I have an IIS server running here at the shop. It's going to be used as an internal server, and isn't supposed to have a connection to the outside world. However, if you type the IP of my server into any public terminal, my server is published and working. I don't want that, at all.
This server also does NAT translation and routing for the network, so I can't take the computer offline. That would be the easy solution. Is there any way I can prevent IIS from being published publically, but still maintain functionality within my intranet?
I've tried Google, but I'm kinda new to this and don't really know the terminology, so I'm coming up blank.
EDIT: OK, I spoke too soon. With a little fiddling on my end, I was able to close it off. There's nothing to see here. Please return to your homes.
I guess I can still give this topic a bit of substance.
I'm getting into ASP.NET 2.0 and would love to find some people who are comfortable with it, preferably using VB05 as the language. (Although I can read C# just fine, I don't care to use it when VB05 is just as good.) Just to bounce some stupid questions around from time to time. If anyone fits that bill, look me up on AIM. (l0gik420)
What did you do to fix it?
I have a hardware firewall that I thought was configured properly, and as a result I shut off the internal software firewall in the Routing and Remote Access snap-in. On a hunch, I went in and re-enabled it, and it immediately started blocking all external server access.
Now it's back to the documentation for the hardware so I don't have two firewalls running at the same time. Last thing I need is another place for things to go wrong.
Now it's back to the documentation for the hardware so I don't have two firewalls running at the same time. Last thing I need is another place for things to go wrong.
Feel free to ask ASP.NET, C# or VB questions here. I for one would help you. I don't have AIM.
Also, MSDN is your red-with-horns-and-a-pitchfork friend.
Also, MSDN is your red-with-horns-and-a-pitchfork friend.
QUOTE(Jaime @ Dec 3 2006, 03:51 PM) 
Feel free to ask ASP.NET, C# or VB questions here. I for one would help you. I don't have AIM.
Also, MSDN is your red-with-horns-and-a-pitchfork friend.
Thanks.
I'm banging my head against the wall on this one. I've been playing around with it all night, I just can't get it to work right.
The error I'm getting:
QUOTE
Must declare the scalar variable "@ContactID".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Must declare the scalar variable "@ContactID".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Must declare the scalar variable "@ContactID".
Here's my code for the button causing the error: (sqlContacts is my SqlDataSource)
CODE
Protected Sub cmdSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdSave.Click
sqlContacts.InsertParameters.Add("@ContactID", Me.lstCustomer.SelectedValue)
sqlContacts.InsertParameters.Add("@Name", Me.txtName.Text)
sqlContacts.InsertParameters.Add("@Phone", Me.txtPhone.Text)
sqlContacts.InsertCommand = "INSERT INTO [Contacts] ([Account_ID], [Contact_Name], [Contact_Phone]) VALUES (@ContactID, @Name, @Phone)"
sqlContacts.Insert()
Response.Redirect("Default.aspx")
End Sub
sqlContacts.InsertParameters.Add("@ContactID", Me.lstCustomer.SelectedValue)
sqlContacts.InsertParameters.Add("@Name", Me.txtName.Text)
sqlContacts.InsertParameters.Add("@Phone", Me.txtPhone.Text)
sqlContacts.InsertCommand = "INSERT INTO [Contacts] ([Account_ID], [Contact_Name], [Contact_Phone]) VALUES (@ContactID, @Name, @Phone)"
sqlContacts.Insert()
Response.Redirect("Default.aspx")
End Sub
I'm too dumb to build a simple sql insert query. Don't tell my boss. I'm sure it's something easy, like a few missing Dim statements, but I can't figure it out.
resonance cascade! 
OK, I should just start typing out all my problems and then staring at them in print. I figured out a way to avoid parameters entirely.
new code:
I was getting a funky error before when I was trying to pass values by variable instead of parameter, then upon further thought realized the funky error was due to user stupidity...you can't input strings without enclosing them in quotes of some form.
Return to your homes. There's nothing to see here. If I did want to use parameters, what did I do wrong in that first code snippet?
new code:
CODE
Protected Sub cmdSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdSave.Click
Dim intContactID As Integer = Me.lstCustomer.SelectedValue
Dim strName As String = Me.txtName.Text
Dim strPhone As String = Me.txtPhone.Text
sqlContacts.InsertCommand = "INSERT INTO [Contacts] ([Account_ID], [Contact_Name], [Contact_Phone]) VALUES (" & intContactID & ", '" & strName & "', '" & strPhone & "')"
sqlContacts.Insert()
Response.Redirect("Default.aspx")
End Sub
Dim intContactID As Integer = Me.lstCustomer.SelectedValue
Dim strName As String = Me.txtName.Text
Dim strPhone As String = Me.txtPhone.Text
sqlContacts.InsertCommand = "INSERT INTO [Contacts] ([Account_ID], [Contact_Name], [Contact_Phone]) VALUES (" & intContactID & ", '" & strName & "', '" & strPhone & "')"
sqlContacts.Insert()
Response.Redirect("Default.aspx")
End Sub
I was getting a funky error before when I was trying to pass values by variable instead of parameter, then upon further thought realized the funky error was due to user stupidity...you can't input strings without enclosing them in quotes of some form.
Return to your homes. There's nothing to see here. If I did want to use parameters, what did I do wrong in that first code snippet?
OK, here's a general question...
SQL Server 05 is configured to use the built-in system security here at work. All SQL requests that come through the browser come through the "NT AUTHORITY/NETWORK SERVICE" user. I didn't make it work that way, that's just the way it works. Now it's not much of an issue here at the shop since our intranet is blocked from public access, but I'm also working on a personal project that will exist on the web. I already know that the SQL05 installation on my webserver keeps its own userlist, for obvious reasons.
How should I configure this? Should I have an sa account for myself to make administrative changes, and a universal "web" login with simple read/write privledges across all the tables exposed to the public, or should I create individual accounts based on need? (i.e. One account set to read-only from table A, one set to read/write table A, one set to write only to table B, etc.)
SQL Server 05 is configured to use the built-in system security here at work. All SQL requests that come through the browser come through the "NT AUTHORITY/NETWORK SERVICE" user. I didn't make it work that way, that's just the way it works. Now it's not much of an issue here at the shop since our intranet is blocked from public access, but I'm also working on a personal project that will exist on the web. I already know that the SQL05 installation on my webserver keeps its own userlist, for obvious reasons.
How should I configure this? Should I have an sa account for myself to make administrative changes, and a universal "web" login with simple read/write privledges across all the tables exposed to the public, or should I create individual accounts based on need? (i.e. One account set to read-only from table A, one set to read/write table A, one set to write only to table B, etc.)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.