Re: IIS 6 and ASP.NET security

From: Dominick Baier [DevelopMentor] (
Date: 08/19/05

Date: Thu, 18 Aug 2005 23:40:29 -0700

Hello Michael,

W3svc reads the metabase on statup (or when changed) and registers all the
information with http.sys.

Dominick Baier - DevelopMentor

> Hi,
> It said that IIS 6 use HTTP.sys as the front end for
> handling HTTP request, and pass ASP.NET requests
> to w3wp.exe. So I think this also means security
> settings in IIS (metabase) is bypassed, right?
> Apparently the answer is no, I'ved tried using IIS to set my
> ASP.NET web application's authentication method to basic
> authentication, but my web app's web config still allow
> anonymous access. When I use browser to acces my Web
> app, it asks me to input username and password. So IIS
> metabase is still used, but how? All the information I found
> with Google just show that HTTP.sys directly pass request
> to w3wp.exe, so when/where did IIS metabase be read and
> applied?
> Thanks!
> Michael Tsai

Relevant Pages

  • Re: Vodafone ConnectMe software conflict with IIS 5.1
    ... request it again it comes up with a 400 bad request error. ... Now going into the event log I get the message to do with IIS ... searching is normally a response for a dodgey metabase [for whatever ... every time I install ConnectMe IIS dies - regular as ...
  • Re: IIS6 Fails To Start - WWW Service Error out of no where
    ... Please check whether the nodes "W3SVC" and "W3SVC/1" exist in your ... Unfortunatly there are no backup files in history folder before the issue ... We can conclude that metabase is OK, IISadmin, smtp and FTP runs fine, I ave ... >> preventing IIS from writing to it, and causing some sort of corruption -- ...
  • Re: Event ID: 2273 Source: W3SVC-WP
    ... IIS should naturally recycle the WP on its own, ... the WP fails to run due to inaccessible metabase. ... IIS is simply telling you ... WP will cache the metadata such that future requests for the same URL ...
  • Re: Exchange 2003 and Outlook Web Access.
    ... I made a backup off IIS after the re-install of IIS and Exchange when ... Then I backed up the metabase config via Microsoft's instructions on ... >>that are not allowed to access the Web site, and the IP address of your ... > that after getting Exchange running and before making any changes to ...
  • Re: IWAM out of sync (DCOM error) 10004
    ... password that is cached in the IIS Metabase for the IWAM and IUSR accounts. ... This should show you whether the password is being changed in the metabase. ... If you reset the password on the domain account, ... and IIS is set to control the IUSR password? ...