I have web server hosting a site with bindings to HTTP 80 and HTTPS 443.
Some user can't access the HTTPS site and get stuck in the credentials screen, This sames users can access the HTTP site without credentials issues.
I can access the HTTPS site using vpn(Home office), but can't connect to the HTTPS site from the pc in the office.
The authentication method for the site are:
Windows Authentication : Enabled
ASP Impersonation: Enabled
Other methods/options: Disabled
In the logs show this entries:
2021-07-16 21:03:37 111.111.111.111 GET / - 443 - 222.222.222 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/91.0.4472.124+Safari/537.36 - 401 2 5 102
Any advice
Thanks in advance
Related
I have recently switched my website from HTTP to HTTPS. For some external users, they do not have enough permissions to access via HTTPS and they still need to access via HTTP.
I want to keep both HTTP and HTTPS, but HTTP only for a specific group of users.
How to make this change in IIS 8?
Any ideas, please suggest.
You can try the following steps:
Step1: configure https.
Set IIS to work with HTTPS (http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/ )
Test HTTPS locally to make sure that it works.
In your firewall (to Internet), configure it so that it allows port 443 (https) to your IIS server.
This will allow ALL people to access your website using https, since we have not configured any restrictions.
Steps2: configure http.
Install WindowsAuthenticationModule if it is not already installed
In IIS Manager, click the website.
Double click Authentication in the middle pane
Select Windows Authentication and enable it
Select Anonymous Authentication and disable it.
Since the users on your local network is authenticated to AD, and the website is in their local zone, they should automatically authenticate and should not see the login box. People outside your network are not authenticated, hence should need to logon to access the website.
I choose to host my website in Azure.So I've created a App Service.Then Created a new domain for my App then created/bind the SSL certificate to my corresponding website.
After done with the SSL certificate .I'm still seeing my website url as http//: and not https://
Also i'm not seeing the Green URL for my Website ..!
It look like this
(P.s : My App Service Tier is AzureFreeTier (Basic: 1 Small)
My SSL Type is SNL SSL)
Please help to resolve my problem here
Thanks in Advance,
Jayendran
You need to do a redirect from HTTP to HTTPS. Installing a certificate just makes using HTTPS with your custom domain name possible.
You can either:
Configure your app to redirect to HTTPS when it receives a request over HTTP + enable HTTP Strict Transport Security
Or use an extension in Web Apps to do the first thing:
To install the extension, open your web app blade in Azure Portal. Go to Extensions, then click Add. Then you should find Redirect HTTP to HTTPS from the list and install it.
That will redirect any HTTP calls to HTTPS for you. I would still recommend adding Strict-Transport-Security headers to your responses to make sure your clients do not access your site insecurely the next time.
The reason you arrive to your site on HTTPS after AAD login is because the HTTPS version of your app's URL has been configured in AAD as the reply URL.
And this:
Your Connection to this site is not fully secure Attackers might be able to see the images
is a mixed content warning. It means you are loading content (e.g. images) using an HTTP URL in your pages. Change them to HTTPS and you will solve that problem.
I have a problem with an Web App implemented in Windows 2003 Server IIS.
My machine is not in the domain.
If I put the IP address, for example
**http://192.168.1.210:5555/App**
I'm asked for my domain credentials DOMAIN\USER1 and I login correctyly.
However, if I put the server name,
http://WEBSERVER:5555/App, I get:
HTTP Error 401.1 - Unauthorized: Access is denied -> with Internet Explorer 7, altough I'm asked for the credentials.
Error 338 (net::ERR_INVALID_AUTH_CREDENTIALS) -> With Chrome directly, no credentials asked.
Any settings in IIS I should check?
Thanks!
on my IIS server, I create a web application and add two bindings:
1. http 80 binding for www.mydomain.com
2. https 443 binding for www.mydomain.com
I can only access , when I access http://www.mydomain.com, I got this problem:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
How can I solve this problem?
The first thing that came up in my mind is your ISP. Some ISPs block port 80 for incoming traffic couse they don't want their customers to have their own webite hosts at home.
Currently I have two sites setup in IIS.
Primary Site (Uses HTTPs and requires windows integrated authentication)
Secondary Site (Uses HTTP and redirects to the HTTPs)
My problem is that if I set anonymous authentication on the HTTP redirect site, it just passes through to the HTTPS without requiring authentication.
If I have windows integrated authentication setup on the redirect site, users are forced to authenticate on the HTTP site which voids the whole reason I want to use https (to encrypt authentication).
Any help is greatly appreciated!
You may have your HTTPS site mis-configured. Check to make sure that anonymous authentication is disabled on the HTTPS site (only Windows Integrated authentication checked). If both are checked, it will allow the anonymous request through without challenging the user for credentials.