How to log client IP when IIS is load balanced: the X-Forwarded-For Header (XFF)

X-Forwarded-For Header (XFF) is essential whenever we have a Proxy or LoadBalancer between client browser and IIS. This way, the proxy or load balancer will forward the client’s IP to IIS, hence giving the IIS the much needed info to track the incoming user. You need to check your Proxy or Load balancer documentation on…


FIPS compliant machinekey section for IIS Application

One of my customers needed to configure his ASP.NET site under FIPS. The information was scattered in various MSDN blogs and docs. To prevent the good work go to waste, I am blogging it here so that others can be benefited as well: FIPS compliant machinekey section in web.config: <machineKey validationKey=”XXXXXXXXXXXXXXXXXXX”   (same key for all…


Forcing IIS to write logs (HTTP and FTP)

I was assisting a customer who was trying several different configurations but his IIS log was not reflecting any of these changes. This can be frustrating at times since you always expect the logs to be written corresponding to your actions. By default, starting with IIS 7.0, IIS HTTP logs are written once every 1…


How to programmatically determine if a user is authorized in an IIS Website

A customer had a unique need of verifying authorized users against a website that runs on IIS. The code is short and simple if you know what component and method(s) to invoke.   using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Microsoft.Web.Management.Server; namespace ConsoleApp1 {     class Program     {         static…


Powershell ISE crashes on exit while using Microsoft.Web.Management.dll

I was helping a customer other day on a stubborn crash whenever Powershell-ISE and Microsoft.Web.Management.dll are put together. While calling Microsoft.Web.Management.dll from Powershell-ISE or WMIprvse.exe, upon exit, it was throwing Runtime.InteropServices.InvalidComObject error while crashing the Powershell-ISE or WMIprvse.exe. Loading/calling the same DLL on the same machine from a C# console application did NOT exhibit this…


Enabling “Transfer-encoding: chunked” in the response header with IIS

While assisting a customer on configuring ARR (Application Request Routing), we found that chunked transfer encoding was not working properly. After bit of workaround, we were able to fix it up. Here is a summary of the troubleshooting session. Quick Note: “Chunked” is a type of transfer encoding by which the message body is transmitted…


How to remove NEGOTIATE from IIS Windows Authentication

I was assisting a customer just the other day who was having a dejavu of removing Negotiate from IIS Windows Authentication. After clicking the “Remove” button, if he restarted the machine, the Negotiate would reappear! This is because the setting is by default locked. You need to do from the IIS Configuration Editor. Here is…


Server object error ‘ASP 0177 : 8000ffff’

I was assisting a customer who was struggling with this intermittent error. An iisreset would alleviate the problem temporarily only to resurface within few days again. This is the error details: Server object error ‘ASP 0177 : 8000ffff’ Server.CreateObject Failed ShowReport.asp, line 36 This problem occurs if a website that you browse is an Active…


IIS Manager shows Authorization warning when testing a Physical Path

Time to time, customers ask us about this warning. This is a by-design “benign” warning simply telling us a verification has been deferred to runtime. This can be ignored in most cases. If you select your Application pool in IIS Manager and choose the basic settings, you will see following window: Now if you click…


Binding a Certificate in IIS using C# and Powershell

Other day I was assisting a customer who had a unique need of binding a Certificate from within C# code using Powershell. A direct API call won’t work due to some constraints, so Powershell was the other viable option. Customer also didn’t want any Powershell window to pop-up, so we needed to code around it….