I often have a need for a hosted sub-app, for example, adding a secure dotnet area in a publicly hosted site, a migration to an ASPX area inside of an existing ASP site. This sub-app may rely on its own security setting (which are application wide.) I have talked to the hosting support. THey...more >>

I would like to read a page programmatically with an ASP.NET intranet site. I am using forms authentication. No matter what I have tried, the login screen always comes back because the web server itself knows nothing about the authentication information already stored away. I admit that I am a ...more >>

I have an asp.net app that is using .Net remoting (tcp/binary). I am using Integrated Windows Authentication and will be authenticating against active directory. I will then need to use the ADSI DirectoryEntry and/or DirectorySearch to get the groups the user is in. Is there a way to pass...more >>

Hi! I just want to know if it's common to decrypt a Session-Object in a ASP.NET application. My collegue says that I have not do this because the information is stored on the server. Any suggestions? ...more >>

I am in the process of writing a fairly large ASP.NET web application and I am about to implement log-ons, permissions etc. I have never used any security with ASP.NET before; only classic ASP. I would like to base my user's logon information and permissions on their domain account. What is th...more >>

Hey All, Trying to understand why I can not get SQL server to trust my IIS server. I have two machines set up, 1 App and 1 DB, and I'm trying to validate the applications access to the DB server via NT Authentication. The App comes in via NTLM which from my understanding only supports Single h...more >>

I'm having trouble finding specific documentation regarding the negative impact of using delegation in a Windows 2000 environment. I've read through numerous articles on using it, but if I do find anything that cautions the use of it, it reads like the following: Important:Delegation is a...more >>

Hi, Apologies if this question is a bit basic, but I can't seem to find any documentation anywhere. I have an asp.net site running on Windows 2003 server, and I need one .aspx page to be secured using SSL. I haven't bought a certificate yet, but I have set the SLL port to 443 on the web ...more >>

I have an asp.net app that uses windows authentication. I'm doing my development and testing from one box. In the browser if I enter: http://mybox/virtualdirectory/default.aspx everything works as I would expect. It recognizes my login and away I go. However, if I enter http://mybox.mycomp...more >>

MS has posted this here: http://www.asp.net/faq/ms03-32-issue.aspx Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE ------------------------------------------------------------------------------- - We have identified an issue with the recent MS03-32...more >>

I have an asp.net application. I have used VStudio Web Deployment Project to create the MSI file. I copy the MSI file from my developer PC to my test server running Win2003Server Web Edition. I run the MSI to install - looks good so far - I see the global directory, etc. I try opening th...more >>

Hello, I am trying to execute a batch file from my asp.net app. To execute the command in this file, it will need domain admin rights. I know I could set that up in machine.config, but that would make every .net app run high priviledged. How do I make just this single execution tied to...more >>

Alright - here's a simpler part of my previous questions. If I have an application that uses forms authentication, is it possible to have one Login.aspx file for the root application, and a separate Login.aspx file for a folder within the root application, only to be used when someone trie...more >>

Hi all; I want to use user name and password in my asp.net project for all aspx files but not for asmx files. Or i want to use some files with user name but some another not In web config my configuration is; authentication mode="Forms"> <forms loginUrl="tom/ortak/LoginPage.aspx" protect...more >>

If the woker process is configured to be run under username="machine" in machine.config and impersonate=true under web.config, will the impersonated account be used to run the worker process or just the thread only? ...more >>

I have an application where I would like to present a nice HTML based login page but log the user in using Windows Authentication. I know that forms authentication is not what I need because it doesn't tie into Active Directory. And I don't want to use Windows Authentication because I don't ...more >>

I am just getting started with ASP.Net. I am attempting to place a dateGrid on a page and I have done all the things I would do in a Windows application: - drag a connection to the form - preview the data - generate a data set When I run the app I get: "Login failed for user '(null)'. ...more >>

I want to protect a single file (openvideo.aspx). I already setup the folder as an application in IIS. The authentication seems to work fine and the permissions works as it should. The problem comes after the user gets authenticated. I need to store each user info in database after it gets au...more >>

I've read many messages and even more technotes, but I still can't get the following scenario to work: I have a Windows 2003 web server and a separate Windows 2000/SQL server, both in the same Active Directory on our LAN. I need to flow the user credentials from 2000/XP clients, to the web se...more >>

We are running SQL server 2000 on MS Windows Server 2000. We have web based database (ASP.net and SQL Server 2000). When I run this page with 'sa' account, It works but when I change it to Window autointoxication I am getting the following error massage. Login failed for user '(null)'. Reason: ...more >>

Hello all, We have an asp.net app protected with integrated security. Part of this application carries out document prodcution and management via a mixture of asp.net code and activex client controls. The problem occurs when trying to open documents / templates (ms word) from the folder str...more >>

Hi. Using ASP.NET, getting an "Object reference not set to an instance of an object" error. In my login.aspx page I have: string[] arrUserRoles = new string[] {"UserRole"}; Context.Items.Add("UserRoles", arrUserRoles); Context.User = new System.Security.Principal.GenericPrincipal(Contex...more >>

I've just deployed my .Net Web app at an ISP on a shared server. Whenever I try to create a new directory, an exception is raised - Could not find a part of the path "D:\" I'm 100% certain that the directory path is correct, and in fact one of the 3rd party components that I use tries ...more >>

I want to use treevieuw componenton a web-form. does anyone know how I havr to use it? if I open toolbar than I can't see trevieuw. I also use C#. ...more >>

scenario: users can store data (guestbook entries, ther usernames and so on) on a database-driven website and i have to care about that they don't insert (aggressive) javascripts or html tags that destroy my layout. but it's not an option to deny characters like ', " or < at all. one option i ...more >>

Hello, I am running a Win2K Server as a secondary domain controller. When I installed the .Net Framework v1.1 There was no ASPNET user account created. How can I create the ASPNET user? Thanks Jamie...more >>

I have entered an identity element in my Web.Config file: <identity impersonate="true" userName="myDomain\myUserid" password="myPassword" /> When I try to run my application, I get this error: "Could not create Windows user token from the credentials specified in the config file. Error fr...more >>

Hello, I have a very simple aspx file that runs on WinXP Pro IIS 5.1 and connects to a SQL Server 2k DB running on a Win2003 Server box. It works fine with the connection string below (X replace real values for security). "packet size=4096;user id=XXX;pwd=XXX;data source='XX.XXX.XXX.X';persist...more >>

Hello, We are having problems delploying an ASP.NET application onto a server (that is also a domain controller - I don't know if that has anything to do with it). The error message is as seen below. We have tried ensuring that everything has the correct permissions but it still seems to ha...more >>

Security tab page in the folder property dialogbox (found when right-click on a folder and click 'Property' from the context menu) doesn't apperar in my computer, I used Windows XP Professional, in which I want grant READ/WRITE access persmission for the ASPNET account of the ASP.NET This ...more >>

I am developing for an Intranet with about 100 users (we do computer training). We're running about 12 different ASP.NET applications. 4 of these applications require authentication. Windows authentication is not an option, as for Windows most of our users have a blank password (so it would ...more >>

Hi, What are the differences between authentication and session cookies? In my web.config file, I set the cookieless attribute for the sessionState element to false. Why do we need 2 different types of cookies? Is the session cookie enough for authentication purpose? I do feel uncomfortab...more >>

I'm using Windows Authentication in my C# ASP.Net intranet application. I have a "Delete" column in a DataGrid which I only want displayed if the Windows user is a member of the "Administrators" or "Managers" group. I have the code for that working, but when someone else attempts to access my ...more >>

Having come from old ASP I usually have a table of authorised NT login names which I put into a recordset. I then get the current users login name using: Request.ServerVariables("LOGON_USER") Then I check if the user's login name is in the recordset and redirect as appropriate. 1) How would ...more >>

Microsoft Knowledge Base Article - 306158 [http://support.microsoft.com/default.aspx?scid=kb;en- us;306158] shows a method to impersonate a specific user in code via a web form. The trouble is that the impersonation isn't being persisted accost the web application. Once the user moves on...more >>

Hello, I am using windows forms authentication in my asp.net web application so that it uses ADSI to validate users. The application is in a virtual directory on my local system, (http://Localhost/MyApp), and it makes the call to a domain server on our network. Everything works great. When ...more >>

I'm running a web site and implementing both folder(web.config) and class level authorization. A new requirement came in to allow an external web site to access some secure web pages directly, without going through the logon page. The users are valid users, and I will build the principle objec...more >>

Ok.. so I've read and seen lot of messages and MSDN docs concerning the above issue.. how do I get it to work? I want to impersonate the current user accessing my website... so I turn on the site directory security to NOT allow anonymous but turn ON integrated windows authentication. Then I cha...more >>

hi group, i previously have a single machine development environment on server03 (w2K3, stand alone, SQL2K). i configured it so that my app is using "NT AUTHORITY\NETWORK SERVICE" to access to the database it and it worked just so fine. now, i am installing my asp.net app and database to a ...more >>

I have been reading and reading the Microsoft best practices, articles on and on but still I can't figure out which method to chose to get started. Basically, we are using Active directory where all of the users should be authorized against before accessing the web site. Here are some of my qu...more >>

PLEASE HELP.... I'm having trouble. In my login form after I've verified the username/password are valid I do this: Select Case iMyPrivilege Case 0 Dim arrRoles() As String = {"guest"} Context.User = New System.Security.Principal.GenericPrincipal(User.Id...more >>

I would like to get user logon from server by USERLog = Request.ServerVariables("LOGON_USER") but it isn't see. i don't know what the problem and how i can solve in this. But i try to get other value can see it. *** Sent via Developersdex http://www.developersdex.com ***...more >>

I have a small ASP.NET app that maintains a SQL Server database. When I delpoy to a Windows 2003 Enterprize Server I get the following error on connecting to the RDBMS... Login failed for user 'NT AUTHORITY\NETWORK SERVICE' To overcome this problem I have modified the logins on SQL Ser...more >>