IIS provides a new command-line tool, AppCmd.exe, to configure and query objects on your Web server, and to return output in text or XML. In this article, I will explain how to perform common IIS administrative tasks such as creating new sites, stopping/starting services, and viewing status of the site.

AppCmd.exe allows you to perform just about all the typical management functions you would want to perform using the CLI instead of the GUI. For example, here are some of the things that AppCmd.exe can do:

•     Start and stop IIS web sites
•     Create IIS websites, applications, application pools, and virtual directories
•     Show running IIS processes and list currently executing requests
•     Import, export, and search IIS ASP.NET configurations

Five ways that you can use AppCmd.exe to make your IIS website administration easier:

Sure, you can do just about everything in the IIS management MMC (GUI) that you can do with AppCmd.exe at the command line but GUI interfaces also have their disadvantages. To name a few, with a GUI you cannot do repetitive tasks quickly (like with a Windows Desktop Shortcut) nor can you use output from one AppCmd.exe output and send it to an AppCmd Action. Here are 5 ways that using AppCmd.exe can make your IIS website administration easier:

1. Start and Stop IIS websites from the command line

This is actually very simple. If you don’t know the name of your sites, just do:

Appcmd list sites

Now that you know what sites you have, you can start and stop your IIS web sites like this:
Appcmd start sites “Default Web Site” (or whatever site you want to start)

2. Add a new website

Adding a new website is easy. Just use:
Appcmd add sites /name:”Dave’s Site” /id:12 /bindings:http://mysite.com:80

Like this:

While this may add a new website, that website may not be as complete as a site added in the GUI unless all command options are added then an application is added for it. To get a more fully functioning IIS site, use the following two commands:
AppCmd add site /name:ddsite /id:99 /bindings:http/*:81: /physicalPath:C:\ddsite
AppCmd add app /site.name:DDSite /path:/ddapp /physicalPath:C:\sites\ddsite

3. Listing objects that meet certain information

Using the list command is easy. I showed you how to list our websites running on the server in #1, above. Notice in the output how you can see that the sites are running or not (the sites state). You can also list all objects (like sites) that meet certain criteria. For example, this command lists all sites that are stopped. Here is an example:

4. Backing up you IIS configuration

AppCmd.exe can backup your IIS configuration using the add backup command. You can also list your commands with the list backup command the and the restore backup can put your backup data back where it needs to go with the restore backup command.

Below, you see me backing up my IIS configuration then listing out what backups were available after that.

5. Report on IIS configurations

AppCmd has the power to report on your IIS configurations and export that configuration to a text file. To do this, just run:
Appcmd list site “sitename” /config
Here is what the output looks like:

IIS 8.0 with Free ASP.NET Hosting
Try our IIS 8.0 with Free ASP.NET Hosting today and your account will be setup soon! You can also take advantage of our Windows & ASP.NET Hosting support with Unlimited Domain, Unlimited Bandwidth, Unlimited Disk Space, etc.

In this tutorial, I’ll explain how to install WCF in IIS 8.0. So in order to host our WCF Service in IIS, use the following simple step-by-step approach. First, Add a website to our solution. select the “ASP.NET Empty web Site” example. For web location, select “HTTP” rather than “File System” and provide the path and press the “OK” button.

Next step, add the Reference of the StudentService project to our web site, in other words StudentIISHost.

Next, Add a reference of System.ServiceModel to the web site. And then, Add a new .svc file to our web site project as.

Then write the following configuration for System.ServiceModel in the web.config :
<system.serviceModel> 
     <behaviors> 
           <serviceBehaviors> 
                  <behavior name=”StudentServiceBehavior”> 
                       <serviceMetadata httpGetEnabled=”true”/> 
                       <serviceDebug includeExceptionDetailInFaults=”false”/> 
                  </behavior> 
           </serviceBehaviors> 
      </behaviors> 
      <services> 
          <service behaviorConfiguration=”StudentServiceBehavior” name=”StudentService.StudentService”> 
           <endpoint address=”http://localhost/StudentIISHost/MyStudentHost.svc” 
                 binding=”wsHttpBinding” 
                 contract=”StudentService.IStudentService”> 
            <identity> 
                <dns value=”localhost”/> 
            </identity> 
          </endpoint> 
          <endpoint address=”mex” 
                binding=”mexHttpBinding” 
                contract=”IMetadataExchange”/> 
          </service> 
       </services> 
   </system.serviceModel> 

Finally, Access the hosted WCF Service, in other words StudentService using the following path.
http://localhost/StudentIISHost/MyStudentHost.svc

I hope this WCF Tutorial will help you to understand the implementation for hosting a WCF Service in Internet Information Services (IIS).

IIS 8.0 Hosting with Free ASP.NET Hosting

Try our IIS 8.0 Hosting with Free ASP.NET Hosting today and your account will be setup soon! You can also take advantage of our Windows & ASP.NET Hosting support with Unlimited Domain, Unlimited Bandwidth, Unlimited Disk Space, etc. You will not be charged a cent for trying our service for the next 3 days. Once your trial period is complete, you decide whether you'd like to continue.

In this post, let me tell you about how to configure IIS to require SSL on both Federation Servers. First step, open the Administrative Tools from the Start menu as shown on the following picture:

And then, in the Administrative Tools many options will be available, among these options one will be for IIS Manager. Double-click on this option to open it as shown on the below picture:

The IIS Manager Wizard will open. On the left hand side will be the Connections Pane.

Next step, expand the Server Name available under the Connection Pane, on expanding an option will appear named "Sites", again expand this option. This will bring the default Website under the IIS.

Click on this default Website, on clicking an option will come in the center Pane named SSL Settings, double-click on it to open it.

Now, check the "Require SSL" and then select on the "Accept Client Certificate".

Go to the Actions Pane and then select on the "Apply" button to apply the changes made.

IIS 8.0 Hosting with Free ASP.NET Hosting

Try our IIS 8.0 Hosting with Free ASP.NET Hosting today and your account will be setup soon! You can also take advantage of our Windows & ASP.NET Hosting support with Unlimited Domain, Unlimited Bandwidth, Unlimited Disk Space, etc. You will not be charged a cent for trying our service for the next 3 days. Once your trial period is complete, you decide whether you'd like to continue.

I was working on a web application, and suddenly the application stopped running on the browser and I got this error message,

“Unable to connect to the configured development Web server. Failed to register URL http://localhost :57660/ for site “sandbox” application “/”. Error description: Access is denied. (0x80070005)”

I tried many things like restarting Visual Studio and running Visual Studio as administrator but nothing worked. Finally, after spending a few hours on it I got the solution, so here I am sharing the solution.

Open windows registry and browse parameters in HTTP where you can see what URLs are allowed to be bound to services without admin privileges. The parameter is called ListenOnlyList and it needs to be set to the address that exists on your machine.

You need to configure this parameter by running the following in the administrative command prompt:

 
Once IP address is successfully added, you can see ListenOnlyList added in the registry with correct value.

Now run your web application again. I hope that will resolve your problem.

IIS 8.0 with Free ASP.NET Hosting
Try our IIS 8.0 with Free ASP.NET Hosting today and your account will be setup soon! You can also take advantage of our Windows & ASP.NET Hosting support with Unlimited Domain, Unlimited Bandwidth, Unlimited Disk Space, etc. You will not be charged a cent for trying our service for the next 3 days. Once your trial period is complete, you decide whether you'd like to continue.

We saw as problems URL Canonicalization can be solved in a declarative means a component of IIS, called URL Rewrite Module, which can be configured by specifying the appropriate rules of web.config. Another typical requirement in the management of a website is to make sure that applications that involve sensitive data (such as a page for payment by credit card) are carried out using the HTTPS protocol. How can we manage, however, requests that are received incorrectly using HTTP? A first solution may be to set the flag RequireSSL IIS for the particular folder that we want to protect (or maybe of all the site), as shown below:

The effect of this setting is that if a user visits the page via HTTP, IIS will raise 403.4 HTTP status code (Forbidden), displaying the standard error (or a custom version, if specified):

An alternative certainly more pleasant for the user is that instead of automatically redirected to the HTTPS address and, for this purpose, we can exploit once again the URL Redirect Module, by setting a rule similar to the following:

<rule name="ToHttps" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{URL}" pattern="(secure/.*)" />
    <add input="{HTTPS}" pattern="ON" negate="true" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>

It applies to all addresses in input:

• Pointing to a folder called secure
• They are not using HTTPS

Hopefully we can eliminate the first condition, if we want the rule applies to the entire website and not to a particular folder. The final effect, specified in the node Action, is to perform a Redirect to the same page, but with the correct protocol.

Sometimes you may also need the opposite, ie postponing from HTTPS to HTTP. A typical example is when the SSL certificate covers only a subdomain of our site (for example secure.miosito.com) and therefore we want all the other pages are open in HTTP. In this case the rule to be created is very similar to the previous one:

<rule name="ToHttp" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{URL}" pattern="(secure/.*)" negate="true" />
    <add input="{HTTPS}" pattern="ON" />
  </conditions>
  <action type="Redirect" url="http://{HTTP_HOST}/{R:1}" />
</rule>

HostForLIFE.eu IIS 8.0 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.

Today, I will show you how to generate SSL certificate request (CSR) with Certreq. Certreq.exe is a command-line utility included on Windows Servers. It allows you to quickly generate a certificate request without having to use Windows's laborious GUI.

Step 1: Creating a config file

Open a text editor and paste the text below in the file:

;--- request.inf ---

[Version]
Signature="$Windows NT$"

[NewRequest]
; Replace Country with the 2-letter ISO code for your country
; Replace State with your state or province, without abbreviation
; Replace City with your city
; Replace Organization with your company
; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely
; Replace www.example.com with the hostname you're requesting a certificate for
; For a wildcard SSL certificate, this would be *.example.com
Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country"
; Key Exchange - for encryption
KeySpec = 1 
; 2048 bits minimum, 3072 or 4096 are valid too
KeyLength = 2048
; Needed if you need to export the certificate to another server
Exportable = TRUE
; Indicates a server certificate, not a user certificate
MachineKeySet = TRUE
SMIME = False
UserProtected = FALSE
; Generate a new private key
UseExistingKeySet = FALSE
; RSA key
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12
; Standard of CSR's
RequestType = PKCS10
; Digital signatures and encryption
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]
; Server authentication
OID=1.3.6.1.5.5.7.3.1

;------------------------------

Step 2: Generate a Certificate Request

Generate your CSR with the following command:

C:\>certreq -new request.inf request.csr

Open the .csr file, and copy its contents in Kinamo's CSR application form, including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.

Step 3: Install an SSL certificate with Certreq

The .cer file you receive from the Certificate Authority can easily be installed by saving the file on the server you generated the CSR on, for instance as cert.cer, and by executing the following command at the prompt:

C:\>certreq -accept cert.cer

IIS 8.0 with Free ASP.NET Hosting
Try our IIS 8.0 with Free ASP.NET Hosting today and your account will be setup soon! You can also take advantage of our Windows & ASP.NET Hosting support with Unlimited Domain, Unlimited Bandwidth, Unlimited Disk Space, etc. You will not be charged a cent for trying our service for the next 3 days. Once your trial period is complete, you decide whether you'd like to continue.

Hey folks, now it’s possible to manage your IIS (Internet Information Services) Server right from the Browser. I am going to share the steps , which I was required to perform before it started running. It was simple though. Right now, the Service is in “Preview” mode, hope to see this launched very soon!

“To start, head over to https://manage.iis.net and download IIS Administration Setup.

As soon the download starts, it shows you another screen waiting for the Service to be installed and run and let you proceed further.

The installation failed twice. It asked me to install “Microsoft Visual C++ 2015 Redistributable (x64)” first and then asked to install “Microsoft .NET Core 1.0.1 Windows Server Hosting”. I had no other trouble during the installation. My machine config at the time is Windows 10 Enterprise (x64) / i5 / 12 GB. I did an IIS reset and the waiting Window started receiving signals. The first screen prompted me with a default port (PORT# 55539) on the localhost address and asked me to supply an “Access Token”.

The link, given below in the input box lets you generate or refresh the access token. In the background, it installed “Microsoft IIS Administation Service” exposing a Web Service on port 55539. I’ve yet to figure out, if the port is configurable or not.

Generate an access token and supply to IIS Management form and you are done. It also allows you to set how soon the access token should be expired.

IIS Administration Setup needs to be installed on the machine running IIS Server. To manage any IIS Server online, you just need the Access Token.

The steps are given below.

You can refresh the key anytime, which you want to (or an access token has been compromised).

Server and Website Administration is very smooth with the Web console. All the options from IIS Manager are available online and are very user friendly. You can do pretty much everything from the Web console, which comes available with IIS Manager on Windows.

Exploring websites

Create a Website.

Managing IIS Server

I’ll leave the rest of the exploration for you. Hope, you enjoyed it. Thanks for reading.

When it comes to the option of dedicated servers, you may find it costly in comparison to other web hosting options. But ultimately, the choice is worth making because plenty of commercial benefits are integrated into this web hosting plan. Let’s see how it is a better option than others web hosting plans.

Better uptime
In dedicated hosting arrangements, the service provider reserves the SLA,  including the solution of hardware failure. The service provider maintains a support team for 24x7. With expert skill sets and ITIL complaint methods you can be sure about a high uptime.

Cost efficiency
This is a cost efficient option. According to the plan, a dedicated hosting service provider is responsible for upgradates and maintenance of hardware for maintaining connectivity, and for offering a friendly physical environment. Under this plan, you as a user have no obligation to pay for the total server room or for employing a service administrator. Under this plan you have to pay for the services you will be using.

Reliable bandwidth
Under this web hosting plan you will get to enjoy higher internet speed. There is no chance to lose the speed as there is no risk of sharing the connection. This will help in faster communication, upload management, and uninterrupted business presence.

Complete control on applications
If you select dedicated web hosting, you will enjoy a complete monopoly of decisions about using site management tools and allied other applications to boost your hosting environment. However, about the tools, you need to get prior approval from your hosting service provider that they will be able to give you backend support to maintain them.

Better security arrangement
Dedicated hosting service offers uninterrupted access to physical server. The security arrangement includes supervision cameras, Biometric Access Control System, round-the-clock patrolling, etc. for improved security. Advanced service providers often provide additional supports like DDos guard, web application firewall, VAPT, and security event management.

These reasons can clearly  justify why Dedicated Server is a better option. It is clearly understood that although expensive, this category of web hosting service offers excellent ROI (Return over investment).

In this article, we will only show simple tutorial about how to enable and serve HTTP Strict Transport Security (HSTS) response header in IIS.

Definition HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking.

HSTS improves security and prevents man-in-the-middle attacks, downgrade attacks, and cookie-hijacking.

It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Therefore, adding a HSTS header is important after you’ve added SSL to your WordPress website, so browsers automatically request your HTTPS address.

All you need to add to your web.configconfiguration file is an Outbound Rule, to rewrite request responses and sending the HTTP Strict Transport Security response header:

<outboundRules>
  <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <conditions>
      <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    </conditions>
    <action type="Rewrite" value="max-age=31536000" />
  </rule>
</outboundRules>

HSTS and includeSubdomains #

Do you have your SSL (TLS) certificate on your www. subdomain? Then you need to include it using includeSubdomains. The outboundRules rule then becomes:

<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
  <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
  <conditions>
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
  </conditions>
  <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />
</rule>

HSTS header in WordPress functions.php #

You can set a HSTS header through your functions.php theme file as well. For this to happen, you can hook into the send_headers action.

Use the following code in your functions.php to send a HSTS header:

<?php
add_action( 'send_headers', 'saotn_add_hsts_header' );
function saotn_add_hsts_header() {
  header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );
}

Trace \ Track is a vulnerability that is usually identified on an IIS server when we run PCI compliance and find this vulnerability. A hacker can run a Trace attack on IIS Website and get information about the Backend server and other important information.

In latest versions on IIS (IIS 6.0, 7.5) Trace is disabled by default but still it is good idea to make sure that Trace is disabled on IIS.

Testing if Trace \ Track is Enabled on a IIS website or not

Follow these steps :

1. Go to command Prompt of your Machine.
2. Type telnet <URL of the website> 80 (this will open a telnet session of that website on port 80)
3. Type following commands on the telnet session screen in exact same order: 

    TRACE / HTTP/1.0
    Host: <hostname_you_are_testing>
    TestA: Hello
    TestB: World

4. Press enter twice. 

If Trace is enabled on your server, you should see following results:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Tue, 05 Dec 2016 08:17:15 GMT
    Content-Type: message/http
    Content-Length: 76 

And If you receive following results on the telnet screen, then Trace is enabled :

     HTTP/1.1 501 Not Implemented
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Tue, 06 Dec 2016 09:32:58 GMT
    Content-Length: 1508

    Connection: close

Disabling Trace or Track on IIS

The easiest way to mitigate the risk of Trace \ Track on iis is  : installing URLScan from Microsoft, 
The urlscan.ini file is included as part of URLScan . This sets by default a configuration setting "UseAllowVerbs=1".  In this [AllowVerbs] section of the ini file, only http methods that are allowed are GET, HEAD, and POST so simply by installing URLScan on an IIS server , we can assume that it  protected from TRACE or TRACK.