Hi there, I'm about to make a move from ODBC (dsn) connection to OLEDB native Connection String. I was wondering what is the best way to achive this, on this 2 scenarios: 1) IIS and SQL reside on the same machine 2) IIS and SQL are seperated Should I use mixed mode with a strong userna...more >>

Hi all, I'm using mssql2k and looking for ideas on how to store confidential information such as credit card information on the database. Does anyone know of a good whitepapers or advices on the matter? Guy ...more >>

Hi, I'm testing a Rijndael Symetric Algorithm Implementation to encrypt data. With that intention, i made use of code that i saw in http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.framework.aspnet.security/2003-03/0223.html that encapsulates very good the process of encryption rega...more >>

Hello, How can Allow ASP in Win2003 in a script or some automatic way to be run in my installer? Regards, Ariel ...more >>

Hello everybody: I have a question: Why is "Act as part of the operating system" dangerous? I have an application that will go live on Windows 2000, and it impersonates a user; I have to enable it (it copies some files in the server and creates a new IIS application on the server. That's ...more >>

Hi All Sorry to bring up a beaten-down-to-death topic. But I seem to be running into a wall whatever I try here. To cut a long story short, I have an ASP.NET application that tries to move a file from box A to box B. Box A and B are in the same domain. My security settings are like this: ...more >>

After a user logging on, User.Identity.Name contains domain/logon name of the current user. How to get other information of the current user such as First Name, Last Name or Email Address? Thanks...more >>

How easy is it for a hacker to access data stored in the Application Object in IIS server. I want to store a decrpyted connection string there rather that decrypting it everytime I access the database. Currently I use dpapi on a encryption key stored in the registry the use the encrytion key to decr...more >>

1. I got this following error: ******************** Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser E...more >>

Is there a way to modify WindowsIdentity.Name for System.Security.Principal class at runtime after your app. successfully logs the user on the system programmatically. Thanks John ...more >>

The following code fragment works as part of an page.asp but when I tried it under asp.net I get an UnauthorizedAccessException. The text of the error message talks about giving ASPUSER write access to a file but I have no idea what file needs to get the permission. I tried to find it using filem...more >>

Hello. If I have this line of code inside my ASP.NET app: EncryptTripleDES("String to encrypt", "MySecretKeyXYZ!!!") Can a very experienced hacker do either of the following: 1. "Steal" the DLL from the server, then reverse engineer the DLL in order to obtain the hard coded key above. ...more >>

Our web site is mostly classic ASP. I recently created a small ASP.NET application that will reside in a subfolder a few levels deep. I want to use forms authentication within this subfolder. I had it all working just fine on my local WinXP box. But when I move it out to our Win2K staging s...more >>

As I understand it from the examples in the documentation each application needs to get registered in order to be able to write to an event log. I tried to follow the example but when I run my asp.net code I get a security error. The implication is that the work process account doesn't have th...more >>

..Net Experts, Instead of using MS/Data Protection API, I am using my own encryption library. I need to impersonate a special account (a local Windows 2003 Logon ID) on my IIS6 box for certain sites, the current "web.config" does not know how to decrypt the encrypted password in the line below...more >>

Hello, I am a new developer with asp.net secure applications. Here is my question. I am writing a web application which need to launch an application on the client with click of a button.(The Application exe resides on the client). I am been searching all over the web of how to do it? I hav...more >>

As the title suggests, I've got a question about running an ASP.NET app on a server that has no interactive desktop login. In all our testing of our app here,the server always had an interactive desktop login since we were watching things on it, etc. Well I went to test it the way I would assume ...more >>

I have seen many examples of form authentication using c#. Can someone point me to a sample using vb.net. I would like to use WinNT://domain, instead of LDAP://, and role-based authorization Thanks in advance. ...more >>

We have a web app which links to another ASP.NET web application (namely the Microsoft CRM). Our app is launched in a new browser window from a link in the CRM. Our app is on the same server inside the same IIS site. Both are using Windows Authentication. Basically we are tearing our hair out ...more >>

The Issue: Group A contains Group B Group B contains User 1. I want to check if User 1 is in Group A. This: [PrincipalPermission(SecurityAction.Demand,Role="Group A")] Fails This: [PrincipalPermission(SecurityAction.Demand,Role="Group B")] Succeeds. Since Group B is a memberO...more >>

Hi There, I want to configure a custom trust level for asp.net that will essentially be the same as low trust except that it adds the ability to run oledb connections. When setting this up, it doesn't seem to be as simple as just adding <SecurityClass Name="OleDbPermission" Description="...more >>