On my asp.net application, suddenly the forms authentication cookies for clients have quit expiring. This results in users being able to access the site from day to day without having to log in, even their browers are closed and reopened hours apart or even if their machines are rebooted. This b...more >>

When attempting to access the Registry, I receive errors. I have attempted to add code to assert access to the key, but this does not help. The documentation on accessing the Registry is pathetic. Dim rp As New System.Security.Permissions.RegistryPermission (Security.Permissions.Registr...more >>

I created a database driven web application in asp.net (c#). Now I need to create queries on the database, based on the groupmembership of the visiting user. I can get the login ID of this user by using String strUID = Request.ServerVariable["LOGON_USER"]; now in VBScript I would do somet...more >>

I have created an Excel object to run an excel report and download to client side. I use the Excel 9.0 COM object (Excel 2000) in my project. However, when deployed to client site (which is using Excel 2003), the workstations show "Access is denied" when running the excel report. I've...more >>

Why oh why doesnt this work??? I have a simple forms authentication that all works fine, ie it validates user details against a db. When i try to redirect it goes off to nowhere. eg - code snippet: FormsAuthentication.SetAuthCookie(dat("USER_ID"), AutoLogin.Checked) Context.Respo...more >>

Hi All ! I get into the problem... My web application, which uses authentication mode="Windows", so the app will impersonate under the user, which access it's pages. In the application, I do use "Microsoft.Win32.RegistryKey.OpenRemoteBaseKey", which fails, because the app identity was (probab...more >>

We are experiencing the following error when writing to a custom log file: "Requested registry access is not allowed." We have created the custom log file using the code below and then add full permissions to the ASPNET account at the Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Se...more >>

I have an ASP.Net app for which I want to be able to log events to the Windows 2000 server event log under a special log name. I encountered the initial security exceptionwhen I first tried this in code and then did some research on the subject. I think I've found two seperate ways to accomplis...more >>

Hello, How's everybody??? Hey I have a quick question. How can I set up the Authentication Mode on IIS from my SETUP project. I'm using Windows Authentication and Impersonation and I have the respective tags in the web.config, like this <authentication mode="Windows" /> <identity...more >>

Just wondering how safe it is to include sensitive information such as a database connection string in web.config. ...more >>

Hi Everyone... I have a strange problem.. I managed to perform authentication (cookie & cookieless ) and get redirected to a default page, but when i try to move to another page within the protected area, i get prompted for the login page again... My Web.Cofig in the authorization sectio...more >>

I have an Assembly I've built and installed in the Global Assembly Cache. I have an ASP.NET web application that is referencing this Assembly and when I try to run it I get a "Parser Error: File or assembly name LocalLib.Common, or one of its dependencies, was not found." The trace provides ...more >>

Hello, I have an application with forms authentication setting specified in the web.config of the app root; so all users must login before they can access any page within the app. Is there a way to have a subfolder with a page that within the app that doesn't require user to login ? For exa...more >>

Hello folks, how can I encrypt the password that an user enters in my normal login window. Thank you Anton ...more >>

Hello folks, I have my security stuff set up and it works fine for all aspx files, so a user that want to access an aspx file in a certain folder can only access them when being logged on correctly. But when putting a normal html file into that folder that is only accessible by logged on users...more >>

I am writing a web site for my client using asp.net. But I don't want him to able to read the code and reuse it in future. How can I protect the code and still give him a copy? Any idea? just wild guess like compiling the project into .exe, component or dll. I have no idea. Please advise! Isa...more >>

Hi there, I have been reading up on Authorization and role based security for a couple of days now, and am trying to implement this in my applications. I'm having a problem with my roles being reconized by using the user.isinrole("test") on the redirected page after the Login. for instanc...more >>

I am at my wits end with IIS security. I am trying to run a component from an aspx page which accesses the sockets namespace. Of course because most administrators cannot keep there servers secure microsoft now has it so any attempt to access a socket from the aspnet account results in "An at...more >>

If a web app uses forms authentication and a specific aspx page has a role authorization, where should a browser be directed if a user is not in the role for that location? Background to my question: I'm using forms authentication on a web app, setting the ticket in code...also setting the r...more >>

I bailed on this before and just went to Basic Authentication and told the users they would have to live with signing on again.... but now I need to get it working... Domain: Windows 2003 Web Server: Windows 2003 SQL Server: Windows 2000 The web server and the SQL server are trusted for...more >>

L.S., For our client we have built a web application for use on their internal network. The employees need to log onto the application specifically, regardless of their Windows authorisation status. Web.config contains the following lines: <authentication mode="Forms"> <forms name="....more >>

I'm having a problem getting forms authentication to work. I have two web config files. The first one (located in the application directory) is defined as follows: <configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="default.aspx"/> </authentication> ...more >>

Can someone point me in the right direction? This is the page that results from my web app. This web app installs on every other machine without a problem. Here is a copy of the page: -------------------------- Configuration Error Description: An error occurred during the processing of ...more >>

I have code in the Global.asax that adds roles to a logged in user, which all works fine. But, i noticed that every request for a page thereafter runs this code each time - which requires a call to the DB, which is costly. I have tried to run this same piece of code from another page, instea...more >>

I am using forms authentication to secure my pages. For my logout, I created a logout page with FormsAuthentication.signout is called at the Page_Load. However, after I log-out, I still be able to access and continue to navigating the secure pages. Does anyone know what is the problem wit...more >>

I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: Web.HttpContext.Current.User.Identity.Name to write audit trail as to what users do. Now recently on one of the activities I n...more >>

Greetings. I'm looking for a message from late September of this year, and I'd like to know if there are archives availale anywhere. Anyone know? Thanks, Will...more >>

Dear all, why do i get the following exception when i try to write to the event log from a webform. and how can i resolve it? Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contac...more >>

I am trying to loop through a directory and place all the folders and files into an array. I want to store only the folders and files that the current user has access to into the array. Below is some sample code of what I'm doing: Public Sub ProcessDirectory(byval strPath as string) Di...more >>

my screen is composed of 2 frames. the left frame has a treeView control, and the right frame display info about the selected node from the left frame. In some cases , I need to fire the PostBack event of the left frame, from the right frame . How can I do it ?? thanks for any help...more >>

Hi, My web application uses windows based authentication. I need to have a sign out feature, has anyone got an idea of how you sign out when using windows authentication. Regards...more >>

I have gone through newsgroups and several websites and have a pretty good handle on the role based security and dynamically displaying pages on our extranets based on roles and permissions. We are adding another layer of access permissions to our extranets and I need some opinions on the best wa...more >>

Hi, Is there a way to redirect the user to a default, anonymous, welcome or "splash" page for our application when using Windows authentication with Basic enabled? In other words, if a user attempts to access a secured page directly the first time, they will be redirected to the applic...more >>

I have a asp.net app. ( been working fine so far ) Has anyone seen this before; "Cannot execute a program. The command being executed was c:\winnt\microsoft.net\framework\v1.0.3705\vbc.exe" It seems to have suddenly appeared after a restart to our server ! thanks in advance...more >>

My problem still remains but I found a little formulation error in my question. I hope that didn' cause i got no answers. I have a web system with forms authentication that works good with the code: FormsAuthentication.SetAuthCookie(strUserID,True) and Response.Redirect("UserManager.aspx",...more >>

I have a WebService that is using FormsAuthentication (setup in the web.config file) as follows: <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="https://foo.com/Register/Login.aspx" protection="All" timeout="30" path="/" /> </authentication> Accessing the web servi...more >>

Hi All, Does anyone know how to clean a asp application from a virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the textbox when the textbox.text has any reference to this 'insurance' word. I am using custom controls on custom p...more >>

Hello, I have the following problem: I installed a web app on IIS 6 in Win2k3 = EE. Now, whenever I try to log on to my SQL Service, I get Login failed = for user 'NT AUTHORITY\NETWORK SERVICE' I solved the problem easily, by adding NETWORK SERVICE as a login in SQL = Server. However, my ques...more >>

Simply, I wish to return System.IO.File.Exists ("\\myserver_1\myshare\myfolder\myfile.doc") within an ASP.NET web application that sits on "\\myserver_2"(windows server 2003). The application is using integrated windows authentication only (anonymous is off), and impersonation is enabled ...more >>

Hello, I have a problem trying to rewrite a path in ASP.NET 1.1 - each rewrite throws an Access is Denied error, even though anonymous access is allowed for the directories in question, and they are sub-directories of the ASP.NET web application. This only occurs if the path is rewritten at th...more >>

Hi, I need an example on MD5 encryption. In a ascii textfile I have a date in string format. I need an example how to compute a hash value on the datestring and another method to compare the two with each other. TIA /Kenneth...more >>

I don't event know where to begin to solve it. I tried everything I could find on the net, with no avail. I ma loading an assembly using http. Here are the steps leanding to the assembly load and create object instance in this assembly: 1. Assembly name definition AssemblyName assembly...more >>

Hello, I have a programme made in VB6 that I need to reference from a web service. I tried it from a .NET windows application and it worked perfectly. When I try it from a web service, though, it does not work at all. It does not give any error, only a "the page cannot be reached" fault in the...more >>

Hi, i am trying to write to event log from my aspx application that is using windows authentication. All my users would be 'Domain Users'. I am able to write to event log when logged in as Administrator and not as 'Domain Users'. I added 'Domain Users' to Permissions in registry for Application...more >>

I have a Login link on my non-secure home page which links to Login.aspx?ReturnUrl=/Default.aspx (which is also in a non-secure directory). Once I authenticate and set the authentication cookie in Login.aspx I return to Default.aspx .. but Default.aspx does not pick up that I am logged in....more >>

I cannot configure web.config file properly on my system. Pls help me getting following error: Server Error in '/' Application. ----------------------------------------------------------- --------------------- Configuration Error Description: An error occurred during the processing of a ...more >>

Hi, is there any security testing framework available for asp.net??? Thanks in advance Regards urenium techie ...more >>

How are HttpConext.Current.User and Thread.CurrentPrincipal different? It seems that they can be set differently in different places. Why would one use one and not the other? Thanks, Michael ...more >>

I have an ASP.Net portal application which requires a user to login. The user has a CompanyId associated with their profile in the database. Once they successfully login, I want to store the CompanyId for that user somewhere for later reference. What is the best way to do this? Should, I store...more >>

Can anybody tells if I'm doing something wrong in this code and why the user authentication ticket always expires 30 minutes later, even though I set the cookie expiration date to the maximum value, and if I'm reading the cookie back the right way ? Dim myTicket As New FormsAuthenticatio...more >>