IIS Configuration asp.net FAQ _ Practical Tips

Many friends in the use of IIS6 Web site encountered a lot of problems, and some of these problems in the past IIS5 inside have encountered, some are new, I have been busy all afternoon, do
A lot of experiments, combined with the previous experience of debugging, made this summary, I hope to help you:

Issue 1: Parent Path not enabled
Examples of symptoms:
Server.MapPath () error ' ASP 0175:80,004,005 '
The Path character is not allowed
/0709/dqyllhsub/news/opendatabase.asp, line 4
The character ' ... ' is not allowed in the Path parameter of MapPath.
Reason Analysis:
Many web pages use things like. /formatted statement (that is, the page to the previous layer, which is the parent path), and IIS6.0 for security reasons, this option is turned off by default
。
Solving Method：
In IIS, the properties-> the home directory-> configuration-> option. Check the "Enable Parent path" front. Confirm the refresh.

problem 2:asp Web extensions improperly configured (same applies to asp.net, CGI)
Examples of symptoms:
HTTP Error 404-file or directory not found.
Reason Analysis:
The new Web application extension option is added to the IIS6.0, where you can allow or disallow ASP, ASP.net, CGI, IDC, and so on, by default, ASP and other programs are
Prohibited.
Solving Method：
In the Web service extension in IIS, select Active Server Pages and click Allow.

Issue 3: Improperly configured identity authentication
Examples of symptoms:
HTTP Error 401.2-Unauthorized: Access was denied due to server configuration.
Reason Analysis: IIS supports the following types of Web authentication methods:
Anonymous authentication
IIS creates the IUSR_ computer name account (where the computer name is the name of the server that is running IIS), which is used when anonymous users request Web content
for authentication. This account grants the user local logon rights. You can reset anonymous user access to use any valid Windows account.
Basic Authentication
Use Basic authentication to restrict access to files on an NTFS-formatted WEB server. Using Basic authentication, the user must enter credentials and access is based on the user
ID's. Both the user ID and password are sent across the network in clear text.
Windows Integrated Authentication
Windows Integrated authentication is more secure than basic authentication and works well in the intranet environment where users have Windows domain accounts. In the integrated
In Windows authentication, the browser attempts to use the credentials that the current user uses during the domain logon process and prompts the user for a user name and password if the attempt fails. Such as
If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user is logged on to the local computer as a domain user, he is accessing this domain
You do not have to authenticate again when you are in a network computer.
Digest Authentication
Digest authentication overcomes many of the drawbacks of basic authentication. When Digest authentication is used, the password is not sent in clear text. Alternatively, you can use the proxy server
Use Digest authentication. Digest authentication uses a challenge/response mechanism (a mechanism for integrated Windows authentication), where passwords are sent in encrypted form
。
. NET Passport Authentication
Microsoft. NET Passport is a user authentication service that allows single check-in security to enable users to access a. NET Passport-enabled WEB site
And service is more secure. A. NET Passport-enabled site authenticates users based on the *. NET Passport central server. However, the hub server
Specific users are not authorized or denied access to each of the. NET Passport-enabled sites.
Solving Method：
Configure different identity authentication (typically anonymous authentication, which is the authentication method used by most sites) as needed. Authentication options in the IIS Properties-> security-> Authentication
Card and access control configuration.

Problem 4:IP Limited improperly configured
Examples of symptoms:
HTTP Error 403.6-Prohibit access: The IP address of the client is denied.
Reason Analysis:
IIS provides a mechanism for IP restrictions that you can configure to restrict a ㊣p from accessing the site, or to restrict access to only certain IP sites, and if the client is
Blocked IP range, or not within the range you allow, you will receive an error message.
Solving Method：
Access to IIS Properties-> security->ip address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select an authorized access point to add an IP address that is not allowed. Anti -
You can only allow access to certain IP addresses.

problem 5:iusr account is disabled
Examples of symptoms:
HTTP Error 401.1-Unauthorized: Access denied due to invalid credentials.
Reason Analysis:
Because the user is using anonymous access account is the IUSR_ machine name, so if this account is disabled, will cause users inaccessible.
Solution:
Control Panel-> Management tools-> Computer Management-> Local Users and groups, enable IUSR_ machine name account.

problem 6:ntfs permissions set improperly
Examples of symptoms:
HTTP Error 401.3-Unauthorized: Access because the ACL's settings for the requested resource were denied.
Reason Analysis:
Users of a Web client are subordinate to the user group, so if the file has insufficient NTFS permissions, such as no Read permissions, it will cause the page to be inaccessible.
Solutions：
Enter the Security tab of the folder, configure user permissions, or at least Read permissions. About NTFS permission settings are no longer fed here.

problem 7:iwam account different step
Examples of symptoms:
HTTP 500-Internal server error
Reason Analysis:
The IWAM account is a built-in account that the system automatically builds when IIS is installed. IWAM account established by active Directory, IIS metabase database and COM + application three
, the account password is saved by the three parties separately, and the operating system is responsible for the three-party IWAM password synchronization work. The system's password synchronization work for IWAM accounts sometimes
will fail, resulting in the IWAM account password is not uniform.
Solutions：
If there is an ad, select Start-> program-> Administration Tools->active directory Users and Computers. Set the password for the IWAM account.
Run c:\\inetpub\\adminscripts>adsutil SET w3svc/wamuserpass + Password Sync IIS metabase database password
Run cscript c:\\inetpub\\adminscripts\\synciwam.vbs-v sync iwam account password in COM + applications

problem 8:mime Setup problem causes some types of files to be downloaded (for example, ISO)
Examples of symptoms:
HTTP Error 404-file or directory not found.
Reason Analysis:
IIS6.0 has canceled support for some MIME types, such as ISO, causing client downloads to go awry.
Solving Method：
The property->http header->mime type-> new in IIS. In the dialog box that follows, the extension is filled in. The Iso,mime type is application.
In addition, firewall blocking, ODBC configuration errors, Web server performance restrictions, thread restrictions, and other factors are causing the IIS server can not access the possible reasons, here is no longer one
The feed is described.