Integrated Security fails using machine name, succeeds using FQN
Thu, 5 Jun 2008 13:02:04 -0700
Active Directory: BAR.COM
Webserver: FOOWEB, IIS 6, single static IP address, running a single ASP.NET
website. Contains a virtual directory (called "/protected") with Integrated
Security as the only authentication option.
When logged in locally to FOOWEB, pointing IE to
http://fooweb/protected/default.as ...
|
cipher suite
Wed, 4 Jun 2008 08:11:10 -0700
Hope this is the correct forum.
I want to disable the cipher suites on my IIS servers that use less than 128
bit encryption. I'm running W2k3 SP2. I found this article:
http://support.microsoft.com/kb/245030, but it doesn't seem to help in
regards to W2k3.
Thanks ...
|
Security Best Practices for an Outward Facing Site
Tue, 3 Jun 2008 15:33:21 -0700
Does anyone have a KB or some security advice for an outward facing webserver
using IIS 6.0? ...
|
URLScan not blocking character is SQL injection
Tue, 3 Jun 2008 09:03:01 -0700
We are running IIS5 with URLScan 2.5. In the URLScan logs the following is
shown:
[06-03-2008 - 07:19:56] Requests containing the following character
sequences will be rejected:
[06-03-2008 - 07:19:56] '..'
[06-03-2008 - 07:19:56] './'
[06-03-2008 - 07:19:56] '\'
[06-03-2008 - 07:19:56] ':'
[06-03-2 ...
|
How do you force clients' SSL sessions to always connect at 128-bi
Tue, 3 Jun 2008 06:31:00 -0700
How do you ensure that ensure that all SSL sessions connect to the an IIS 6.0
server at 128-bit strength? I'm trying to find out if there is a way to
always force clients/end-users to securely communicate with my web servers at
or above 128-bit SSL encryption ...
|
IIS 6.0 Error
Tue, 3 Jun 2008 05:21:00 -0700
In the MMC, when i click on the IIS I get a blank screen along with the error
message
"The path specified cannot be used at this time".
I searched the net and found a fix is available as mentioned in the below
link.
http://support.microsoft.com/kb/946517/en-us
Can you please let me know how can I get the f ...
|
How do you create client certificates?
Tue, 3 Jun 2008 04:08:00 -0700
Hi All,
I am trying to publish a page via IIS/SSL, but do not know how to create
client certificates for the site.
I have a CA server and this has created a server certificate for the server
where the website is. This all works ok apart from when I enable 'require
client certificate' in IIS the client cann ...
|
|
|
Gave PhoneFactor a try
Fri, 30 May 2008 19:28:26 -0700
We gave it a go for strong authentication and it seems to work pretty well. I've got some concerns about depending on the wireless telephone network for mission critical functions. ...
|
Use of anyonymous authenticaion during impersonation
Fri, 30 May 2008 02:15:00 -0700
Hi,
We are using our third party component for doing authentication and
authorization with IIS6 web server on win2k3 X64 EE. Here we are using
IMPERSONATION concept for this integration.
Can anybody describe the required configuration which are needed at IIS 6
for successfully impersonation of users with ...
|
SSL Cert for multiple servers
Thu, 29 May 2008 06:01:01 -0700
Currently I have 1 SSL cert for Exchange (expiring in October 08)
I would like to purchase a certificate that would service Exchange
(OWA/OUtlook Anwhere), Terminal Server, and a third server.
Would someone please make a recommendation on the best and mose effecient
approach to serving all of these purpos ...
|
