I have a folder in which all asp files are protected by including validate.asp (which presents a login if the session is not validated and ends the response, otherwise it allows the page to display.
How can I protect non-asp content?
The Site is running under Windows 2003 Server with IIS 6.0
#My Other Me: check out ISAPI Rewrite
ISAPI_Rewrite is a powerful URL manipulation engine based on regular expressions. It acts mostly like Apache's mod_Rewrite, but is designed specifically for Microsoft's Internet Information Server (IIS). ISAPI_Rewrite is an ISAPI filter written in pure C/C++ so it is extremely fast. ISAPI_Rewrite gives you the freedom to go beyond the standard URL schemes and develop your own scheme.
Alternatively, you can also check out IIS Password
IISPassword password protects web sites that are hosted on Microsoft IIS, without using system user accounts. IISPassword protects complete web sites, subfolders or even certain files or file types. When trying to access a password protected object, the user is asked to log in through a dialog box ..
ISAPI Rewrite has a lite version and IISPassword has a trial version, so you can try out both for free to see if they could suit your needs.
Related
I have installed webdav for Domino and made the required changes in the webdavconfig.nsf.
If I give designer rights to anonymous users, I can access and update the word documuments in the database through Internet Explorer and MS Word, but if I change them back to no rights, i cant. Of course I want to edit them with my own credentials.
What am I doing wrong?
OS windows 10
URL which works anonymous (????? are hidden)
webdavs://dev.?????.nl/webdav/domino/eod.docx
https://dev.?????.nl/development/webdab.nsf
https://dev.?????.nl/webdav/domino/
Any help would be appreciated!
I wrote that application.
You are in the tricky land of authentication. Domino supports: Basic, FormBased, Cookie based (LTPA) SPENEGO and SAML. The later 3 need configuration work.
What happens when you use WebDAV is that no longer your browser, but a local library (belonging to Explorer or Office) talks to Domino.
You can "manually" try that using File - Open and paste the URL to the document (the one with https://, not webdavs://).
The only thing that happens with a webdavs:// url: a little helper checks, based on extension in the registry, what app is needed (Word, Excel, OpenOffice) and then calls that app with the https:// url as parameter. Like starting e.g. Excel from the command line:
excel.exe https://someserver/path/spreadshit.xls
By default Windows now uses NTLM or Kerberos authentication, neither of them supported by Domino (There used to be a proxy translating NTML to LTPA by a 3rd party). So no credential reaches Domino. Hence you need anonymous access rights.
For older versions of Windows I described what you need to do to get Basic Auth going.
Never came around to check what setting you would need on Windows 8 or 10 to allow basic auth there. Also, in theory, SAML or SPENEGO SSO might do the trick.
If you got Mac or Linux, you could check them first.
So the challenge isn't with the webDAV plugin as such, but in finding a common authentication ground between the OS and Domino. Hope that clarifies it a little.
Let us know how it goes!
We want to avoid our own users from hotlinking to images and media outside our own domain. Is there a way to do this through IIS (version 8 on Windows Server 2012) ? We have the URL Rewrite module installed, but unsure how to develop a rule that would accomplish what we need.
Pleaes keep in mind I'm wanting to block any hotlinking to other websites, and only allow images/media that are located on our own domain. Googling and searching here on stackoverflow results in preventing other sites from hotlinking to one's own self hosted content, not the other way around like we want.
WMSAuth plugin for Windows Media Services might be something which you might look at. It's not for IIS but you might use the same concept for building your solution.
It's open source so you can check the sources on github.
I've inherited a legacy web app, written in Classic ASP which at one point was re-written (still in Classic ASP though), and the original application files were never removed. Most of these un-necessary files are ASP, HTM, INC, JS & CSS file types.
This web app has no planned replacement or migration to .NET, but I'd like to be able to clean up the directory so that I can load the site in Visual Studio and be able to perform solution searches for code fragments and have some level of confidence that what I am searching for actually exists in currently used code.
I was able to eliminate some files by programatically parsing the IIS log files, but that only tells me what was requested by the client, and doesn't tell me which files are being used by other ASP pages as includes.
I'd like to know whether there is an internal IIS log or trace that I can enable to identify which files are actively being processed by the IIS engine. I have IIS 6 and IIS 7.5 at my disposal.
Any other quick methods for determining this would be helpful also. This is not a high business priority but slows me down at dev time and is quite an annoyance. Obviously I could write an app to catalog all the files and crawl the text of each one looking for includes, but I'd rather focus my efforts on delivering value to the business.
Thanks in advance.
One approach is using Sysinternals Process Monitor. You can set Four filters like following image to find out all files accessed during application life-cycle. The w3wp.exe is IIS worker process which runs Web applications. You must set Path filter to begin with physical path of the Web application.
45
I need to write a very simple authentication proxy service - the user must login via a web browser, then the page redirects the user to another URL if the login was correct.
The server is IIS7; auth is via Active Directory. While I have heaps of experience in Linux, Apache, Python, etc, I have virtually no programming experience in the Windows environment. I understand that IIS can handle the authentication part, but I'm a bit unsure where to start for the generating the URL. What language, environment and resources would be a good starting point?
While one part of me wants to break out the python, another wants to do it 'The Windows Way (TM)'.
Even better would be to use the Windows Domain SSO so the user wouldn't even need to log in, but that can come later.
In the WISA world (Windows, IIS, SQL, ASP.Net), you can accomplish the above in ASP.Net Forms Authentication (an option is to use Active Directory)
If this is a private site (corporate Active Directory intranet) an easy way to get no login prompt at all (SSO from user AD login on PC) is if you have IE in your network (NTLM/integrated authentication). You can do the security restrictions in IIS for files, folders, etc. without any development - nor would you need ASP.net involved..the files could simply be html, etc. Access is granted in AD in your users/groups to some resource. Although I have never done it, if IIS can run Python, then you can bust out the python :). IE may not be the only choice, it seems you can config Firefox - I have not tired this...if its internal/corporate, IE is pretty much the no brainer for it (no sweating/nothing to figure out or tweak).
Is there a good way of remotely managing 301 redirects in IIS? I have recently taken ownership of a small retail ASP.NET website I've been tasked with providing our SEO provider the ability to change redirects for old products etc without having direct access to the server, or needing us to make the change.
The website is ASP.NET 4.0, running on Windows Server 2008 with IIS 7.
you could maintain a list of the required redirects via an app.config file - have a module which takes the request and checks the request against the file
if there is a match then you could redirect to a known place. The trouble is that it could be a little slow - instead of a config file you could store the redirects in the database as an alternative