Is there a way in asp.net/vb.net to determine whether a machine is configured as a member of a domain or whether it is setup as part of a workgroup? And how can I determine the name of that domain or workgroup? -Walter Zydhek...more >>

Hi, I've never seen similar problem before. Application_AuthenticateRequest in Global.asax.vb file execute 4 time before it exit to the default.vb file. Plus, in every run, the code execution jump back to the previous line that already been executed (I'll explain): example : line 1 : Sub A...more >>

1) I have an intranet . <Directory>Intranet with <Subdirctory>admin and <Subdirctory>database with an accessdatabase (data.mdb) I have 2 NT-Groups a) NT-Group "read" can read data in all directories b) NT-Group "change" can read and write data in all directories Only the...more >>

Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I...more >>

I have a Web Farm and I understand that in order to keep ViewState safe I want to modify the <machineKey>. 1) The documentation indicates that EnableViewStateMac defaults to "false" but I am seeing View State corruption messages (as a result of HttpException). Can the View State be detec...more >>

Hi all! I would like to know how I can restrict access to a specific website or subdirectory in a website based on certificates. I have a webbased administration interface for a website that I administer. This is in a subdirectory on the webserver. This subdirectory has restricted access ba...more >>

Hi, Within a web application, I have secured folder/aspx pages using the location tag in web.config. Now whenever an unauthorized user tries to access that page, a popup dialog is displayed - which i dont want. I want to show a nicer message like 'you dont have access to this area' on a po...more >>

The Operation has timed-out Description: An unhandled exception occurred during the execution of the = current web request. Exception Details: System.Net.WebException: The = operation has timed-out. The webservice works great when invoked through the browser and returns = the data as requ...more >>

Hi! I need to access web service form ASP.NET application with credentials of connected user (Integrated Windows Authenticated) I think I have to do next steps: 1) Create proxy class for web secvice. (I did it with "Add web reference" dialog box. Visual studio created for me some class (MyProxy) de...more >>

Hi, I have no idea how to write .bat scripts, can you help me write one? Here is a pseudo code of what I would like the .bat script do. For intFolder = 1 to 100 For intFileNumber = 1 to 20 IF intFileNumber.wmv file does not exist, THEN exit loop. sse45.exe -i k:\o\intFileN...more >>

Hi all, I just migrated my website to the IIS 6.0. Everything is the same and everything is running perfect except I got this error message "access is denied" when i try sending email from the aspx page. The whole message is like this: ASP.NET is not authorized to access the requested re...more >>

I really wish there were some examples explaining how to create a forgot password email link system when you encrypt a password in a database and use ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't just send a user their password by email. So I'm not sure the best way to ...more >>

Hi! after extensive research of this topic, I'm still not sure what is "official" way to do it. Task: 1. User submits some request to ASP.NET application and the app should write the result to a network share. 2. Integrated Authentication must be used 3. No open password are...more >>

Hi, Does any one knows what account must have the Write Access to allow edition on a Access database with an ASP .NET application with Windows 2000 ? Under Windows 2003, it is the Network Service and not the ASPNET account. Thaks and best regards Gilles *** Sent via Developersdex...more >>

I've read the following article regarding NTFS permissions and ASP.NET http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dnnetsec/html/SecNetHT01.asp In table 1 it says: Parent directories of context List Folder/ Read Process For file change notifications and the C# comp...more >>

Hi I am looking for some good suggestions to store a cryto key with my new Asp.Net application using Triple Des to encrypt data. The database is on SQL2000 server.. My first idea was to store the key within the program, but as programs can be easily obfuscated this is probably a bad idea. ...more >>

Hi! I am trying to open a connection to a SQL Server database using just the Framework, Notepad and the browser. I keep getting the error message "SQL Server does not exist or access is denied." I am using the following for the connection: Dim conPubs As SqlConnection ConPubs = N...more >>

I'm using Forms Authentication, the user may come from a HTTP page, the login page is using SSL, so after logging in the user will be redirected back to a non SSL page. This used to work without any warnings. Suddenly after entering the login information IE is warning the user that they are be...more >>

Hi, As the subject suggests, the defaultcredentials object that i need my code to acces is empty, despite the user having logged onto a win 2000 domain. I cannot understand what my be causing this, so if anyone can help - i would be very grateful. Cheers Chris ...more >>

Hello all, I am attempting to work on a project for work at home and I'm experiencing extremely slow page loads. These are pages that work fine in the office but when I try to work on the project at home on my laptop, the pages take upwards of 100+ seconds to load. I will try to give all t...more >>

Hello All, I am trying to use the .Net built in role based security. It is not working. The web config has the following; <authorization> <deny users="?"/> <allow roles="DMZ\SLReports, DMZ\Supply-Link" /> <deny users="*" /> Users are not being allowed web access unless I add them to...more >>

We have a solution where we access one webservice trough asp.net form. than the first webservice access the second webservice. In the first webservice I can get the user-identity but from the second webservice i don´t. The authenticated access on the webservice is configured: "Intergrated Wind...more >>

Hi all, I want to read a lot about .net and security, because to my point of view we never know enought about it. I purchased some books, like "Security for Visual Basic.NET" (a quick overview for beginners), and "Building Secure Microsoft ASP.Net Applications" both on MSPress. I look f...more >>

This is a definition for Form Authentication from MSDN : "The Forms authentication provider is an authentication scheme that makes it possible for the application to collect credentials using an HTML form directly from the client. The client submits credentials directly to your application ...more >>

Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've disabled the anonymous access so the user must type it's login/password. Now, I want to create a first site where my users will type their login/passw...more >>

Hi, I am developing ASP.NET web applications that involves automating of office componets (like Word etc.) for which I need to read/write .doc files etc. But with the default prividges I encountered an error saying that the IU_ASPNET user's privedges do not allow the doc file to be opened !!! So ...more >>

I'd like to have my (intranet) application's users choose to use their NT Login account credentials or specify another UserID/password combo on the app's login page. Is this possible? So far, I've only seen ASP.NET examples where you have either integrated Windows authentication OR Forms specifie...more >>

I have a subweb secured with Windows authentication. IIS has anonymous access disabled & basic auth enabled. The sub folder has acls set to allow access to a single non-admin user as well as administrators. Upon browsing to the home of the secured subweb users are prompted to log-in once, and as...more >>

Hi, I am trying to use declarative security in a ASP .net application With the statement below <System.Security.Permissions.PrincipalPermission(System.Security.Permissions ..SecurityAction.LinkDemand, Role:="BUILTIN\Account Operators")> _ Public Class myClass I always receive a security ...more >>

I have a small ASPX app I have created and decided to roll my own Forms Authentication. Now I take the user name, password and domain and created an encrypted foms authentication ticket. In the ticket I put some info in the userdata property. On a different page after authetication I want to accs...more >>

Have anybody tested if the latest RPC vulnerabilities can be executed from an Asp.Net page running in an un-patched server? Since it is possible to make direct Win32 API calls from Asp.Net there is a high change that these vulnerabilities will work. If that is possible, please provide the test...more >>

Asp.Net.Vulnerability: Win32 API calls (potential security problems) Since win32 calls are supported in Asp.Net and cannot be disabled when the website is running with 'Full trust', it is imperative to identify all potentially dangerous Win32 DLLs. Here is a short list of the ones we have iden...more >>

At the moment the only method available to disable direct Win32 calls from Asp.Net pages (using for example: " Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long") is to reduce the website's trust level from 'Full trust' to 'Medium...more >>

I am planning on using DPAPI for an asp.net application. I will configure the app to run under an account I create. My understaning of DPAPI is that it needs an login in order to work correctly, i.e. I need to log on interactivley at least once with the the account. That sounds dandy. ...more >>

I have an assembbly that consists of several .NET DLLs, some of which I compile in advance, some of which customized for the indivudual user (skins). On machines that I has control over, no problem. As soon as I deployed them on publicly hosted sites, I had to add strong naming lest I get secu...more >>

I'm wonder if anyone has tested the System.Security.Cryptography.MD5CryptoServiceProvider against the RFC 1321 Test suite? For example, here is the list of string to hash for md5: MD5 ("") = d41d8cd98f00b204e9800998ecf8427e MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 MD5 ("abc") = 9001509...more >>

Hi all, I have a problem in and around the ASPNET user and CDO, my code is as follows using System; using System.Web.Mail; MailMessage mm = new MailMessage(); //set the properties mm.To = "dum.dumb@dumb.com"; mm.Subject = "subject - test"; mm.Body = "message - test"; mm.F...more >>

Hi, We're having an issue with Forms Authentication cookies being treated as expired / invalid, and being deleted. This is causing our intranet users a great deal of pain - Running IIS 5.0 on Win2k Server - Forms Authentication is setup with a timeout value of 45 minutes in web.config - S...more >>

Guys and gals, I am having a problem with an IFRAME that is embedded into an ASPX page (ASP.NET application). The IFRAME is originally empty (src=''). When a user selects a date from the drop-down list box above the IFRAME, the IFRAME loads the content of a file on the local machine (c:\bds\b...more >>

Hi, I would like to create a WebApp, say MySecurityProvider, that just contains a login page that knows how to authenticate a user. And I want other web apps, e.g. MyTestWebApp, that require authentication to point their loginUrl to the login page in my web app. Is that possible? I tri...more >>

I have a W2K server, running IIS 6 and Active Directory Services. I have an ASP.Net application off the root web directory named "Apps". Within the IIS Manager I have the Authentication method set to "Anonymous Access" as well as "Authenticated Access" using "Integrated Windows Authenticat...more >>

Hi, I get a security alert when I redirect a user from aspx page to asp page. Both the pages are present on the same web site and Https is configured for both the pages. Can anyone suggest why i am getting the alert and how can i avoid getting the alert. I am using IE 6.0 SP1...more >>

hi, i have a web application residing on a web server [w] and a file server [s]. Both the servers are part of same domain [d]. now, i want to access shared folders from my web application but the access should be given to only those users who has permission on shared folder. I set up i...more >>

Hi, Using ASP and VBScript. How to convert JPEG image into a binary data? Is it possible with a command from ASP / VBScript without having to put it into a database first? I want to take the JPEG image from a folder, convert it into a binary data, and stream it to the browser. How can I do ...more >>

http://support.microsoft.com/?id=815152 (Edit the script mappings in Internet Services Mananger to protect pdf's with aspnet) I have a site that has multiple pdf's for download and multiple users who will download the .pdf's. I secured the site using the above article. I created an "admin" ...more >>

Hi, I'm trying to build a login system where users login via web form, but then they are logged in as they would with windows authentication only not involving chalenge/response or basic authentication. I was able to login user via LogonUser() function and to get WindowsIdentity and WindowsPr...more >>

Hi, Are there any security issues related with storing data related to the users session in session.item ? Can i keep data in there with any risk of it being read from the client side ? Please advise Regards Niclas ...more >>

All, If anyone has been following my trials over the last week see(Setting up a Web Application on IIS 5.1 and ASP.Net Security Problems). I'm having a problem running a Asp.Net Web Application. I've finally narrowed the problem down to a security issue: The ASPNET (aspnet_wp) account cann...more >>

Hi, I am trying to figure out a way to authenticate against Active Directory and retrieve system.security.principal.WindowsIdentity object, without having to see the awful grey Basic Authentication logon box. I have found documentation that you can send a authtentication request programaticall...more >>

I have a Win2K server set up with .NET 1.1, IIS5, and I run a few development test sites on this server for deployment elsewhere. Up until now, there was no issue with the sites residing in the Inetpub directory on the sys partition. However, we are starting to consume valuable disk space on th...more >>