Security :: Securing An IIS Virtual Directory With SSL?
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
I've created a virtual directory on a hard drive where I keep some jpg files, the problem is when I access a page that links to a jpg file it asks for a username and password, is there anyway to stop that from happening?
I'm using IIS7.5 and Windows Authentication through an ISA server. I'm trying to migrate a classic ASP application to ASP.net.
We have an internal file server with our department folders on and I'm trying to provide web based access to these. Previously I created a UNC virtual directory to the \serverdepartments share, and because ASP classic ran in the context of the authenticated user they could only browse folders they had permission to.
What security settings should I now be using for the Application Pool and what settings should I use on the Virtual Directory credentials to ensure security? I'd like the ASP.net page to run in the context of the logged in user, and when the code tries to display a sub-folder they don't have access to it should 'bomb out' as before.
We have created a website and for the secured files created a virtual directory and in virtual directory properties we selected Application-user(pass through authentication).If any user directly browse the files link then the browser prompts a screen for virtual directory credentials.Here my requirement is i need to send the virtual directory credentials through the application.
A month ago I got everything working but now my code has changed and my server may have been misconfigured.
Basically, I'm running IIS 6.0 and Win2k 2003. The webserver will map a network path UNC share at: //wave/test
Also, I have webconfig set up to do: impersonate = true (no username/password defined)
the path //wave/test is another computer that runs Windows XP. Wave is the computer name, test is the folder name. So C: est is the folder to access. The current permissions under C: est on the file server is: Administrator, IUSR_WEB (read-only) and "Wave_user" (read-only)
Back in WinServer 2003, i've added a virtual directory and mapped to \wave est and applied a local username/password for Wave_user. I am able to see/browse all the files in IIS 6.0 and see the files/folders. I call the virtual directory alias: "Waves". Inside Authentication method for this virtual directory, i applied Wave_user and the local password of the local file-server PC , and checked enable anonymous access w/ integrated windows authentication.
Also, back in virtual directory, I set "Connect As" to wave est as username and password as the local password.
When I access the webapplication, using my current local PC credential, and try to access the network share, which in C# is the command: server.mappath@("wave"... i get a Server Error 401. in the browser.
I am creating virtual directory from my C# code when i execute this code working every finely.
But problem is when i publish this code and access through iis it is showing an error as access denied .
i tried to give permissions to the folder in c:\inetpub\wwwrootfoldername Network service and users provided permissions of full control But still showing an error of Access Denied(mine is iis 5.0 in xp)
I have a WCF service in a virtual directory that is called in the code behind of a page that is in the parent directory, when i debug the code i can see the wcf service is being called, however when the service calls Membership.GetUser() it alway returns null. The user has already logged in to the asp.net site. When i call the service via jquery it does pick up the correct user, but i need to be able to call it via the code behind as well. I am developing in .Net 3.5 how i can make the Wcf pick up the logged in user?
I made a web form on a development website of mine (we'll call it dev.somewhere.com) and tried to publish it out to the web (we'll call it [URL]) in a subfolder. I named it default.aspx like I was supposed to and it worked flawlessly on the dev site. When I published it out the web, I wound up getting the following error when trying to get to the subfolder: [URL] Directory Listing Denied
This Virtual Directory does not allow contents to be listed. Confused and flustered, I tried to go to [URL], but I wound up with some error that won't tell me the problem. Instead it tells me to change the my web.config to read <customErrors mode="Off"/>.
As virutal directory points to physical path of the application, so if the IIS root directory is C:inetpubwwwroot and the application is stored at D:websites, than we need to create a virtual directory but if the application content is placed at C:inetpubwwwroot, then why still need to create virtual directory.
I am taking dataset value in an xml file in asp.net webpage. But when I convetr and create a file of its it i saved as a plain text. to which user can easily open and change anything. But I want to limit user to change XML fie.
Because of the way the server is set up I'm using, I don't think I can use Integrated Security=SSPI in my SQLConnection string. However, I'm a bit wary of giving the database username and password in the connection string in a aspx.cs file. Is there any way of making it more secure?
I only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
I set up a Virtual Directory called 'Site'. I browse to [URL].In the source file, the relative paths are coded as '/Page1.aspx', for example, and it has worked in the past.I'm using Win XP Pro SP3 and IIS 5.1. Any ideas on what might be causing this behavior?
I have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file.If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpg
Error 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. C:PdfViewerPdfTestSiteWeb.Config 28
*********************************** When I double click the error it goes to Web.Config file to tag:
My basic question is, can a virtual directory in IIS point to a physical path that's not on the local machine? For instance, right now I have a virtual path /NaturalGasReport/NYMEX which points to physical path C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX, but I want it to point to a physical path on a difference PC on the same network. Is this possible? (I know I can just try it out so I apologize for asking but I thought it would be best to get an explanation along with "yes" or "no"). If you want more detail, this is what I need to do. To make a long story short, because of a vendor product we are using that won't run on a 64-bit operating system, I have to run a program called Generate_NGReportData.vbs (it's a vbscript program) on a PC I will call 28. It uses a vendor product which produces jpg files which are graphs of the Natural Gas market. The machine where I wish it could run is called RTEST01 but this machine runs a 64-bit OS and the components won't work there. RTEST01 has the databases. So, I created a datasource on 28 which points to RTEST01's database. The vbs program will read the data, generate the reports, and write one row to a database table on RTEST01. RTEST01 has to run the complimentary program which sends these reports (via email). 28 is not an email server so it can't email the reports. So on RTEST01 I will run Send_NaturalGasReport.vbs. This program creates an email body of html. The html references [URL]NaturalGasReport/NYMEX/" & Day(nymex_update_dt) & ".jpg which is a virtual directory pointing to C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX. I need it to point to the folder and files on 28.So if my initial question has a simple yes answer then I am all set. If not, examine my architecture and propose an alternative solution.
First of all, I am trying to deploy a web application, without virtual directory. Yes...I have no other option but to try this due to some non-tehnical constraints.
Now, I have developed an ASP.NET 3.5 Web application, which works fine on my local ASP.NET Development Web Server. Then, I published the application to the actual webserver using the VS2008 Publish... option. When I got some error messages related to web.config, I removed the corresponding items from the web.config.
When I can access the page but the code inside the page doesn't really work. When I open the Default.aspx, which is directly under the website, I keep on getting this error:
Compiler Error Message: CS0246: The type or namespace name 'DynamicLoadControl' could not be found (are you missing a using directive or an assembly reference?)
This DynamicLoadControl is a class that I have developed and is present in App_CodeDynamicLoadControl.cs file (in the same namespace).
I have searched a lot and tried everything except creating a virtual directory. First of all, is it possible to have asp.net 3.5 website without virtual directory.
m new to .net framework 4 and iis 7.I created a webapplication in VS2010 with C#.I created the virtual directory for that web application in my IIS (IIS 7).when i tried to open the page by using virtual directory, it is displaying the following problem.Server Error in '/' Application.
Configuration Error Description:An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.Source Error:
[Code]....
Source File: E: estweb.config Line: 12 Show Additional Configuration Errors:
Assuming here that I have full control over the server.I'm looking for a sample code that would help me understand how to create a new virtual directory on the IIS pointing to say C:
