How to force IIS/ASP.NET to use assembly from the bin folder instead of GAC

If you have a assembly with the same version number located both in the bin folder for a web site and in the Global Assembly Cache (GAC), ASP.NET will by default use the GAC version of the file. Sometimes that’s not the ideal solution so here’s a workaround.

1. Open web.config in a text editor

2. Add this code to /configuration/runtime/assemblyBinding/dependentAssembly:

<assemblyIdentity name="Your.Assembly.Name" publicKeyToken="31bf3856ad364e35"/>
<codebase version="1.0.0.0" href="/bin/Your.Assembly.Name.dll" />

Continue reading →

How to block search engines from indexing all sites in a IIS instance

This can be useful on development sites where you have many IIS sites running but don’t want search engines to index them without creating robots.txt on every site.

To do this we’ll have to add a X-Robots-Tag HTTP Response header which is some search engines including Google as detailed here: http://googleblog.blogspot.com/2007/07/robots-exclusion-protocol-now-with-even.html

Here are the steps:

1. Open Internet Information Services (IIS) Manager
2. Click the server instance name from the left menu
3. Open HTTP Response Headers
4. Click Add… from the action menu
5. In the Name input, type: X-Robots-Tag and in the Value input, type: noindex

How to disable ciphers vulnerable to the BEAST vulnerability on Windows server/IIS

By default the SSL protocol encrypts data by using CBC mode with chained initialization vectors. This allows an attacker, which is has gotten access to an HTTPS session via man-in-the-middle (MITM) attacks or other means, to obtain plain text HTTP headers via a blockwise chosen-boundary attack (BCBA) in conjunction with Javascript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. This vulnerability is more commonly referred to as Browser Exploit Against SSL/TLS or “BEAST”. Continue reading →

How to create pfx (PKCS12) file using openssl

If you have a certificate file and private key and need to move that to a Windows server you can easily create a pfx file that can be imported on the Windows server.

Here’s how:

openssl pkcs12 -export -in {cer_filename}.cer -inkey {key_filename}.key -out {pfx_filename}.pfx

You will be asked to provide a password. You’ll need to use this password when you import the certificate on the Windows server.

How to disable SSL v2 / enable SSL v3 on Windows 2008

SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it’s enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2. This is required for PCI compliance. Continue reading →

How to migrate multiple sites from IIS 6 to IIS 7

This is a quick guide on how to migrate all sites from IIS 6 to IIS 7. You can probably use the same commands to move sites from one IIS 7 to another.

Everything will be migrated, including application pools, virtual directories, SSL certficiates etc.

1. Download and install Web Deployment Tool on both source and destination servers: http://www.iis.net/download/webdeploy Continue reading →

Changing file upload limits in ASP.NET on IIS 7 or greater

When uploading files greater than 28.6 MB (30000000 Bytes) with ASP.NET on IIS 7.5 using SWFUpload I’m getting this error:

There has been an I/O Error: Error #2038

Continue reading →

Error in IIS when adding secure binding because intermediate certificate is missing

Today when adding a secure binding to one of my sites in IIS 7, I got this error:

One or more intermediate certificates in the certificate chain are missing. To resolve this issue, make sure that all of the intermediate certificates are installed. For more information, see http://support.microsoft.com/kb/954755.

Continue reading →