Hi, I'm trying to write a ASP.NET application that calls another ASP.NET application using the HttpWebRequest class. I need to secure the communicate with Client Certificates. I'm adding a certificate to the request but get a 403 error when running. I've read that this was a problem wit...more >>

I need to know how to reset a password when the user enters their email address in a textbox then their new password in a textbox and then a confirm password textbox. This will be updated when the Reset Password button is clicked to the database where their old password is attached to the email...more >>

Hi, I need to know the best way to program a login page that will only authenticate users when they click the login button at the top of our page. Once they are authenticated they will be able to go through the process of ordering, etc. I am not very well versed at ASP.NET but I don't think...more >>

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 This is, IMNSHO, the worst thing I've ever heard of. Spread the word, test your sites, and send angry emails to Microsoft. --- Greg Hurlman ghurlman*AT*squaretwo*DOT*net http://blogs.squaretwo.net...more >>

Hi NG I am busy planning a new project for a client. This is my first ASP.NET app. This will be an Intranet, therefore I am considering Windows Authentication. However: 1. They have a number of user that dial into their network, and log on to the domain. Am I correct in assuming that they...more >>

I have a sub-directory named admin and when a user tries to access the page inside "admin" folder I would like to use form authentication to validate the user. It says on many forums that I need the "admin" folder to be virtual directory which is set as an application so I did. The login pag...more >>

Hi, I am trying to implement Single Sign On solution to my web applications. I have developed a web application which does authenticaion and it is SSL based. I am having a problem when redirecting to the requested web site(http based) after authentication (https based) Let us say I hav...more >>

I'm using forms based authentication and LDAP to authenticate a user against Active Directory. This is working fine. The point where I'm stuck is retireving the groups this user is assigned. My web server and active directory servers are different machines. When I test by deploying t...more >>

hi, check out the machine settings in active directory users and computers. --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<uTN5laOpEHA.3988@tk2msftngp13.phx.gbl> Thanks aga...more >>

if you are impersonating depends on the impersonate=true/false switch in web.config. trust for delegation is a active directory setting. --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security...more >>

hi, i don't know if you are running on w2k3 or w2k and if you intend to impersonate or not... here are the 2 scenarios 1. no impersonation Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server (w2k3). The local ASPNET account has no network credentials on another ...more >>

I have forms authentication for the ASP.NET application I'm currently writing. It worked fine until I installed today's patch for Windows XP (we can't go to SP2 yet for various reasons), VS.NET 2003, .NET Framework 1.1... These were all patches that I ran. Now, my forms authentication which...more >>

I have created a site shopping cart in ASP.net. I am using ASP session object's SessionID on non SSL connection to track session. While adding products to cart DB I insert product and SessionID in table. All products and cart status pages are on non SSL connection. On checkout to get secure...more >>

Hi, I'm using Windows Authentication in my ASPNET application, but there is no way to logoff user beside to close the browser because user is cached on client side. any solutions ??, help, please... Andy ...more >>

Hi ! I have a question:) I'm using the MD5CryptoServiceProvider class because I encrypt the user's password when he/she opens the registration form. The question is when a user creates for his/herself an account where does the encryption commit? On the client side(his PC) or on the Server side...more >>

I have been struggling with my ASP.NET (V1.1 sp1) websites getting an 'Access Denied' message. I have track down the problem (I think) to the IIS Connection Pools. Most MS Info suggests keeping the 'Identity' set as 'Network Service' to provide greater security. However, I have found th...more >>

I'm trying to set basic form authentication on a webapp=2E I all= access restricted to authenticated users=2E After changing the= Web=2Econfig file in the app's root, I'm still not being= redirected to the login page, I can freely access anything=2E Note= that, although I have used forms aut...more >>

hi, in progress an application to upload attachments, send emails etc. looking for (preferably managed) components to do virus screening etc. TIA ...more >>

We have a Win2K3 Server running an ASP .NET application that connects to a Win2K3 server running SQL 2000 on the backend. Whenever a user opens the application page in their client browser they get the error message: "The following error occurred whilst loading the page: Login failed for user...more >>

I have written a Web Service that is called by a Windows Forms Client that I have also written. Some of our customers want to run with SSL and some don't. The Windows Forms client configuration file has an entry for the URL of the Web Service. Assuming that our customers have trusted certi...more >>

Hi all, I'm a newcomer to the .Net framework having worked in bog standard ASP/SQL for far too long. I have a massive project coming up, for which I will need to model a tree structure of users. Users can access other entities in the database depending on their position in the structure and...more >>

I'm making an ASP.Net website using forms authentication. I want to force all users to use SSL when using this application. I know that I can specify in IIS to force the app to have SSL but I can't do my testing when I do this. Is this the best way to accomplish this or is there a better way?...more >>

Hi, i must admin - i don't really understand your logic. why don't you just call User.IsInRole("role"); ??? another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here... You only have to call SetPri...more >>

Hello, I am sending an email using System.Web.Mail.SmtpMail to send mail. This works fine when I am debugging in VS.Net, but fails when I am running from a browser. The error message is: Cannot open log for source {0}. You may not have write access. When I comment out the SmtpMail.Sen...more >>

I've got the following settings in my web.config file which is working properly, however my users want to see the login prompt each time the visit the site. Is there a setting or code that I can impliment so that users are prompted upon each visit? <authentication mode="Windows"> </authe...more >>

Hi, I have a dll that wraps RSA SecurID package. It works great if I call the api from a Console app. But SD_Check() always failed (Access denied even if I passed in correct user id and passcode) every time when I call the api from a web service or a web app. I suspect that web.config or IIS n...more >>

I am trying to determine from an ASP.NET 1.1 page if a user is a member of a Global Security group (Windows 2000). When I check Page.User.IsInRole(@"DOMAINFOO\GroupBar") I always get false. Inspecting the User object right after IsInRole has been called (in the VS.NET 2003 debugger) I see tha...more >>

Hello, Our SQL server used to run under System account, and I had no problems executing DTS packages from the ASP.NET: Dim oPkg As DTS.Package oPkg = CreateObject("DTS.Package") oPkg.LoadFromSQLServer("WIN2000", , , DTS.DTSSQLServerStorageFlags.DTSSQLStgFlag_UseTrustedConnection, , , , "I...more >>

Hello, I am trying to get FormAuthentication working, but the FormsAuthenticationTicket does not return the UserData. Does any one have any insight into this? To create a Authorization ticket, I am using this code: //grab the roles for this user. Pipe delimited string. string roles = Re...more >>

I have an application where I move a user from http to https to http. On every move from https to http I get the following popup: You are about to be redirected to a connection that is not secure......... I running on Windows 2000 with IE Version 6 with SP1 I have tried unticking the follo...more >>

Hi All, I use .NET 1.1 vbc.exe command : vbc /r:xxx.dll /t:library test.vb to general a test.dll. This library provides some web custom controls for ASP.NET developer use. I don't use the vbc.exe option "/debug". Suppose I just only send test.dll file to other people use. Is it possi...more >>

Hi, Looking for what I changed and how to correct. I have a Windows 2003 Sever that I have had running fine several .NET websites for over a year now. Today I decided to change my anonymous FTP site access from 'granted' and denied' IP addresses to 'not anonymous’ and require usernam...more >>

Hi, I am trying to get the How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services example working on my dev machine. Many thanks to Nicole for solving the last problem I had with this. I can now start the DPAPI service, and once I have re-registered the DPAPIComp.dll, I don'...more >>

Hello. Adding some data to a sql server 2000 table. Is the later more secure than the former? If so, why? SqlCommand sqlCmd = new SqlCommand(update, sqlConn); sqlCmd.Parameters.Add("@hashedPass", user.HashedPassword); SqlCommand sqlCmd = new SqlCommand(update, sqlConn); sqlCmd.P...more >>

Hi I'm developing an Intranet system for a client, and am looking at using Windows Authentication, so that the network users don't have to log onto the network and Intranet seperately. However, the client wants users to be able to access the information on the Intranet from home. To that...more >>

Hello, I have a web application that uses windows authentication. All the users log in using an active directory account. When an authenticated user performs certain actions I would like to retrieve specific information from their active directory record (email address, etc). I can obviou...more >>

Hi, I'm trying to do something that I think should be pretty easy, take the = user who is authenticated with the application (intranet application/ = integrated windows authentication), and determine if they are in "this = group". Before, I had queried active directory, got the list of grou...more >>

Hello. I am developing an ASP.net C# application using forms authentication. I have a directory ManageUsers and I want all pages in that directory to be accessed by the system administrator. But, there is one page, ChangePassword.aspx that any authenticated user should be able to access. Ho...more >>

Hi all, I posted this message a couple of days ago on microsoft.public.dotnet.framework and never got a response. I am trying here because it involves security but it's not ASP. If someone has a better idea where this post should go, please let met know. Here is my problem: I am using ...more >>

Hi guys, Couple of general questions for you. Background is I'm about to start writing version 2 of a client's intranet system in .NET (originally ASP). Just wanted to ask... First of all, I'm looking at using forms authentification with a database. So am I right in thinking that I need ...more >>

Hi, Is it posssible to connect to Sql Server using DSN? Thanks, Ben ...more >>

Hello, In my application I have to impersonate users, so I add <identity impersonate="true" /> to the Web.config file. As long as I run the application on my PC - everything works fine. As soon as I put the application on the server - I cannot run the application at all, I get an "Acce...more >>

I am becoming familiar with the standards and practices of secure Web Services, particularly encrypting the messages with Tokens. What I don't understand, and I can't find in documentation, is what type of encryption is used with the tokens, and how the key(s) are passed from the client to the ...more >>

Trying to use the RegularExpressionValidator with the following expression [^0-9a-zA-Z] which functions well when using code with the System.Text.RegularExpressions class but the same expression will not function when used with the RegularExpressionValidator leaving me wondering "what?" The e...more >>

I'm running an ASP.NET webapplication on a Windows 2000 Server SP4 machine with .Net Framework 1.0 installed. The ASP.Net application uses impersonation (windows domain account). This is needed for communication between two servers (some ldap stuff). Furthermore the application uses FormsAuthe...more >>

Hello, I'm using this code to access a network share from an asp.net page: Dim dir As DirectoryInfo = New DirectoryInfo("\\10.0.0.150\FormLib\") Dim files() As FileInfo = dir.GetFiles("*.eps") When I try to do it, I get this error: System.UnauthorizedAccessException: Access to the path ...more >>

Hi, I'm trying to use the CredentialCache.DefaultCredentials to pick up the credentials of the current user but its not working correctly. I've switched off anonymous access and gone thru the code in debug mode but I keep getting a 401 security exception. The code works perfect if I hard code ...more >>

Hi, Is there a way to securely ecrypt and decrypte a URL? for e.g encrypting and decrypting using Triple-DES algorithm. Are there any security implications? Another question: what is the best way to pass session variables between ASP.NET to ASP applications. Any help will be appreciate...more >>

Hi , mr Rangh told some what about that . but unfortunately it was not cleared. we know that , we can restrict users in the web.config. **Does it mean windows users or Database users.** If web.config denotes the windows users , i can only restrict the database users by collecting the user ...more >>

Hi, Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET with Enterprise Services" from Building Secure ASP NET Applciations pdf, after installing the service, I try to start it, but get the error "Services - Could not start the DPAPI Service server on Local Computer. Erro...more >>