I inherited a mess of servers which host multiple applications on IIS6, protected by R6 SiteMinder. The environment is soon going to R12, and we have also received some new servers with IIS7.5. (Lots of change, all within the next 60days.)
I am not an expert, and so am having trouble with some of the more detailed steps of configuration. Thus far, on the new server I am able to create and apply SiteMinder to the DefaultWebSite (and everything contained within), and any custom Sites that I create. Unfortunately in our environment, it is already set up with a handful of applications that live underneath DefaultWebSite, only some of which we desire SiteMinder protection.
In IIS6 I was able to simply add a site to SiteMinder authentication by applying the ISAPI6WebAgent.dll in the wildcard mappings. In IIS7.5, this does not seem to work. I follow the specific details in the installation manual and it seems like it is either an all-or-nothing situation: everything under DefaultWebSite is protected, or nothing is.
This will cause a SIGNIFICANT amount of additional work in my environment (and it also means upgrading in place is not possible, so all applications that require SiteMinder authentication will need to be migrated in the next 60 days.) Is there ANY workaround for this? Google has not provided me with any solutions, and my SiteMinder team is claiming "it is no longer possible with IIS7.5" to keep the environment the way it is currently set up.
Any and all help appreciated.
For those that care, if you are running under an Integrated App Pool, you can simply add and remove the SiteMinder modules to control which sites are protected by SiteMinder. This DOES work on apps below a virtual directory - and using the config files you can both inherit protection by default, or have it unprotected and add it later by simply "Configure Native Module" and adding it back.
Related
I have installed webdav for Domino and made the required changes in the webdavconfig.nsf.
If I give designer rights to anonymous users, I can access and update the word documuments in the database through Internet Explorer and MS Word, but if I change them back to no rights, i cant. Of course I want to edit them with my own credentials.
What am I doing wrong?
OS windows 10
URL which works anonymous (????? are hidden)
webdavs://dev.?????.nl/webdav/domino/eod.docx
https://dev.?????.nl/development/webdab.nsf
https://dev.?????.nl/webdav/domino/
Any help would be appreciated!
I wrote that application.
You are in the tricky land of authentication. Domino supports: Basic, FormBased, Cookie based (LTPA) SPENEGO and SAML. The later 3 need configuration work.
What happens when you use WebDAV is that no longer your browser, but a local library (belonging to Explorer or Office) talks to Domino.
You can "manually" try that using File - Open and paste the URL to the document (the one with https://, not webdavs://).
The only thing that happens with a webdavs:// url: a little helper checks, based on extension in the registry, what app is needed (Word, Excel, OpenOffice) and then calls that app with the https:// url as parameter. Like starting e.g. Excel from the command line:
excel.exe https://someserver/path/spreadshit.xls
By default Windows now uses NTLM or Kerberos authentication, neither of them supported by Domino (There used to be a proxy translating NTML to LTPA by a 3rd party). So no credential reaches Domino. Hence you need anonymous access rights.
For older versions of Windows I described what you need to do to get Basic Auth going.
Never came around to check what setting you would need on Windows 8 or 10 to allow basic auth there. Also, in theory, SAML or SPENEGO SSO might do the trick.
If you got Mac or Linux, you could check them first.
So the challenge isn't with the webDAV plugin as such, but in finding a common authentication ground between the OS and Domino. Hope that clarifies it a little.
Let us know how it goes!
I am launching a new redesigned website on windows hosting. I am wondering what is the best way to launch this new website without having any downtime on the existing one?
MY only fear is having a user go to visit a page and it's not there or the supporting files are not uploaded yet.
One of the simplest ways to handle this is to put a load balancer or proxy server in front of the application server. Then set up another application server with the new code. Once it is ready, you can change the proxy server to point to the new application server with the new code. Once you are sure nobody is using the old application server, you can shut it down. This, of course, relies on your ability to get that setup in place. If you are on a budget, you might be able to do it all on a single box. For instance, you could use nginx as a reverse proxy to your application on the same box. Getting that in place could potentially cause a tiny window of downtime - not sure if that's acceptable. Then you might be able to set up the new application on the same box with a different port - again, I'm not sure if that would work for your setup. Anyway, the reverse proxy approach is a pretty common one, and one of the great reasons for deploying to the cloud. You only pay for the short period of time when you need both boxes.
You should make sure that your new website launches all at once and that you set up the proper redirection rules for all previous pages. Once you are launching the new website, pick a time at night where you have low traffic volume, and simply upload all the new code at once to the webserver. This eliminates the fear you have of the "supporting files not uploaded yet". One of the key things to do is make sure all your old pages redirect and map over to new pages on the site just in case anyone clicks into your site using external links.
Two good resources to read:
http://www.rise.net/blog/ideal-way-launch-website-rebrand
http://googlewebmastercentral.blogspot.com/2008/04/best-practices-when-moving-your-site.html
The best methos is to upload the site via FTP, and if you have RD access to login into the Windows server and to copy the new site for a few seconds. In this way you will not have any downtime as when you directly upload the site via FTP.
I need to write a very simple authentication proxy service - the user must login via a web browser, then the page redirects the user to another URL if the login was correct.
The server is IIS7; auth is via Active Directory. While I have heaps of experience in Linux, Apache, Python, etc, I have virtually no programming experience in the Windows environment. I understand that IIS can handle the authentication part, but I'm a bit unsure where to start for the generating the URL. What language, environment and resources would be a good starting point?
While one part of me wants to break out the python, another wants to do it 'The Windows Way (TM)'.
Even better would be to use the Windows Domain SSO so the user wouldn't even need to log in, but that can come later.
In the WISA world (Windows, IIS, SQL, ASP.Net), you can accomplish the above in ASP.Net Forms Authentication (an option is to use Active Directory)
If this is a private site (corporate Active Directory intranet) an easy way to get no login prompt at all (SSO from user AD login on PC) is if you have IE in your network (NTLM/integrated authentication). You can do the security restrictions in IIS for files, folders, etc. without any development - nor would you need ASP.net involved..the files could simply be html, etc. Access is granted in AD in your users/groups to some resource. Although I have never done it, if IIS can run Python, then you can bust out the python :). IE may not be the only choice, it seems you can config Firefox - I have not tired this...if its internal/corporate, IE is pretty much the no brainer for it (no sweating/nothing to figure out or tweak).
I have recently installed a website project on Azure and that was relatively easy to do thanks to great docs online. We are having a problem with the back office (admin) login though, it's a bit strange, as it didn't happen straight away, I shall elaborate....
When I go to http://www.keelycattschoolofdance.co.uk/umbraco/ it takes me to the login page, which seems fine.
(The url at this point becomes www.keelycattschoolofdance.co.uk/.../login.aspx)
I then login, which works and it starts to display the admin panels but then bounces back to the login and the URL becomes www.keelycattschoolofdance.co.uk/.../login.aspx
I am running this on Azure using the Accelerator, latest version of Umbraco and using SQL CE 4.0 rather than SQL Server.
has anyone seen this before?
Please let me know if you need more information, I shall respond :-)
Thanks in advance
Nick
It sounds like it may be a Session error. This is a problem for Azure and Umbraco because Azure uses round robin load balancing.
The normal way of setting up an Umbraco site using the accelerator would be to have a separate session DB where the shared session state is stored.
Make sure you are using this accelerator for Umbraco on Azure as it's the latest and best.
http://waacceleratorumbraco.codeplex.com/
We have several large production sites using this and I can confirm they all work fine (including the backend editing environment).
Things to watch out for are that you need to follow the instructions closely as they are easy to get wrong :-)
Make sure you don't have dashes in your db names as this makes things go wrong as well.
Finally if you are using more than one web role the Umbraco preview can sometimes yellow screen, as the preview XML may not be on the server that gets to the preview request. This is again because of the round robin load balancing.
hi
i have a problem at my production site, client reported that he is not seeing data in lists of sharepoint, as well drop downs which have years in pages of site appear empty with one user A on machin X having with windows 7. but data and comes up and drop downs are now populated when accessed from machine Y with same user A.
i dont knw wht really the problem is. As to development site this issue is not produced,
plz help,
thnks in advance
From your question, I gather the data does exist and the same user can see the information from one computer but not another.
A couple things spring to mind. (I am presuming usage of Internet Explorer since SharePoint 2007 has some rather weird rendering issues with other browsers. Correct me if this is an incorrect assumption.)
First, Windows 7 has later versions of IE which can refuse to send network credentials to a server it doesn't think is part of the intranet (corporate network). What makes this especially frustrating is that IE will prompt for network credentials (a result of the challenge from the website) but will not transmit those credentials. Examine the IIS logs to see if this is the case. The requests will be void of credentials using IE but will be present using Firefox (and presumably any other web browser). The fix for this is usually as simple as adding the domain into the Local Intranet zone in Internet Options.
If this is not the case, can you confirm the user is using the same credentials? Is this integrated authentication using Active Directory or forms authentication?
Are there any differences between the two computers with regards to how they reach the SharePoint site? (Such as one is VPN, the other is directly connected)? Or are they essentially equal but with different browser/OS configurations?
Are the lists standard out-of-the-box lists or have they been customized with SharePoint Designer or any other means? Are you injecting JavaScript via a Content Editor Web Part which might not be executing correctly?
It would be very helpful to know browser versions used, OS versions used, differences in connectivity to the resource from each machine, type of authentication used, and any other thing you can think to list.
I wish you luck in tracking this down!
Windows 7 or xp has nothing to do over here probably it has to do with the browser which he is using to browse the site ask him to chk the internet explorer settings and verify that he has enabled execution of javascript and other related things