This is excatly what I have been doing for a few years, A collegue and I are in the middle of writing it up as a high level design, hopefully if we can remove the corporate references we will publish this as a paper but a few thing to note so far are We use CIFS (windows shares on sep file server for...

At this point I imagine it's an Active Directory thing but I was hoping there was something I could change before I go get the infrastructure team to work on it. - IIS 6.0 is set to use Integrated Authentication with anonymous access disabled. - Permissions for the groups required are set on the...

I'm hosting multiple web sites on a single server. As a security baseline I assigned a dedicated application pool for every site, each running its own user account for application pool identity. I also want to use Kerberos authentication with all my sites. So, to make Kerberos work, I have to register...

I am trying to keep users authenticated across subdomains that are all served by the same webserver. Each subdomain is a separate ASP.NET 2.0 Web Application. I am using the aspnetdb Profile Database to manage users and logins across each application. When I try to transfer an authenticated user from...

How can this simple rule be enforced on Windows 2003 SP1: Only Administrators may create or modify executable files. e.g. IUSR_ and IWPD_ accounts cannot create executables, but can run existing applications, with full write access to data & directories. So only the administrator can: - Create a...