My framework 4 asp.net app using forms authentication runs fine in Cassini and in IIS7.5 on the local box but on a public facing box with IIS7.5 in the DMZ (running cookieless session state) the authentication breaks without returning any error - the forms authentication simply does not work. I have...

Hi, My web application runs on Windows Server 2008 and IIS 7. During penetration testing, we found that it was possible to determine the existence of directories within the web root on the system through messages returned by the access control code. This could enable an attacker to target particluar...

My web site has been modeled after the asp.net personel starter kit since it came out. I'm now running asp.net 3.0 and IIIS 7. I am trying to protect the web pages in a folder named Memberpages using roles.The role name Friends. Logging into my web site has allways gave me access to the Admin folder...

Hi everyone, I'm new to this forum and look forward to learning more about IIS and it's members. I have a IIS 7 security problem ( at least I think it is a security issue) that have been trying to solve and create a virtual directory, yet unsuccessful!! I'm hoping to find the solution with...

I have recently found a rootkit on my computer through AVG and am wondering how to get this thing off. I tried to get AVG to delete it but it said it cannot. I heard you can re-install windows vista and also restore default settings but I am not sure if that deletes everything and I'll have to get...

Hello, I have a big trouble 'cause I have an asp net application and this application needs session vars, when I'm using windows xp and IIS 6 the application works preffectly, but in production with windows server 2008 and IIS 7 the session expires each 10 minutes, please help me, thanks and...

I would like to password protect a website, where people have to enter a username/password (a windows account for example) to view the website. The website would then use its own authentication method (forms) to handle user accounts and decide whether or not to show member specific pages, etc. When the...

Is there a way to have IIS7 do different authentication on virtual applications based on rules like: * This request comes from this range of IP, so we do Windows Authentication here * This request comes from another range of IP so we use Anonymous Authentication here Filtering above could be based on...

G'day, I'm just trying to get my head around the syntax difference in my .net 2.0 web.config files when deploying to customers. I've had an issue with Forms authentication on IIS7, so I tried to revert to Windows Authentication and let the customers internal staff test the application. In...