Psst! Did you know DevelopmentNow is a mobile web site design agency?

Contact us for help mobilizing your site, or to sign up for our beta Mobile Web SDK!


Archived Months
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
all groups > asp.net security > recent posts

RE: WindowsTokenRoleProvider caching user's roles?
Posted by Jeff at 8/4/2009 2:37:06 PM
Thank you Joe K. Logging off and logging back on again solved my role caching problem. From http://www.google.ca/search?hl=en&q=WindowsTokenRoleProvider+caching&btnG=Search&meta= Posted via DevelopmentNow.com Groups http://www.developmentnow.com/g/...more >>


RE: ADAM and AuthorizationStoreRoleProvider
Posted by saravanakumar38 at 3/24/2009 7:14:50 AM
I need to create a web application which has to use the AD for authendication and ADAM for authorization. i try to create a web applicaiton and added a ADAM membership to the configuration file as mentioned in the http://blogs.msdn.com/dansellers/archive/2005/10/11/479941.aspx but still i was ...more >>

RE: ASP.NET User.Identity.Name value after a domain username change
Posted by Michael at 11/4/2008 12:28:39 PM
Apparently this is a known issue. http://support.microsoft.com/kb/946358 This was a bit maddening before we figured this out, especially for employees that get married. From http://www.developmentnow.com/g/14_2006_3_0_0_728745/ASP-NET-User-Identity-Name-value-after-a-domain-username-change.htm ...more >>

RE: Forms Authentication for only one folder
Posted by stcheng@online.microsoft.com at 6/23/2008 3:05:58 AM
Hi Flyguy, From your description, you're using ASP.NET with FormsAuthentication, and you wonder how to configure an particular folder to have different authorization setting as the main web application, correct? Based on my experience, for specifc authorization(for a parituclar page or s...more >>

SocketPermission granularity in .config files
Posted by James Snell at 6/21/2008 11:56:01 AM
I'm hosting a server which will have some sites which talk to some MySQL servers, I'd like to run in medium trust but additionally have to open up the SocketPermission priviledge as it is needed by the MySQL connector. I currently have this in the .config file... <IPermission...more >>

Forms Authentication for only one folder
Posted by Flyguy at 6/21/2008 7:29:02 AM
I am using Forms Authentication on a website. I’d like to configure it to allow anyone access to the entire site with the exception of one folder. In that one folder I’d like to limit it to users with logins. How do I setup my web.config file for this?...more >>

FormsAuthentication Session Cookie
Posted by Julian Welby-Everard at 6/20/2008 9:00:01 AM
I am using a custom forms auth, which sets up the session and authcookie, on session time out the content of the session is being cleared which is what i expect, im my global.asax on session timeout i call FormsAuthentication.SignOut() to clear down the authcookie. but this does not seem to...more >>

Problem using a UNC Path within a COM component in asp.net
Posted by Bill Tinker at 6/19/2008 9:05:00 PM
Hi I would appreciate any help that would shed some light on this problem... I have a com dll that is an API to another application. The initialize routine of the object requires the path where the data files are located, to be passed in as a parameter. This works fine when the data folder...more >>



HttpWebRequest on an encrypted page
Posted by Mark at 6/19/2008 7:59:02 AM
I'm trying to do an HttpWebRequest on an encrypted page but it's returning an empty XML document. When I go to the same link in IE I see all the XML. Any ideas? Thanks...more >>

Re: Mixed Authentication, ASP.Net 2.0, IIS 5.0
Posted by camainc at 6/18/2008 3:52:03 PM
One clarification - both internal and external users are within trusted domains - they are just in separate domains, and one is not a Windows-based network, so I have to use forms-based security for them, and integrated security for the Windows users. Having them all go through a username/passwo...more >>

Mixed Authentication, ASP.Net 2.0, IIS 5.0
Posted by camainc at 6/18/2008 3:45:00 PM
Can someone point me to a ~working~ example of using mixed authentication in an ASP.Net 2.0 website? I have been screwing around with this all day and I am no closer to a solution. It seems to me that this sort of thing should just be "built- in." I can't believe that after 10+ years of ASP.Ne...more >>

Same Here <101c0fa3-c842-4782-a3a0-31b645359589@x1g2000prh.googlegroups.com>
Posted by Ron H at 6/18/2008 3:12:11 PM
I spent hours frustrated with how a simple postback was not working running locally. But it works normally on a different web server. A configuration tip or work-around will be appreciated. ...more >>

Impact of Verisign Timestamping Service on ClickOnce deployed Apps
Posted by RonnBlack at 6/18/2008 2:19:22 PM
We have a number of applications that are deployed using ClickOnce and we use the VeriSign timestamping service. The VeriSign timestamping service is being upgraded to use SHA-1 instead of MD5 and I need to gauge how this will affect our applications. From what I understand when the applica...more >>

login twice on the same web-app on one machine ?
Posted by Jurjen de Groot at 6/18/2008 10:40:28 AM
Hello, I'm currently maintaining a web-application wich is 'secured' using FormAuthentication. When the user is authenticated I set then Authentication-Cooke using : FormsAuthentication.SetAuthCookie( UserName, false) and redirect the user to the correct page. In the global.asax (Appl...more >>

Problem accessing security
Posted by David at 6/17/2008 6:15:00 PM
I'm trying to get a web site up and running. It's a hosted website using asp.net and SQL server. I'm also using the membership classes, and the standard membership controls. I have a database on my development machine, and during debugging, I set that to be my membership provider. Everyt...more >>

Impersonation fails on intranet site
Posted by Dwight Johnson at 6/16/2008 6:21:37 AM
We had a situation where impersonation was working on our test intranet site, but failing on our production site. The application uses integrated Windows authentication, and gets the currently logged in user using the WindowsIdentity class. The web.config had impersonate set to true. Everything ...more >>

Re: Some or all identity references could not be translated.
Posted by Darko Bazulj at 6/15/2008 9:42:47 PM
Hi Joe, good suggestion, I tried and it works :) Good thing is that only active DC will return. I tested with blocking(IPSec) data between DC and memeber on which I run code. Code: maybe help to someone Dim instance As Domain Dim returnValue As DomainController ...more >>

Re: Lightweight logon? Impersonation? - shared workstation problem
Posted by Joe Kaplan at 6/13/2008 10:14:41 PM
I guess I still don't understand. If you are trying to access a website, the login to IIS is a network login which is processed nearly instantaneously. There are no login scripts executed. Is this a web app or a local app you want to access? Joe K. -- Joe Kaplan-MS MVP Directory Servi...more >>

Re: Some or all identity references could not be translated.
Posted by Darko Bazulj at 6/13/2008 1:30:26 PM
Hi Joe, Thank you for suggestions. I decide to do next: enumerate DCs try to connect to first and if connection is sucessfull continue but if not then try to connect to second DC. Regards, Darko Bazulj ...more >>

Re: Some or all identity references could not be translated.
Posted by Joe Kaplan at 6/13/2008 12:02:11 PM
You can also use the FindDomainController method on the domain class to get more control over this and make sure you get DCs in your site and such. It might be an easier and more robust approach to do the same basic thing. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-aut...more >>

Re: Lightweight logon? Impersonation? - shared workstation problem
Posted by Joe Kaplan at 6/13/2008 12:01:05 PM
Basically, if you disable automatic login with Windows Integrated Auth in the browser, the web app will just challenge the user for credentials and force them to log in. The login they provide to the server will then not be coupled to the identity of the login on the workstation itself. Yo...more >>

Re: Lightweight logon? Impersonation? - shared workstation problem
Posted by THG at 6/13/2008 10:42:01 AM
Joe, The trick here is that login takes time and therefore your proposed approach seems to result in a lengthy logon. I am looking at the ways of allowing user access to a very limited set of resources on the network, primarily on the web server for a single application, under their Windows...more >>

Re: Lightweight logon? Impersonation? - shared workstation problem
Posted by THG at 6/13/2008 8:37:01 AM
Joe, Thank you for replying. Would disabling automatic integrated authentication mean that users will not have to go through a complete logon and workstation can be logged on a basic generic account? Our problem is that users might not have enough discipline to close the browser when they...more >>

Re: Some or all identity references could not be translated.
Posted by Joe Kaplan at 6/12/2008 10:32:08 PM
It seems like the key for you is to ensure that you always use the same DC for doing your write operations, so it would likely be a good idea to use fixed DC names for this particular app. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide ...more >>

Re: Lightweight logon? Impersonation? - shared workstation problem
Posted by Joe Kaplan at 6/12/2008 10:30:52 PM
Can you disable automatic integrated authentication in IE for the machines in question so that the users will simply be prompted to enter credentials when they access the app? Then, have them close the browser when they are done. If you have smart cards, you could also just use SSL with cl...more >>

Lightweight logon? Impersonation? - shared workstation problem
Posted by THG at 6/12/2008 4:36:00 PM
We have an Intranet ASP.NET application that is relying on AD security. We have a business requirement to run our application on shared workstations. Additional requirement is that users are under time constraints and use the system on and off during their shift. Up to 4-5 users can share ...more >>

Re: Exclude Error Status 403 from customErrors Redirect
Posted by Larry Neylon at 6/12/2008 2:32:55 PM
Thanks for that Alexey. Looks workable if there is nothing built into ASP.Net. ...more >>

List of user's digital certificates
Posted by djuzepina@gmail.com at 6/12/2008 2:08:21 AM
Hi, I'm writing an ASP.NET 2.0 application. Users can login using certificates issued by several cert. authorities. My problem is to provide user a possibility to change certificate which he use to login. So, i would like to have a page where he can choose some other certificate from list of ...more >>

Re: Exclude Error Status 403 from customErrors Redirect
Posted by Alexey Smirnov at 6/11/2008 11:00:44 AM
On Jun 10, 3:30=A0pm, "Larry Neylon" <la...@senior.removethis.co.uk> wrote: > Hi there, > > I've got a site that has custom errors with the web.config looking like > this: > <customErrors mode=3D"RemoteOnly" defaultRedirect=3D"/CustomErrorPage.aspx= "> > > <error statusCode=3D"404" redirect...more >>

Exclude Error Status 403 from customErrors Redirect
Posted by Larry Neylon at 6/10/2008 2:30:56 PM
Hi there, I've got a site that has custom errors with the web.config looking like this: <customErrors mode="RemoteOnly" defaultRedirect="/CustomErrorPage.aspx"> <error statusCode="404" redirect="/404.aspx"/> </customErrors> Is there a way of excluding 403 errors from being redirecte...more >>


DevelopmentNow Blog