File Security (IP address access restrictions) in IIS7 - iis

I have a web service that contains 2 asmx files (public.asmx and private.asmx). On IIS6 I could go to the properties of private.asmx then, from the 'File Security' tab, deny all computers access except the IP address for localhost.
In IIS7 I only seem to be able to do this for an entire folder. What am I missing?

Funny - I found this question because I have the same problem, but I think the solution is as follows:
In IIS7, browse to the directory containing your public.asmx and private.asmx files.
The title at the top will reflect the current directory, like "WebService Home". Click the "Content View" button at the bottom.
Right-click on your public.asmx file and choose "Switch to Features View".
The title should be "public.asmx Home" to confirm that you're managing the one file.
Add your IP restrictions. In this case, I think you want an Allow entry for 127.0.0.1 and choose "Edit Feature Settings" from the Action menu to Deny access to unspecified clients.
Click your containing folder again (e.g. WebService) and switch to Content View again to repeat these steps on private.asmx.
I am learning the ropes of IIS7 myself, but I hope this answers your question.

Found this question via Google and was looking for how to do it via the .config file but could not find that answer here. I've since tracked down the info:
The ipSecurity element is used by the web.config in IIS7 to restrict access by IP Address. You can use it like this:
<configuration>
<location path="private.asmx">
<system.webServer>
<security>
<ipSecurity>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>
Update: Note that the role has to be added for this security to be enabled. See the ipSecurity article linked above.

Related

How to forward to Lightswitch html client from domain root deployed on Azure Websites

I have successfully deployed a Lightswitch HTML application to Azure Websites. I have also forwarded my personal domain to mask the azurewebsite.net address. I am now able to access the site by typing mydomain.com/htmlclient and everything works fine. If I type in just the my domain.com, however, I get the you do not have permission error.
This is close but ultimately I would like to be able to enter just the domain and have it automatically forward to the htmlclient folder. I know it is possible but I'm not sure if I can get there with settings in azure or my domain host or if I have to drop a page in the root (it appears that the default and login.aspx pages for forms authentication are already in the root).
Any help would be appreciated.
In the Visual Studio 2013 version we've found this is simply a case of adding an additional entry to the LightSwitch server project's web.config file.
This additional entry needs to reference the default.aspx file (which should already be part of the server project) and should be introduced into the defaultDocument section of the web.config. In the following example, this new line appears immediately after the standard default.htm line: -
<defaultDocument>
<files>
<clear />
<add value="default.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>

CFWheels App goes to directory structure instead

I just added a CFwheels site to my IIS 8 and instead of going to the actual page is showing the directory structure on the browser. Any hints on what I should check?
Geo,
Your problem is the default document settings as Anit has suggested. In the IIS8 control pannel look for a cpl called "default document". It will show a list of documents that are served by "Default" so that when you navigate to something.com/home it actually serves up something.com/home/index.cfm (as an example).
Make sure you add your desired default document to the list. You can aslo do this in the web.config file:
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="index.cfm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
You are correct I think that if it is an Adobe AMI it should have such a setting by default - but perhaps you are not using a standard default doc.
You probably want to disable directory browsing as well - that's also a cpl I think.

How to create a virtual directory from file in IIS 8.5

I want to import virtual directory setting via file in IIS 8.5, but cannot find an option to do so. In IIS 6 you can:
Right click on the site -> New -> Virtual Directory (From File)
I do not see this option in IIS 8.5, only an option to 'Add Virtual Directory...'
Google is not helping today. Does anyone know how this can be accomplished?
I was not able to find a way to do this similar to how you can in IIS 6, maybe there is a powershell command...
However, I did find a way to add sites via the applicationHost.config file, which is usually located at: C:\Windows\System32\inetsrv\config. (be sure to make a back up of the file in case you make a booboo).
Since I have similar sites and apps, it is was easy to copy and paste, and modify the necessary fields.
You can add sites and app pools in the section:
<system.applicationHost>
App Pools:
<applicationPools>
...
Sites:
<sites>
If you have applications under a site then there has to be a corresponding location node:
<location path="Default Web Site/yoursiteapp">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
<access sslFlags="None" />
</security>
</system.webServer>
</location>

ASP pages in IIS using Localhost 401.3 Error do not have permission

I have just installed the IIS so I can view asp files in a browser but when I put the address in a browser as : http://localhost/index.asp I get an error.
The error shows this:
HTTP Error 401.3 - Unauthorized
You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.
I really need to get this sorted out, I would highly appreciate any advice on this.
My issue was around the identity used in the app pool. I changed the site's Authentication to "Application pool identity" as well as giving the directory the appropriate permissions.
OK, working from memory here as I am not in front of a Windows machine.
If you right click on your webroot folder /inetpub/wwwroot/ or the website directory you are working on open properties and select security, I think it is, you will see the list of users with their permissions for that folder. There is a section to add new users where you can add the IIS_IUSRS account (search from the list of users if you need to) which will be the default user used when anonymous authentication is enabled. Give this account the relevant permissions (read, write, execute) ensuring you apply to file and subfolders. Refresh the website in IIS and you should hopefully be good to go.
I had one folder not working (extracted from a zip file which came from an email from some kind of MS Sharepointy thing. Or something). The files were all marked with Windows Explorer -> Right Click -> Properties -> Advanced -> Encrypt contents to secure data. Unticking cured it.
In my case I had created an application in IIS 7 on Windows 7 using "Add Application" on the Default Web Site. I had to add the "users" account from the local machine and that got rid of the permissions error.
I had this happen to me and what I needed to do was apparently add a web.config file. Doesn't matter that it was just a PHP site, and that "Everyone" had full control. Until there was a basic Web.config - NO DICE!
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script" />
<defaultDocument>
<files>
<clear />
<add value="index.php" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>
Here, the set up process is explained in detail. You can follow the steps.
http://coldfusion-tip.blogspot.com/2013/10/you-do-not-have-permission-to-view-this.html

404 error with IIS 7.0

I have a text file that I am trying to browse to using the browser http://files.mydomain.com/test.txt and I get a:
HTTP Error 404.0 - Not found
I double checked and the text file does exist. When I add a test.htm file, I have no issues.
Can someone help? Something tells me it's security issue.
Have you checked the following:
Your DNS 'A' record for 'files' is pointing to the correct IP address
If your server is using a shared IP address across multiple sites have you configured a HTTP host header?
Is there a mime type set for the .txt extension?
Have you made any changes to the Handler Mappings for the site? e.g. mapped the .htm extension to say the ASP ISAPI filter and accidentally removed the StaticFile handler?
Can you serve other static content such as .jpg, .gif, .pdf etc?
Kev has covered most of the possible problems, but for reference there is another possibility.
Confirm that in Request Filtering you either
have .txt as an Allowed extension, or
have Allow unlisted file name extensions ticked in Edit Request Filtering Settings
The same effect can be achieved with the following web.config section:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".txt" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
Also make sure also that the website is started. I was getting 404 and then realized that the Default Website was stopped because another website (Sharepoint) was using port 80. Sometimes the obvious is what gets you.
Add the MIME-Typ by going to ...
features / Mime-type
right click,
add,
put in the file extension ".txt"
and the mime-type "text/plain"
ok
et voila
I know this is an old post, but this might still help somebody out. I ran into this problem with my Asp.Net Core application. In my case it turned out that static files are served from a subdirectory called 'wwwroot' by default. Creating that subdirectory and moving the file in their solved it for me:
https://learn.microsoft.com/en-us/aspnet/core/fundamentals/index?view=aspnetcore-2.2&tabs=windows#web-root

Resources