Well, it has been a busy week but I managed to find a few hours to update uManage to include a setup wizard as well as fix the first issue.  For those who just want to download it visit Codeplex.

The setup wizard was always in the master plan to make it easy to setup the application as well as in the future allow IT Pro’s who may not know much about ASP.NET to simply download the application as part of Microsoft’s Web Platform Installer.  So essentially, once downloaded IIS and the File System would already be configured and simply need someone to run through the wizard to configure everything else.  Pretty simple I think.

In addition the first issue fix was included.  Of course I was the one that logged it but nonetheless it was important.  In Version 1.0 the membership section was not encrypted which meant that the username and password could potentially be read by anyone who has access to the file system and possibly not to the domain.  They could be employees or potential hackers who want to cause problems.  Either way when the setup wizard is run it encrypts the membership provider section which makes it pretty hard to get to the username and password for the application.

Of course anyone who uses this application really should create a new user account that has delegated rights to mitigate any major security problems.  I will have a new post soon on how to set all of that up as I have a feeling the developers out there might not know what that is all about.  Security is still important people!

Well off to pack for a trip, but check back soon for updates.

-Brent

This applies to IIS 6.0 and not 7.0 that I am aware of.  I will see if this has been handled differently in

IIS 7.0 later.

I found a few good resources while doing this research today.  This is a long standing problem.  This post provides resources and links to help solve the problem.

A typical scenario looks like this:

You have a single server with many websites and you need to use a certificate for SSL traffic on two of the five websites.  You do not need to use SSL at all on the remaining sites.

Solution:

You need to use a wild card certificate, assuming that all of the sites reside in the same domain space.  Just for clarification a wildcard certificate certifies a domain namespace, like www.brentpabst.com or www.microsoft.com.  Anything that exists as a domain.  What this does in essence is certify that *.brentpabst.com is OK.  So if you have any number of levels of sub-domains you could, in theory, install this certificate and it would be valid.  I found both a MSDN and a link to the Singapore .NET User's Group on the subject.

Microsoft TechNet: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true

Muang's Blog: http://sgdotnet.org/blogs/maungmaung/archive/2007/01/22/Multiple-_2800_SSL_2900_-Web-Sites-in-IIS-_2800_Part-2_2900_.aspx

If you have not done so already and work with IIS 6.0 in most of your day to day work you would do well to have the IIS 6.0 Resource Kit.  You can download it here.  In general as a SysAdmin or Engineer I also recommend having the Windows Server 2003 Administration Tool Pack.  These are all invaluable tools!

Hope it helps!

I came across the need to force a site to load secure over SSL using IIS7.  The important thing was the the application would not even load for the user unless it was opened over SSL.  I searched online and found an easy way to get IIS7 to only allow HTTPS traffic to pass to the application however since the application already existed it was going to cause me a problem because people had already set their bookmarks up for the standard HTTP address.  So I did more searching to automatically load the HTTPS version instead and for smarter browsers tell them to pick up on the change.  I modified some code snippets I had found plus embedded it into a familiar IIS7 error message in the event the transfer failed.  I have attached a ZIP file with the new error page.

Read the contents of the html file to get instructions on how to load it into IIS.

-Brent