Skip to main content

How to manage IIS locally with a non-admin account?

System administrators use IIS Manager to host and manage their web applications in IIS. In the majority of the companies I worked with, administrators use a local or domain account that has local admin rights to use IIS Manager. How about non-admin accounts? Can a non-administrator account use IIS Manager?

The answer is YES depending on what you want to manage and how you want to access IIS Manager.

Read More

Anti-forgery token and anti-forgery cookie related issues

Anti-forgery token prevents CSRF (Cross-Site Request Forgery) attacks. The server associates this token with current user’s identity and sends it to the client. In the next request from client, the server expects to see this token. If the token is missing or it is different, then the server rejects the request (Reference).

I have recently worked on some anti-forgery related errors. These are the error messages I saw in Event Viewer:

The provided anti-forgery token was meant for a different claims-based user than the current user.

The provided anti-forgery token was meant for user “”, but the current user is “andre.boucher”.

The anti-forgery cookie token and form field token do not match.

The required anti-forgery cookie “__RequestVerificationToken” is not present.

Read More