Hello I'm happy to announce that we (DDPlus) have just released the first stable version of our new Open Source Project: the Asp.Net Security Analyser (ANSA) Asp.Net Security Analyser (ANSA) is a Open Source, Windows based, online tool, that tests the server's security for known vulnerab...more >>

I want to add my dll to the fulltrust list. But before my dll could be strongname, I must make sure that all libraries are strongname(for example, kernel32.dll). What can I do if other libs are not strongname?...more >>

Hello, I'm working on a asp.net/C# project, but I haven't got a lot of experience with programming with C# and the dotnet framework. I've build a login screen at witch users can login. All goes fine until I try to redirect the user to the protected pages. Can anyone help me? The code is as fo...more >>

Security concerns with authentication and so forth, I have a question: Is the access of system API a topic of security? In other words,I wonder, what kind of APIs are restricted to some kind of user? If I am a admin, is there any security problem?...more >>

Hello there, I have a aspx page with the following code in the click event of a button. string myConnectionString = "server=ItnCentral;database=MembersCustom;user id=test;pwd=test;integrated security=false;"; SqlConnection myCon = new SqlConnection (myConnectionString); string mySq...more >>

I am trying to lock down file access of some sites in a shared hosting environment so that different users can only access their own site's directory with their asp.net code. However there's a problem with some aspnet user access. [I enabled identity impersonate in machine.config and made allo...more >>

Hi, I have an application that was originally designed under IIS5.1 and ASP.NET that used used a setting in the machine.config that would allow my worker process to run under a different account. I know that the new worker process isolation mode changes how this works, but I have been unable to ...more >>

If I use the following in my web.config <authentication mode="Forms"> <forms loginUrl="User/UserLogin.aspx" timeout="10"/> </authentication> then the page will time out after 10 minutes of inactivity and when the user next tries to use the app they will see my custom login page. How, th...more >>

Hi I have a webapp that does queries against active directory. The app works fine when run from the local machine, but doesn't when run from remote machines. It gives [COMException (0x80072020) operations error], and points to Directoryentry.bind(). Impersonation and intergrated securi...more >>

I am implementing impersonation in my machine.config for IIS application Isolation of the ASPNET worker process. I am giving the new account the same permissions to files and folders that the aspnet account had. Everything works great....EXCEPT. All connections to access databases break. An...more >>

We have a application which allows other authorized sites to send users to our site...when the user is sent to us, user info is sent to us as a hidden Form variable and we use the HTTP-REFER variable to make sure the user is coming from an approved site. Now I understand the user of HTTP-REFER is...more >>

Hi, On Windows 2000, I use the following connection string in my ASP.NET applications: <add key="ConnectionString" value="server=(local);Integrated Security=SSPI;database=knowledge" /> I then created a login in SQL Server for the ASPNET/<machine name> user and assigned it to a WWWUsers r...more >>

I try to use RSA to implement the following scheme but wasn't sucessful. Sever encrypt a message using a public key, the client decrpyt the message using a private key. I don't want the client to be able to encrypt a message. However, using the Crypto API I need to pass in both the private...more >>

I started a new logon page using Web Matrix. How do I redirect to some other page besides default.aspx? Where does it go in the code? I have tried "Response.Redirect(\\servername\page.aspx)", but I get this "Compiler Error Message: BC30201: Expression expected." TIA for the help!! Jim ...more >>

MS Customer this is the latest version of security update, the "October 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintai...more >>

Hi. For forms authentication, the standard way to go would be something like << 1. Get user name and password 2. Look it up against database store 3. Create an authentication ticket 4. Create an authentication cookie (based on the ticket) 5. Redirect as required/appropriate 6...more >>

I am writing an ASP.Net application for my company. In order to access the site the user must log in. Authentication is handled by using the login and password and comparing it to a database table located on IIS. Works fine. Corporate now want it to validate the user by using MS Exchange Se...more >>

Hello NG, I am new to asp.net and I have 2 part question. I hope I will get some good answers here. 1- I need to make a login page to let user access the database with there information 2- How to make data transfer between server and client secure as SS# will be part of information. Det...more >>

Hi. I want a login framework that uses the ASP.NET web.config / forms authentication security schema (including roles in principals etc), but operates cookieless. What this means is I have to construct the authentication cookie, and I guess I have to pass it around as a url variable eg some...more >>

Hello all- We've been having some issues with Visual Studio .Net when using Windows authentication. Essentially, we have done three steps. 1.) Set the ACLs on the folder containing the project allowing members of an NT group full control of the folder. 2.) Set the authentication mode...more >>

Hi, I need some help on building a security model for an intranet I am currently building. I am aware that Intranets lend themselves quite nicely to Windows authentication, since you would assume that all employees will have accounts on the web server and the domain in which the server sits. ...more >>

Microsoft Customer this is the latest version of security update, the "October 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to continue keeping your computer secure from these vuln...more >>

Microsoft User this is the latest version of security update, the "October 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to cont...more >>

Hi, I have a webpage which is accessible on HTTPS protocol as it is on a machine which is configured to use 443 port. But this webpage has to show images from a machine which exposes it on HTTP and not HTTPS. So on my webpage I had to write <img src="http://photomachine/service1/folder1/abc....more >>

Hi, I'm using asp.net security and it work realy well. But some day, we have to change some of the way we use it, and add the web page inside of a windows form. Still, it work realy well, but the page who is opened by a javascript have to be authenticated again. How can I avoid the a...more >>