IIS Security

I have an asp.net web application that posts either GET or POST http requests to another asp.net web application. I am using impersonation (domain account) in the 'Client' Web app. The Client and Server Applications currently reside on the same server And within the same application pool (using the Identity of a domain account).  When deployed, they will reside on different servers. Using Windows Server 2003 Standard & IIS 6.0. ...

If a web application runs under an Application pool, does that mean that the application is impersonated as the Iaccount specified in the Identity tab of the application pool? If impersonation does in fact - exist at the application pool level, I presume that setting the Impersonation values in the web.config file will take presedence and the application would operate under the account specified in the Web.config file rather than the App Pool Identity account. From [link] Posted via DevelopmentNow.com Groups [link] ...

I have an ISAPI dll that uses basic authentication, validating users in a local database. I want to fist try and authenticate users using windows authentication; if this fails, (ie they do not have a windows account), I want to use the previous method of authenticating. ...

Hi, I'm doing an HTTPS post to an ASP page on IIS 6.0 on Windows 2003, and in the Web logfiles, I'm seeing the following error: /GET my.asp|21|c00c023f Also seeing following message: "This method cannot be called until the Send ...

I am using IIS 6 and would like to know the best practices for securing an area of a public website.  It is only one directory structure that should require a username and password.  This server is not connected to any Active ...

Hi, Can anybody let me know what the current 'best practise' is in regards to the Default Web Site? Depending on who I speak to I get a different answer, therefore, I am trying to find where it is defined (whitepaper, KB article etc.) ...

I have a need to disable low-grade encryption on a web site, which requires SSL on certain pages only.  For those pages, I want to force 128-bit SSL. IIS 6 only allows me to force 128 on the entire site, ...

Hello, and thanks in advance to anyone who's got any ideas on this. I have a web server with a web site that is supposed to provide access to documents.   The documents are stored on a different server than ...

I posted this in the IIS general discussion group but got no responses. I've now seen this issue on three IIS systems and figure it might be worth posting to the security group. In W2K3 SP1 running IIS6 the list of trusted root certificate authorities ...