the SQL Server)
Specify the username and password in the connection string without using the doman or servername prefix.
That works with two servers that are both in a workgroup (IIS and SQL), so I suspect it ...
-
Posted to
Security
by
Ken Schaefer
on
12-09-2007, 9:27 PM
Alternatively, in addition to what Nathan has written, if both hosts are in the same domain (host1.domain.com and host2.domain.com) you can get a wildcard certificate (that matches *.domain.com) and use that same certificate for both websites.
Cheers
Ken
-
Posted to
Security
by
Ken Schaefer
on
12-09-2007, 9:12 PM
Hi,
If no MIME type is defined for that file extenion, then IIS 6.0 will send a 404 HTTP status to the client (and log a 404.3 in the IIS log files)
That said, do you need to store the client certificate in the webroot? Do you even need to store it in a folder? I'm not familiar with what Paypal requires, but if you just need to use it to ...
-
Posted to
IIS7 - General
by
Ken Schaefer
on
12-09-2007, 9:09 PM
[quote user="steve schofield"]But an anonymous FTP server is not going to withstand a brute force attack without some other pieces in place to help protect it.[/quote]
Do you mean an FTP server that allow authentication rather than an anonymous server?
It's very easy to defeat a bruteforce attack. Even with a known username ...
-
Posted to
IIS7 - General
by
Ken Schaefer
on
12-06-2007, 1:07 AM
Some other options might involve:
a) not permitting non-anonymous access to public FTP servers (someone can't brute force an account when there is no offered authentication protocol)
b) configuring account lockout (even if only for 1-2 minutes). This dramatically changes the equation for brute force attempts.
HTH
Cheers
Ken
-
Posted to
Security
by
Ken Schaefer
on
06-17-2007, 12:45 PM
Hi,
You should check the HTTP substatus in your IIS logfiles.
Prior to the wildcard mapping, PDF files (etc) would have been handled by the IIS Static File Handler. To server those files only requires a MIME type to be set.
Now that you have configured a wild card mapping, you may need to ensure that the relevant extensions are configured ...
-
Posted to
Security
by
Ken Schaefer
on
06-17-2007, 12:39 PM
[quote user="vijay_83"]while opening the word document itself it shows the 'choose digital certificate' window. i don't think it's a office word issue. Without using DSO framer control it opens fine. [/quote]
So why do you think this is an IIS issue? It looks like the issue is isolated to the framer control you are ...
-
Posted to
Security
by
Ken Schaefer
on
06-17-2007, 12:35 PM
When you call pinvoke from a WinForms application, this is typically running under your user context.
When you do the same thing from an ASP.NET application runing on Windows XP, this is, by default, callled under the Machine\ASPNET user account (unless you have have enabled impersonation, and are impersonating your own user account).
Your ...