Hi, I have my asp.net webpage configured to use the integrated windows authentication in IIS. I need to use NetworkCredential object to get access to a webservice and I want to retrieve the authenticated user information to create it so user doesn't have to re-enter password. How can I do that...more >>

Hello, I have the following problem. I am building a ASP.NET application with Forms Authentication. Just for testing purposes I have set the Session timeout to 3 minutes: <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source...more >>

Hi People, I know in IIS Admin you can tick the box to request a client certificate (over an SSL connection), but does anyone know of a way, programmatically, to force this to happen for a particular page for a particular user? Basically I've got a site that uses a common code base to run, h...more >>

Hi, I need to test our site before we publish our public website. The problem is our site uses SSL and I can not test SSL before I use our public www.OurCompany.com address. and www.OurCompany.com is mapped to our public address. We use internal IP/computer name during testing. Is there any...more >>

Hi, I am beginning a new asp.net application that is to be hosted on a https server. Are there any unique design issues I should be aware of before I begin, i.e. those that are different than if hosting on a normal http server. I've developed apps before that use forms authentication, roles e...more >>

The program I have written to change a password by impersonating an admin has worked successfully on my local XP, but when transferred to the Windows 2000 server the impersonation fails. I have tried everything I can think of even to the extent of making sure the W2k box has the SE_TCB_NAME priv...more >>

We recently installed our web application on Windows 2003 and found that our ASPX pages are not coming up correctly. We are using sessionstate=StateServer and cookieless=true for Web.config. Applications run perfectly in Windows2000 or XP but in Windows2003 under IIS6 we do not see any of our ima...more >>

Hi I am working on an intranet application. I am using windows integrated authentication. Now since the authentication is done by active directory can I use a specified user name and password in my connection string and not SSPI? You see I created a user/login in sql server with minimum privledges ...more >>

Hello These questions may seem stupid but I am confused about the formsauthentication ticket stuff. From what I know till now it is a cookie/session variable ( I am still not sure which of the two). 1. When I use a FormsAuthentication.SetAuthCookie method I do not specify a timeout. So how lo...more >>

I am implementing an ASP.NET Web application that requires client certificates. I have a standalone certificate server (Windows 2000, SP4). I used it to generate a server certificate and a client certificate. The client certificate is installed in the Trusted Publishers-Enterprise store. I could...more >>

Configuring Windows Auth & Forms Auth in Asp.Ne Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that demonstrates both in the same web.config and I don't like ...more >>

Hello all I wonder if the great and the good of this esteemed forum might shed some light on a problem of mine... Three servers in a domain: one Active Directory server, one SQL Server and one IIS. IIS hosts an ASP.NET Web Application which requires that users log on through a web form, are...more >>

Hello; having similar ASP=2ENET security issues=2E Upgrading a number of ASP classic apps to =2ENET and have= everything done but cant figure out how to get the security to= work correctly=2E Under the ASP Classic implementations security was NT Groups= based=2E Various Groups were crea...more >>

hi, i am using 3des encryption with a secret key to send information between 2 aspnet applications. they both know the key, which is a hard-coded string. i have read about using aspnet-setreg to securely store such a value in the registry, but i have a different query. if i open the dll in note...more >>

I am trying to create pages that are viewable without a login, but if a person does login I want certian pages to display customized content. For example, I have a calendar page that loads up to anyone. But on the same page I want to restrict showing the hyperlink to "Adding a calendar Event" to so...more >>

Hi I am looking for a way to ensure that an asp.net site (using forms authentication) performs a sign out automaticall after a period of time where there has been no activity by the user Any ideas would be appreciated Jonathan....more >>

I have aproblem. I develop my asp.net site at my pc (named PCMANOS)(running IIS) and I have the SQL Server at another pc (named ATHDC). I've already created an IUSR_PCMANOS user account at ATHDC and I've given the appropriate priviledges to read and write from the database. When I test the site f...more >>

Dear Sir, I want to change password of users in active directory by asp.net form.this is my code, but i recieve error could anyone help me to solve it. thanks Protected WithEvents newpass As System.Web.UI.WebControls.TextBox Protected WithEvents btn1 As System.Web.UI.WebControls.Butto...more >>

Hi, I have a problem in that I have 2 applications writing to the same Database. One App is web based and the other is windows/forms based. Both have the same job in that they can reset a users password in the database. Both are using SHA1 encryption however they both ghive different results wh...more >>

Currently I have succesfully implemented role-based folder security using roles and web.config in each folder. This works great - if a user is not authenticated or a member of an allowed role, that user cannot access the resource (woohoo!). When the disallowed user tries to access the resource, ...more >>

Hi all, By default .cs files are protected from downloading by adding ".cs" to the HttpForbiddenHandler in machine.config. How to ALLOW (exclude from HttpForbiddenHandler) a specifig file (myfile.cs) to download ??? TIA Dan Ackermann ...more >>

I posted this message in dotnet.framework.security, and was told to repost it her Alright, I've been trying to figure out the solution to this problem for a few days and I'm officially stumped. My web app server, Machine A, needs the ability to create a file(xml) on my db server, Machine B. The...more >>

Hello=2E Here's my problem=2E I have an e-commerce site with a= login & checkout pages needing to be secure=2E To enforce these= pages to be ssl I simply put in the page load: If Not Request=2EIsSecureConnection Then Response=2ERedirect(Request=2EURL=2EAbsoluteUri=2EReplace("http:",= ...more >>

Hi, I am using the fairly standard code below to do my forms authentication ticket and redirect, however, I am finding that once successfully logged in, I don't get another log after I close the browser. Is there something I need to do to let it know that if the browser closes they should ...more >>

I'm reading myself into security and ASP.Net. I have written some demo code and now I'm wondering how you deal with exception handling when you use declarative security I have a method with the following attribute [PrincipalPermissionAttribute(SecurityAction.Demand, Name="Patrick")] priva...more >>

(Type your message here) I have the same problem when executing the code below. It returns me a "126" error from kernel32. Dim sContainer as String = "sample_example_key" Dim sProvider as String = "myprovider" If Not (CryptAcquireContext(lHCryptprov, sContainer, sProvider, PROV_RSA_FULL, 0))...more >>

Hello, I am having a permissions problem when creating a directory. The relevant bits of my code look like this: // impersonate current user: WindowsIdentity ident = (WindowsIdentity) HttpContext.Current.User.Identity; _context = ident.Impersonate(); _name = ident.Name; _isauth...more >>

From googling my problem before posting, I learned that this seems to be a very common problem with Web Services and dotnet. I read through countless articles and suggestions but still could only find one way to fix my problem, which IMHO, is not acceptable. First let me explain what's happen...more >>

hi i created a user in sql server under login then i went to the database and under users i added the user and them gave the user permissions to select from the tables and execute the stored procedures but when i try to pass the user in my connection string i ge Access to the remote server is ...more >>

Hi! I'm just curious about the use of cookies in forms authentication. The username and roles are stored in the encrypted cookie, but if a user manages to crack this cookie - will he be able to modify his own username and roles? Why doesn't ASP.NET simply use an ordinary session, with nothing ...more >>

Hi, I'm experimenting with forms authentication which I've got working (it's based on some technet stuff.) One thing however, is confusing me. A cookie is created based on the authentication ticket and there seem to be a number of expiry/expiration values. There's one in web.config in ...more >>

Hi guys, I was wondering if anyone knows if the .NET framework has a library or methods that I can use to diallow users from entering HTML tags and more importantly JavaScript into textboxes and being stored in the database. Thank you in advance. Henry ...more >>

I created a simple aspnet application which contains an imagebutton object. The imagebutton's ImageUrl property is set to : images/myimage.gif (the myimage.gif file is present in the /image subdir of the application folder) The ntfs permissons on the application folder as well as on /image ...more >>

We have developed two sites that both use forms authentication and have objects with custom principle interfaces and identity interfaces. I would like to use the same principals for both sites and load behind the scenes I have tried the following scenario 1) Create a web service that automtical...more >>

Our network policy is that passwords must be changed every 90 days... so 14 days before the password expires the user begins to get prompted to change their password....once this prompt begins, most of the web applications I have written in Visual Studio .NET begin to break. On some of them, ...more >>

I would like to store some Role Information in a cookie since I cannot use Session in the AuthenticateRequest method. I thought of encrypting the cookie using Rijndael Algo. for provider. I would generate a 16 character key store it as a Cached object and replace it every 20-30 minutes, if the...more >>

I have written a webform page to respond to a users post on the web site. This worked on the test site which had anonymous turned off. I then moved it to the regular web site (copied the files, reinstalled the FP extension) and chaged the setting for anonymous use. but when I try to post the form...more >>

I had many ASP.NET web applications that I created before I had to rebuild my machine. After a fresh install of XP Pro, VS.NET 2003, etc, I now get the following when running them. Note that I've already added the following to the web.config file just before the <appsettings> section: ...more >>

I am developing a asp.net web based service application for our product I am trying to trigger a reboot of the server based on a user request I believe I have all the appropriate code for AdjustingTokens etc an all those calls seem to succeed, however, the final call to ExitWindowsE is failing w...more >>

I'm trying to get the PathInfo propert for the current URL request in a class file, but I can't get it to work. Here's what I've tried so far: using System.Web; String PathInfo; PathInfo = HttpContext.Current.Request.PathInfo(); I've also tried "using System.Web.HttpContext;" It gives ...more >>

I am using ASP.NET and Access as the database. I would like to use role-based authorization for the login page. Can anyone help me?...more >>

I have an app that writes to a custom event log (which is created at install time with a custom installer DLL). My app writes just fine to this custom log when running on Windows 2000 Server but when I try to run it on Windows 2003 Server I get "Access denied" errors. I'm using impersonation ...more >>

Hi, Apologies for cross posting like this, but I wasn't sure on the best group to post to and I didn't receive much of a response to my original email in microsoft.public.dotnet.framework.aspnet.security. My application currently has a rather large security hole in it which I need help with a...more >>

Hi folks, I hope to get some of your advice on an authentication question that came up during the planning of web app. I'm a bit new to asp.net, so if you can offer some experience, I'd greatly appreciate it! I like form-based authentication because the usernames and passwords can be store...more >>

I've tried with a simple program in vb.net but when i'm going to decript in my messagebox appears this message: PKCS7 padding is invalid and cannot be removed. I've found this few lines of codes in this site: http://www.dotnethell.it/articles/article.aspx?ArticleID=93 I've trasform in vb.ne...more >>

Hi Everyone I’m working Windows 2000 Professional with IIS 5.0 and Framework 1.1. In my current project, I had to use Windows Authentication. The problem is that even if I use right credentials, the LogonUser Function (P/Invoke) always return false. But if I uninstall ASP.NET 1.1 and then try ...more >>

hi all i just set up a new win 2003 server with framework 1.1 (on old server 2000, all worked fine) i gave the following rights to the following users: e:\wwwroot aspnet read, execute, listing e:\wwwroot\web aspnet read, execute, listing i didnt touched the rights automatically...more >>

All, When i use .net FRamework 1.1, for my web application, i get an error saying "A potentially dangerous querystring was detected from the client...." I have read the posts related to this and it seems this is due to some SECURITY FEATURE in 1.1!!! My code used to work in 1.0!!! now when t...more >>

Hello all Is HMAC-MD5 supported on the .NET 1.1 framework? Some of the information that I have come across seems like it indicates that it is not supported What I am trying to do is to generate a trust_key based on this TRUST_KEY = HMAC("MD5",Secret_key,user_id), I am not sure how to implement t...more >>

Hi there everyone, I'm new to this newsgroup so I hope you don't mind me just asking a question, but it has been working me for way to long now and I need some help. I'm fairly new to ASP.NET and VB.NET but have been cramming for weeks now and hit a snag.It has to do with forms authentication in ...more >>