Hi, My web application runs on Windows Server 2008 and IIS 7. During penetration testing, we found that it was possible to determine the existence of directories within the web root on the system through messages returned by the access control code. This could enable an attacker to target particluar...

All, I've been looking for months but have yet to find the equivalent of Authentication & Access Control Diagnostics (AuthDiag) released somewhere for IIS 7. Does anyone know if such functionality exists for IIS7? I previously tried using Authdiag with IIS 7 and it didn't seem to work. Thanks...

I migrated an application from IIS 6 to IIS7 and everything works except one thing. We have a Download Manager that uses a WebService to connect to the site but for some reason it gives the following error: " Error message 401.2.: Unauthorized: Logon failed due to server configuration Verify that...

I have a very simple php script to upload a file which fails if I have Windows Authentication enabled; it gives error 6, which means it cant find\use the temporary folder. If i disable the windows authentication it works fine. Would this process run udner a different user credential with the windows...

G'day, I'm just trying to get my head around the syntax difference in my .net 2.0 web.config files when deploying to customers. I've had an issue with Forms authentication on IIS7, so I tried to revert to Windows Authentication and let the customers internal staff test the application. In...

Hi, Does this happen to every page that you try to access .. or is it only for a few pages ... What do you have in the IIS logs... 401.1 or something else.???