Hello, I am currently trying to use integrated security to access the SQL database for the ASP.NET application (deployed on an intranet) I am following this article http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbtskaccessingsqlserverwithexplicitcredentials.as So...more >>

Hello, I need to get all the AD information from a user that access a intranet ASP.NET page.Does anyone can tell me how to do it? (the user can't put its login and password on a text box and validate it, I've got to get it by code) Thanks ...more >>

We have a Web Service written in C# that accesses an ATL service via DCOM. This all works great when both are on the same machine. When I move to a two server scenario, I get an Access Denied error. What is interesting is that I am able to get the Class Factory and then create an instance of...more >>

I know how to do ..IsInRole() to test if a user is in a particular role. How do I enumerate all of the roles currently attached to my principal instance? WindowsPrincipal or GenericPrincipal. Thanks. ...more >>

How to maintain user authentication/authorization if session times out?...more >>

Is there a way I can get the user of the identity I will be impersonating to get network resources? I know WindowsIdentity.GetCurrent().Name for the person coming into the ASP.NET app but I want to do some testing of different combinations of impersonating based on Anon, Windows Auth, and imp...more >>

Has anyone used the DPAPI to store database encryption keys and other data in a load balanced environment? Would multiple web servers be able to decrypt data if they were originally encrypted by another web server? My app works fine on a single box - but I am concerned about putting this into...more >>

Hi, The following web server security checklist: http://msdn.microsoft.com/library/en-us/dnnetsec/html/CL_SecWebs.asp?frame=true&_r=1 mentions "Parent paths" setting is disabled. Where can i disable "Parent paths"? Thanks, Ali ...more >>

hi, i'm trying to create an instance of outlook application from my ASP.NET(VB.NET) application.I added the Microsoft Outlook Library 10.0 It's giving the error 'Access Denied' I created '{machinename}\ASPNET user and gave the write permissions to the user. Can anyone help me... Thanks in ...more >>

Hi, I saw several posts asking for reverse encryption (encrypt with private key instead of public key) in .NET. I am having the same question and wonder anybody has a good solution to it. Basically, my client application generates a key pair and exports the public key to server. The client ...more >>

I know you can screen scrape a website using the System.Net.HttpWebResponse & System.Net.HttpWebRequest classes. But how do you screen scrape a secured website (https) that takes a username & password, I guess what I am asking where does the username & password go and where do you store any re...more >>

I'm getting a Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' error. I'm running IIS 6 on 2003 Server The error occurs when my asp.net page trys to execute a DTS package stored on another server (same domain). I'm using a sql login - not windows authentication - to connect sql server. Why ...more >>

My web.config settings are being ignored. I have check IIS and the application is presiding in my root directory. There are no other web.config files on the box. When I move the application to another server, everything works fine. Some evidence of the web.config being ignored includes: The p...more >>

I have an individual PKCS#12 file. Can I use it to sign assemblies instead of using "sn -k" ? Thanks....more >>

I decorated my assembly with the stuff below, but the compiler complains "An attribute argument must be a constant expression, typeof expression or array creation expression". I want my assembly to obey CAS and only read and write to its own application directory as well as %temp%. Any sugg...more >>

Hey, I have searched and searched and searched for direction with this subject. Basically, I would like to use our local Windows 20003 IAS Server to authenticate my web clients. However, I can't, for the life of me, find anyway to do this or any direction of what I need in order to do this. ...more >>

Hello Here is my setup IIS 6 on a Server 2003 machin ..NET framework 1. I'm trying to copy files from clients to my 2003 server using a HtmlInputFile control. The code Tr 'upload the file from the client to the server folde UploadFileInput.PostedFile.SaveA...more >>

I've established an SSL (with selfSSL) certificate for my IIS ver. 5. an i want my webservice client to connect to webservice through ss (i've done all the things considered in MSDN - http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT14.asp bu all it says is an error - "Cannot estab...more >>

Applies to: W2K3 Server / IIS6 / Default Isolation Mode / ASP.NET 1.1 We wish to run our ASPNET worker process in a domain account so as to use RDBMS trusted connections. We have created a domain account for this purpose. We have added this domain account to the W2K3 Server machine IIS_WPG g...more >>

Hello I am developing a intranet application in an all Windows environment, but I'm running into a authentication snag. I use Windows Integrated Security on the web server so that I can identify who the user is. I do this with these lines. Dim objContext As System.Web.HttpContext ...more >>

Hi ALL I have all my root files under Forms Type Authentication mode and i have another folder where in i need no permission or a direct access to that folder. So i did make some changes in WEb.Config. I added the following at the end of WEB.Config. <location path="ALL"> -- ALL is the folder...more >>

It appears that FormsAuthentication.GetRedirectUrl() only returns the first parameter for the original target URL. For example, if the original target URL is: /MyPage.aspx?a=b&c=d and the user is redirected to the login page, a call to FormsAuthentication.GetRedirectUrl() in the login page...more >>

Is there a tool that tells me what permissions my assembly requires? I have add [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted=false)] to deny all permissions I just want to now grant one I require? Cheers Earth Worm Jim ...more >>

Hello I have just finished my bachelors and now I am going to pursue for my masters degree in Information security field. I would like to have suggestion and tips that how should I start preparing my self for this field. I am a Web Application Developer so I will be going for web security or relat...more >>

I am currently developing a website (ASP.NET) which allows users to submit a web form containing a href link in one field and descriptive text in another field. The records will stored to varchar columns in a SQL Server 2000 database and hosted by a 3rd party ISP. The list of links will then ...more >>

Hi All Here's my situation. I have a ASP page which requires windows authentication. The page works fine when I access it from IE and I am able to login succesfully. Now I am writing some .NET code to access the page. I pass in some data for the form. I always get a 401 error. I am looking for som...more >>

When user try to debug an Asp Web application, He got error "Unable to start debugging on the web server. Access is denied. The IIS server installed locally on the pc with Wondows XP. Administrator that try to debug on that same pc does not have any problems, Only simple user that try to debug reci...more >>

Hi, For some of you this must be elementary, sorry for being boring. I have several ASP.NET apps that I want to secure. The way I am going about it, is by having all apps set for Forms authentication. The login.aspx I have new users redirect to is part of a Admin module (yet another ASP.NET ...more >>

I initially posted this in a different ng. I was advised that this ng was perhaps more attuned to my question. The following is my original post: ************* VB.NET 2003 on XP Pro I get the following error when I attempt to run my project. I've Googled and looked on MSKB, with no luck....more >>

Hi everyone, I have the following security issue. I have a ASP.NET application running on a Server (SERVER_A - XP pro). A certain page needs to show a picture located on another Server (SERVER_B). Normaly the IIS connects using the local ASPNET user account, but SERVER_B don't know this accoun...more >>

Hi I have a problem with permissions with an ASP.Net Application and IIS and SharePoint on Windows 2000 SP4 with .Net Framework 1.1.4322. The SharePoint 2001 SP 2a Portal Server is setup for Internet Access(Extranet Solution) I have a very simple piece of code that uploads a documents to a SPS 2...more >>

Hi, I'm using FormsAuthentication in an web application that uses Frames. When the user clicks on "logout" button, I have the following code: FormsAuthentication.SignOut(); The challenge here is that, SignOut redirects to the logon page specified in the <forms> element in Web.Co...more >>

Hi, I've seen this problem posted a few times around the 'net with no answer. Hopefully someone here can help. We have our website configured to use Forms Authentication. We want to secure the Login page ONLY using SSL. When a user goes to the site he is redirected to the Login page for a...more >>

Hello, On a local website but i want to access data on a remote drive (a mapped drive). The data are Foxpro files on a directeory of a mapped drive. I have a problem with security ( no tabel can be opened error 52 in foxpro ) I search the web for a solution. Server 1 = Windows 2000 (Web...more >>

I've started getting into using forms authentication for asp.net apps with c#. From what i understand so far (limited) I like the way things work! I've got an application working right now where an email address and password is checked from a database and I can check the authenticated user's e...more >>

We have an ASP.NET application on Win2003 box. This application runs under default user "NT AUTHORITY\NetworkService". We need to give right permissions for this user on a folder to write a file to the disk. But we were not able to do so. Specifically when we right click on a given folder in w...more >>

Hello All, I use windows based authentication for my ASP.NET web app. I have disabled anonymous access of my web application too from the IIS console. From my own machine, the webapp works perfectly. But when someone else tries to access it, they get error message "You do not have per...more >>

My web application has the following structure RootFolder - file1.aspx - file2.aspx - web.config - admin_folder - protectedFile1.aspx - web.config RootFolder is setup as a Virtual Directory and has script only permissions. The web.config file under root is standard ...more >>

Hi, By default VS.NET generates just one DLL contains all code behinds and userconrols. Is it possible to have VS.NET partitione them in their own assemblies for granular security? Thanks, Ali ...more >>

Hi, In Architecture and Design Review Security Checklist at following link: http://msdn.microsoft.com/library/en-us/dnnetsec/html/CL_ArchDes.asp?frame=true&_r=1 I don't underestand following two items: 1) Session state is protected from unauthorized access. 2) Session identifiers are no...more >>

Hi, I have a small problem...Please go through it and share your views on it. I am using an xml file to authenticate my users. Also for each user i am maintaining a attribute named "status" which holds the logged in information i.e. if the user has logged in then the staus will be "Log...more >>

When I run my ASP.NET on my computer it works fine, even in medium trust which is what mt webhost uses. However on the webhost it generates this exceptio SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutr...more >>

My application uses forms authentication. On the sign-in page is a form (with takes a username, a password, and has a button [SignUp]) that allows for the creation of new user accounts I'm trying to get it so that when the SignUp (not SignIn) button is clicked, a user account is created in the dat...more >>

I have created an ActiveX control for use on a web application for an intranet. Do I still have to pay for a Certification Authority to sign my ActiveX control for download to IE , when it is only for use on an intranet. I want to eliminate the constant message box saying the ActiveX control is ...more >>

Hey group, I would like to be able to write a ASP page and on it have a link to another ASP page. I would like to be able to have a Access Database or similar with Username and Password and be able to allow users to enter there detail it to look at the database to check then allow them to open...more >>

Hello everyone, I have found a problem with form authentication method that I can't solve. The problem is: I want to use a form authentication in my application, so i set : <authentication mode="Forms"> ,and <forms name="LoginForm" loginUrl="SM_LoginPage.aspx" protection="All"> but ...more >>

Hi everyone, I just read an article that said that when you use a web.config file to secure a directory, all it can do is secure the asp.net resources in that directory - not any non .net resources. For ecample, image files, html and asp files would not be secured. I didnt actually realise ...more >>

I have a code PASTED below.Its validate(login) against a database SQL SERVER. But i have a problem with the LINE:- "cmdQuestion.ExecuteReader(out dr);" below its says ERROR :- "The best overloaded method match for 'System.Data.SqlClient.SqlCommand.ExecuteReader(System.Data.CommandBehavior...more >>

I want to create a "member zone" with restricted access to registered members only. I already succeeded to restrict access to ASPX files in a particular directory using ASP.NET security. I use Forms authentication and the <location> tag in web.config. Is it possible with ASP.NET to apply th...more >>

All, I have a WEBPAGE that needs to pass the current credentials to a .NET remoted object so this can pass the credentials to a SOAP WEBSERVICE (All written in C#) But I cannot see how I pass credentials to the remoted object, any ideas? If there was no remote layer then I could just do :...more >>