Hi all I need to implement Runtime (Conditional) Impersonation in one of my ASP.NET Pages. If I use the <identity impersonate="true" /> in web.config file, it works fine. But in code, while I try to Impersonate I get Win32 error. I am using "Logon" Win32 API for get a specific token. But...more >>

Hi all I need to implement Runtime (Conditional) Impersonation in one of my ASP.NET Pages. If I use the <identity impersonate="true" /> in web.config file, it works fine. But in code, while I try to Impersonate I get Win32 error. I am using "Logon" Win32 API for get a specific token. But...more >>

hi all, i have a problem with my asp.net web application. i'd like to protect passwords users sent to server, without using SSL server. i'm not so skilled at that, is there a way to protect the data streaming (password) from client to server? then i can protect the password to sql with a v...more >>

I can't get this damn thing to work at all. I have a virtual directory set up with anonymous access only, web.config contains the following but when I go to the site it ignores the security and never redirects to login.aspx. I know this will be a stupid problem but please help! <configurati...more >>

Hi I have a web site under IIS 5 in Windows 2002 Server and I want to setup. In the application I have created an HttpHandler in .NET. I have set the site to require SSL and 128-bit encryption and i have chosen the Require Client Certificate option in order for the application to require ...more >>

I'm writing C# ASP.NET application. For different parts of application I wrote different config files. When I was transferred files from my office computer (windows 2000 pro) to home (windows xp pro) I got following error. Access to the path "E:\Inetpub\wwwroot\Erevir\Config\Clanki.Config" ...more >>

i have a VB.NET ASP.NET application. the front end is working fine, and know im developing the manager options. this options have to be in a subfolder server.com/manager. how do i protect only that subfolder and its sub-sub-folders? i thought setting the path param in the authentication - forms ...more >>

I get the following error when I try to run my web page in asp.net. The Microsoft Jet database engine cannot open the file 'c:\inetpub\wwwroot\test\test.mdb'. It is already opened exclusively by another user, or you need permission to view its data. I have gone to the User Accounts and...more >>

I'm new to ASP and Internet programming... I want to send a request through SSL and to receive the response non-SSL. Is this possible? I have a MFC LiveUpdate client application. I want to send the request (for a file) cripted (https://...asp) but to receive the response (which could be a big...more >>

Hello, I need to pass a variable from one page which is a datagrid and has a hyperlink column. I will be passing the id for a particular row to pull up additional details of the record. I want to know the most secure method to accomplish this, the site will be using SSL. Are there any MSDN art...more >>

Hi, I've just installed Visual Studio.NET on my computer, which runs on windows2000 server. When i creat web application and try run it from vb.net, i get the following error: =============== Error while trying to run project: unable to start debugging on the web server. Server side-error ...more >>

I have multiple machines, some with 2000, some with XP, another with 2003 server. The problem I am having is that on some machines the re-direction to the default page does not take place after the logon page. It is just thrown back to the logon page. However this work on some clients. I...more >>

I am using FormsAuthentication for my application, and in the UserData property of the FormsAuthenticationTicket I'm storing the roles that the user is a member of, to retrieve in global.asax and create a GenericPrincipal object. Problem is, after the user logs in, I can get the ticket ju...more >>

I've been trying to figure out how to properly install and configure ASPState (fwk 1.1,non-persistent, sql based state) in a way that a. works b. doesn't require an account with system administrator/sa access Before I begin -- I know -- and accept -- that state information does not su...more >>

Hello all, I am having a problem getting two IIS applications to share a single authentication cookie. One app uses the 1.0 Framework and other uses the 1.1 version. (This is on Windows 2000 Advanced Server) I already removed the "isolateapps" option from my 1.1 machine.config and ma...more >>

Hi All, Need some advice on some of the security issues in my ASP.Net application. There are certain tasks that I need to implement so need advice/guidance on them as well as safeguards that I should implement. The application would be typically running on Windows Server 2003 with IIS6 with ....more >>

Can you create a new class that inherits from httprequest and override the validateinput method, is this possible, advisable, best practice or is there another way to accomplish this. Any articles or code samples would be appreciated....more >>

hai !! i have recently installed vs.net on my computer (xp pro operating system). when i tried to create web pages using asp.net it worked fine. i have a norton perosnal firewall installed on my system and i recently updated my virus definitions using live update. the problem now is when i tr...more >>

I am currently building a site, and we have a number of users that can have a particular priveledge, but each user has their own set of cases that they can update (identified by case ID). When the user clicks on a case, it needs to pass this to an 'update case' form. I want this to be secur...more >>

Hi, I want to move my files from web servers to a shared folder on the database server. For this I impersonate the aspnet user to common domainuser and gave write permissions for that user on the folder on the database server. During run time it impersonates to the domainuser but it ...more >>

Put simply, I want to use a custom form where a user can enter their Windows Domain Account and password, and have that validated. i.e. I do not want users to be presented with the IE style dialog box when authenticating. I used to be able to do this pre-.NET with an ISAPI DLL and LogonUser() A...more >>

I have an asp.net utility that searches AD users. The utility works fine on my workstation (W2K) and other team members workstations, but once I ported that code to the server I am getting the following message: System.NotImplementedException: Handling of this ADSVALUE type is not yet imple...more >>

Hello, I went through several posts and found out that it is only possible to have the authentication tag only at an app level but the authorization tags can be present at the subfolder level after specifying the location tag in the web.config file in the subfolder. My question is: I want to...more >>

I have an ASP.NET application that I'm developing on Windows 2003 and IIS 6. I have included the < identity impersonate="true" /> in the web.config file to force the application code to run under the currently logged in user, and the site disalows Anonymous access. The problem I'm running into...more >>

Can someone tell me the best security configuration for an intranet site. I want to use Window accounts (groups) to control access to the Web site and the access to a SQL Server database on a different server. Does the web.config file override the IIS MMC security settings ? Cheers ...more >>

Hi folks.. I installed windows server 2003 with domain controller role. And installed iis6 and .net framework etc. I run aspnet_regiis -i for sure. However, when I check task manager, I couldn't find aspnet_wp.exe process. So I searched all newsgroup, and I find some article related to ...more >>

Hi all! Is it possible to lock a folder and its files with ASP.NET (-> VB.NET Code)? for example: if a user now trys to reach a specific file in a folder (for example: www.myserver.com/somefolder/somefile.exe) he should not be allowed to download it. i already blocked the user from dir...more >>

Hello, I'm working on a school project about asp.net and I have a question about an activation link in an E-mail. I created a form at witch new users can subscribe. This form add the new user to an Access database and an E-mail is sent to the e-mail adress the new user entered. This link shou...more >>

I am trying to make a connection to the Db and everytime I try to open the connection I get "access denied" "ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typical...more >>

Does anyone know how I can suppress the "Enter Network Password" dialog when attempting to enumerate directories and/or files in ASP.NET? I want my code to automatically generate an exception if the current user is not allowed to access a share folder or file instead of prompting the user...more >>

Is it possible to manipulate client computer's direcotries through an ASP.NET page? For example: user click "Down Load Package To Temporary Directory", then a whole package with proper directory structure will be downloaded to client computer's c:\temp directory. Thanks, Guogang ...more >>

Hello, I'm new to ASP.NET, and I'm trying to learn how to implement forms based authentication. However, I don't know what I'm doing wrong. While the FormsAuthentication.Authenticate method returns true, after I call FormsAuthentication.RedirectFromLoginPage I am redirected back to the l...more >>

Please, help! I have set Permission to Full Control to the user ASPNet_wp account to my Security folder. I have set UserName = "System" processModel in Machine.config And when I want to delete File.txt I got the follow error: The process cannot access the file "c:\inetpub\wwwroot\MyApp\Secu...more >>

I understand that in the web.config file I can have the following: <location path="MembersOnly"> <system.web> <authorization> <allow users="myaccount" /> <deny users="*" /> </authorization> </system.web> </location> My question is, how...more >>

hi... How can I encrypt a string and then decrypt it? there are some examples I found but all of them about filestream object I wonder if there are some examples just reading and writing from string variables. could you help me please... thanks. ...more >>

Hi all, I am having difficulty in retrieving the file / folder permission in current context user. for eg, GetDirectories() method will return all the folders, Is there any way to return only folder / files which the user has permission? thanks. ...more >>

I have a problem with implementing windows groups as a form of role based security. I have implemented it exactly as described in http://support.microsoft.com/?id=323176 I am running Windows 2000 Server and ASP.NET framework 1.1 we are using Active Directory for groups. IIS is setup f...more >>