Thanks in advance to anyone who can help:) Ok- I've got two different ASP.NET projects communication with each other; one has its WEB.CONFIG file restricting anonymous users with the following entry: <authentication mode="Forms"> <forms loginUrl="OtherASPNETprojectname/login.aspx" name=...more >>

I am trying to understand Impersonation in the ASP.Net context. Here's what I DO understand: -Using Windows Authentication with impersonation="true" means that the aspnet_wp will try and access the resource with the authenticated user's credentials (token). If access is denied I get an IIS ac...more >>

I have multiple asp.net websites living in different domains. The websites (pages, code, etc) are all identical. The databases driving the websites are different. This is not a web farm. I use Forms Authentication as the authentication method against custom users and passwords stored in the...more >>

I have enabled forms authentication on an IIS 6 W2k3 server to protect access to the application files until authenticated. The actual application apart from the login/logout files is .cgi based so I have added a “Wildcard Application Map” entry site properties home directory tab Co...more >>

I have enabled forms authentication on an IIS 6 W2k3 server to protect access to the application files until authenticated. The actual application apart from the login/logout files is .cgi based so I have added a “Wildcard Application Map” entry site properties home directory tab Co...more >>

Hello, When I build an ASP.NET application, for some weird reason Visual Studio.Net started to put my DLLs into the VSWebCache folder under Documents and Settings instead of usual bin folder under the project directory. When I go to the project's properties and try to change the path to the ...more >>

I have looked at all the Redirect questions on this site without finding a resoultion to my redirect problem. I am using sample code to verify a user and password from a login page but although the verification is successful and I can see that the return url is where I need to go I am contin...more >>

As anybody succesfully implemented a role/groups based forms authentication against the Active Directory? Thx Patrick *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it!...more >>

Hi, Is there a way to update any user info (properties) on the AD, through an ASP.net code with c#. With only filtering on any user name, without password. Please provide a clear code to do that. Simply I want a dropdown combo, filled by all user names on AD and for each chsen user upd...more >>

I am working on an asp.net application which requires forms authentication as the method for authenticating the web application using the underlying Active Directory as the user store. I have created my Forms Authentication process using the methods described in some MSDN samples and that...more >>

Hello I also posted this message under dotnet.security. What I have is a web application that shows the user their files in a protected location. The user can then select a file and move it to another server over unc. The user is logged in via windows basic authentication with their domain ...more >>

Hajo, I have a few questions about above method. 1. AFAIK it is symatric encryption, what kind of algorithm(name) is used in this method? 2. Where is key stored? thanks in advance for info Gawel...more >>

Hi there Is it possible, as an added (fairly paranoid) security measure, to encrypt the content of, say, an .aspx file on the server? Best regards Loane ...more >>

I am planning a website which reqires this feature: it allows registered users to upload and/or download files (like *.doc, *.ppt etc.) but not everyone can download every files. some files are restricted to certain users only. that means only certain users can download certain files. but if ...more >>

Hi, I can use for security authentication the information about user and group who I have stored in ADAM (Active Directory Application Mode) from my ASP.NET application? Thanks and sorry for my english..... Merry christmas! Lorenzo Soncini ...more >>

What are the security risks to grant ASP.NET user write access to web.config? I am working on a project in which I am required to update web.config at the runtime, basically modifying access to different directories. Any suggestion will be greatly appreciated. Thanks...more >>

hello can anyone help me making user in active directory , I wrote a code, but it could't work, could anyone correct it. thanks in advance. Sub example() 'Put user code to initialize the page here 'Try Dim AD As DirectoryEntry = _ New DirectoryEntry("LDAP://m...more >>

Hi All, Example: A webpage exists that allows you to fill out a form and click submit. The page next page displays the information found from your search criteria. The form includes information like Fname, Lname, Address and Zip. I want to programmatically fill out the form and submit the i...more >>

I am trying to determine the best way I can authenticate against an ActiveDirectory using LDAP with .NET. I need to use LDAP because I need to authenticate across the Internet. Right now I have code that authenticates (e.g. I pass username/password to it) via NTLM but the problem is I am ...more >>

Hi, I have been investigating CSS vulnerabilites within my application and have a question. If I added malicious script tags to the Url these are automatically removed from all pages of my application and the user is redirected to my custom error page. This is all taken care of by the .Net ...more >>

I’m not very experienced with security on a web server, so what I’m asking might be really stupid. I have an application that is creating XML files in the C:\temp folder on our DMZ. I want to create an aspx page that will pull a user’s XML file from the C:\temp folder and populate ...more >>

Hi, I have an ASP.Net Intranet App with C#. I don't need to ask users about by User and PWD since they are already logged in. This is acheived through "<deny users="?" />" tag. no problem with it. My concern now is to determine the the user group where the user is belonging to. to contr...more >>

Hey! I've successfully followed Microsofts example on how to use Forms authentication with Active Directory (from the "Building Secure ASP.NET Applications" How To-section). However, I would very much like to use AD's password policy features, specifically: 1. I want the user to get a wa...more >>

Hi, I'm having trouble fetching the AD groups a user belongs to after authenticating them against Active Directory. My code is based on the How To for using Forms Authentication to authenticate against AD (http://support.microsoft.com/default.aspx?scid=kb;en-us;326340) LDAP ConnectString: ...more >>

Hi. I am trying to use a treeview - after a few attempts, it works, but only up to a point - my exercise was to dynamically create nodes in the treeview. I read about binding the treeview to a XML file. Okay, so I decided to complicate my exercise and to create the XML file on the fly. I am us...more >>

We are using Authorization Manager in an ASP.NET application. We are using Microsoft.Interop.Security.AzRoles. We appear to have a memory leak when calling the method InitializeClientContextFromName. In a simulation, when we call this method 1000 times, the LSASS process consumes more and more me...more >>

Folks, Given the following function signature: bool AutheticateUser(string uid, string pwd); Can anyone tell me which .Net class.function API can I use to return true/false if the password passes the XP authentication for a particular machine / AD for the uid? Many thanks, Avi avi_f...more >>

I have an asp.net web application written in c# that uses Forms Authentication to authenticate against our Active Directory. I based the authentication code on the How To found on MSDN (http://support.microsoft.com/default.aspx?scid=kb;en-us;326340) The applications works just fine on our p...more >>

Environment: OS: Windows 2003 IIS: 6 ..Net Framework: 1.1 Authentication Scheme: Windows Integrated Authentication Impersonation: Enabled Error Message: Exception Type: System.Net.WebException Status: ProtocolError Response: System.Net.HttpWebResponse Message: The request failed with HTT...more >>

Hi all, I've searched this problem and sort of found the resolution but cant get it to work. Web site using forms authentication, just switched <customErrors defaultRedirect="public/Error.aspx" mode="On" /> got in to the problem where system redirects to error page but ...more >>

I have a webserver 2003 and a AD server 2003, I need to create an intranet app and I want the users login to the Webserver using their AD credentials so I do not have to create a users table. Does anyone knows how to do it or has a sample ? Thanks in advance ...more >>

I have a webserver 2003 and a AD server 2003, I need to create an intranet app and I want the users login to the Webserver using their AD credentials so I do not have to create a users table. Does anyone knows how to do it or has a sample ? Thanks in advance ...more >>

I have a webserver 2003 and a AD server 2003, I need to create an intranet app and I want the users login to the Webserver using their AD credentials so I do not have to create a users table. Does anyone knows how to do it or has a sample ? Thanks in advance ...more >>

Hey all - I'm having a really confusing problem concerning a web service. Right now, I have an application that needs to call a web service that does nothing but return "true" (this will obviously change once the program's fully built to actually do something, but for testing, it works). T...more >>

On Running a managed exe i get the following error : Unhandled Exception: System.TypeInitializationException: The type initializer for 'WSRMGUI.Sample.WS RMGUIHandler' threw an exception. ---> System.IO.FileLoadException: Failed to grant required minimum permissions to assembly 'WindowsUIAuto...more >>

I have a web server with 2 domain names, one IP and a single SSL cert. Domain name one has the SSL cert, but domain name two doesn't. domain name one is the actual domain name of the server, domain name two is more of an alias to one site on the server. Therefore, a url on domain name one...more >>

What is the difference between Page.User.Identity.Name and WindowsIdentity.GetCurrent().Name In what scenarios would I use one or the other?...more >>

Hello, I am trying to implement impersonation for the copying file from one remote directory to the other remote drive on the same server in ASP.Net page. Impersonation seems to be working fine. It seems to perform the impersonation but when it tries to copy the file then it raises the excep...more >>

Is there any way in the web.config "allow roles" authorization section, to AND the roles together? Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now, there could be Admin employees, and Admin Customers, each with access to different sections. Is there a way to specifiy ...more >>

I am looking for a legitimate training course in the continental US that can provide in-depth, technical instruction on how to protect a website running the latest ASP.NET. I *don't* want a management-level class where I'm told "don't allow X to happen". Unless you actually know how a hack i...more >>

I was looking a way to have the Windows and Forms Authentication on the same site, and I found a Paul Wilson's article on MSDN. I've downloaded the code, and I'm trying to make it work. But I got some problems..., it works well with Windows Authentication, but when it comes about Forms, it ...more >>

I think the following is a security configuration issue, can someone help? I've been stumped on this for a couple of days now and I'm feeling the heat at work. -- I'm using a 3rd party ActiveX control which has it's own constructor and two very simple methods (which ultimately sends out ...more >>

Hello all, Trying to make a login page to a website. However I don't the user to be able to set a password, I want to control the password for everbody, and change it weekly. Any way, I have found alot of docs on Form Authentication to be used as a login page. But they all are a little di...more >>

Hi, Well, after reading all of the posts in here, I'm still not quite sure if what I would like is possible. Here's my scenario: IIS5 (or 6 if I have to) with a large website. Within that website are different .NET applications and regular htm applications in their folders. The entire s...more >>

When a user logs on to an application the new FormsAuthenticationTicket is created with a userdata field which I can populate with anything useful I might want. A cookie is created with an encrypted hash of the ticket. Is it possible to update the ticket's userdata field once the ticket has be...more >>

I'm building an Intranet Web app to track our company's purchase orders. I would like to have the employees use the app without being prompted for a user name and pw, hoping to catch their identities from their Windows account. Since it's an Intranet app, I'm using Windows authentication, and...more >>

I have an app where im using FormsAuthenticaton, and doing my own authentication against a users table in my db. I have no problem actually getting the authentication to work as i want. When the user logs in though, it is also pulling out a logical bitmapped set of roles that the user belong...more >>

Using the first version of VisualStudio.NET and, I believe, IIS 5 (the one that comes with Server 2000) when I launch the ASP.NET application wizard and DON'T want to use localhost, what do I do? The process just errors or goes into a process that never completes or times out. I don't have a d...more >>

I've been working on a web part that will remind a user how many days they have until their password expires. I strong named it and created a custom security policy to allow it to live in the bin rather than the GAC. After many painful iterations with configuring code access levels and active di...more >>

Dear All, The problem or error which I am getting while running my web application is as given below: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your...more >>