Anyone have suggestions for biometric or smart card or key fob or [whatever else] authentication of a future public facing website? For example, a customer could do something to authenticate themselves and the computer passes some data in the background of their browser session so a user can be ...more >>

Hello All, I think I need to implement my own membership provider, but I am not sure. Here is the situation: I am creating an Intranet App and I have 2 different users, Active Directory (Internal Office) and users that I don't want in active directory, I will call these "Stores" that are ...more >>

Hi, I have a component that is protected by the StrongNameIdentityPermission. I m calling this component from a web application that has the appropriate strong name. I noticed that calling the component fails when the SecurityAction.Demand is on, while it succeeds when SecurityAction.LinkDe...more >>

I'm working on an ASP.NET 2.0 web app using C# and SQL Server 2000. I've created a multi-step user profile page using the wizard web control and when the user clicks on the finish button on the final screen I have code in the click event on the server that does the following: - Creates a n...more >>

i'm trying to connect to oracle 8.1.7 in asp.net using windows integrated security but i'm always getting a ora 01017 invalid username/password. logon denied message. my web application is running on iis on windows xp professional. this is my connection string This is my connection string: da...more >>

I am a newbie with enterprise directories. I am trying to write an ASP.NET application to fetch some data from my university LDAP enterprise directory. There are 2 types of access allowed to the LDAP server. One is a anonymous access and another is the access that exists mainly to give privile...more >>

How can I determine reason for the login error which is occuring? I see no status codes or anything available in the LoginError event. I have implemented the membership capabilities with some minor modifications, the biggest being that I am using a different database name from the standard...more >>

Hi All, I have several intranet applications that use impersonate=true and anonymous turned off to allow me to check for certain network users to use the application. Works great. However, some applications use resources such as the file system for writing temporary files, or for opening f...more >>

Hi, we are planing two use - if possible - two Membership Providers at the same time for authentication within the same application. Short background Imagine a community page, such as a forum. It comes with its very own membership provider given to us by our customer. We cannot change tha...more >>

Please refresh my memory. I have a fair amount of VB.Net programming experience but it's mostly Winforms not Webforms. My question is this: I want to dazzle my boss tomorrow with an interactive graphics display but the only way I can get this to work is by writing a temporary image fil...more >>

Hello, friends, In our forms authentication asp.net app, I used FormsAuthentication.SetAuthCookie() to authenticate a new registered user like the follows: //...already create a new userID from our DB FormsAuthentication.SetAuthCookie(Request.Form["loginName"], true); Then I plann...more >>

I am writing a custom Membership provider for ASP.NET I have derived from the Membership provider and have supplied my own method that work against my security server. For login operation, for instance, I implemented the "ValidateUser(name, password)" function. I can not, however, find any func...more >>

I'm now well beyond frustration. I created an ASP.NET app for our intranet that only certain individuals will be allowed to access IIS is set up with Windows Integrated Security and Anonymous Access turned off. I've made several changes to the web.config including <identity impersonate="tru...more >>

What is the point of being able to add more than one roleManager provider? If you added more than one then how would you make good use of more than one of them as the app runs? ...more >>

Insufficient access rights to perform the operationI am trying to figure out if a user is a member of a role. I installed the AzMan on my XPSP2 box, and set up a role in our Win2k3 domain. I myself to that role, and I call: if (Roles.IsUserInRole(user.UserName, "WholeCompany")) {}...more >>

I've been searching around for an answer to this question, but haven't gotten too far. I'm fairly new to ASP.NET, so I'm not sure how to setup machine.config and web.config properly. What I want to be able to do is allow a domain user to change their password in the AD via a webpage. We h...more >>

When I call Roles.IsUserInRole( user.UserName, "WholeCompany" ) I get the error "Unable to update the password. The value provided as the current password is incorrect". I'm not exactly sure where I am going wrong. this is my web.config <roleManager defaultProvider="WindowsProvider" ...more >>

Hello, friends, I implemented Forms Authentication in my asp.net app, it worked fine. However, now I have another problem: Although a user can be authenticated, but he/she may still not be allowed to view certain pages and folders. For exampl, a junior member can not view pages for senio...more >>

Hello! I´m using windowsauthentication in my asp.net 2.0 website. I have some problems using the rolemanager. I´m using the AuthorizationStoreRoleProvider to perform "role checks" against active directory (win 2000). The problem is that the User.Identity.Name is like <domain>\<user> and I ...more >>

Hi all, I have a problem which I've seen mentioned quite a few time around the net, but nothing seems to work. I've created a web service with one method (see code below). It's running under IIS set to Windows Authentication. Calling the web service from a client application or the bro...more >>

What I am trying to do is change the roles a user is a member of based on where they navigate to into in a site. So what is the point of having multiple roleManager providers? Is defaultProvider required? If I omit defaultProvider can ASP.NET determine which provider to use based on Applicatio...more >>

Hi gurus, I have an aspnet web service running under windows integrated security. When a client calls on my web service, I have access to the authenticated user's SID from the (this.User.Identity as WindowsIdentity).User.Value property. I want to use the SqlMembershipProvider to store Ro...more >>

I need to establish an SSL connection with another in my application. However, I have run into a security exception when I run my code under hosted environment. In particular, I have the following class: Class AcceptAllCertificatesPolicy Implements ICertificatePolicy Public Funct...more >>

I've seen a nujmber of similar posts with no real answer, for my purposes at least. We have a number of applications which we lock down using a applicaiton access table in SQL which is driven by the user's network ID. The way we ensure it is the actual user, we have them enter their network cr...more >>

hi i've a file system web site with a SQL Express DB stored in the APP_Data folder and created with the aspnet_regsql utility. On my local machine every thing work but when i publish the site to a remote webserver on IIS i recive some errors (when i call the default page) : 1) ASPNET (user) ca...more >>

Hi I am using the login control with a custom membership provider. My question is; once the user has logged in how do I programmatically check what roles the user belongs to, to provide the user with the relevant features? Thanks Regards ...more >>

Hi there, I am getting the 403 Forbidden error when I ran the following code, which is a very simple Windows application. BTW, I find couple similar problems posted under dotnet.framework.asp.net.security so I post this question here. What I tried to do is to attach a client certificate a...more >>

Whats the differnce between windows authentication in ASP.NET 2.0? and Kerberos authentication in ASP.NET 2.0? Thanks NEN ...more >>

I was hoping someone might give me a push in the right direction. I have a need for membership and roles on a new website/application being built using ASP.NET 2.0. I have researched the new membership & roles functionality as well as the profile functionality. The application needs to do...more >>

Hi I am trying to setup a customised membership provider and I am getting the following error when trying to run the app; The entry 'AspNetSqlMembershipProvider' has already been added. The line is: <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvi...more >>

Hello, friends, Our asp.net app needs to access other servers from our IIS servers. In web.config, we set: <identity impersonate="true"/> However, this works on some IIS servers, and does not work on the rest of IIS servers. We have to explicitly set: <identity impersonate="true" use...more >>

Hello, I am trying to write a function in asp.net with VB scripting, which gives message when the credit card verification fails. when the user type in the last four digits of cc in a text box, and it fails for the first time, the message is...we didn't recognize the numbers, please try aga...more >>

I am attempting to write a custom Membership Provider, but am having a little trouble getting started. I would like to write the custom provider (either in VB or C#) as a standalone assembly so it can be used in multiple projects. However, when I create a class library project and try to writ...more >>

Hello, friends, We have a .net web app, which will need to access event log files of other machines in our company's network using System.Diagnostics.EventLog namespace. In Web.config, we set: <identity impersonate="true"/> In IIS Directory Security setting tab, we checked ...more >>

Hi Web site administration tool is great. How can I provide this functionality for the end user? I need the end user Admin to be able to list users and then change roles for any of the users or to be able to disable any of the users. Thanks Regards ...more >>

How can I check the permission of the directory? I want to make sure I have the "write" permission of the directory before I create a new file. Any idea? ...more >>

Hi, Idiot question but I can't access the new protectedmemory class from my web application. It's just not listed in System.Security.Cryptography. Works fine for desktop apps. Thanks for the insight. Jon...more >>

I am using the createuseraccount control in my asp.net 2.0 app (with visual webdevelopment express). For my needs the enforced password strenght is to strong; I want to allow users to be able to create passwords with only text. I found that the MembershipProvider password related properties are ...more >>

Hi We have developed an Extranet for our customers. This application needs a Client Certificate to verify the authentication of client and server Request. The problem is that during Windows Client Certificate installation process, the setup application gives the user the option to import h...more >>

Hi everyone, Could you please take a look at an exception for ASP.NET application? My ASP.NET application is using Infragistics WebChart control. I encounter an exception below when deploying the application into a third-part host. It would be very appreciated if you have known the...more >>

Hi, Borthers!!! I have A Problem. My code builds some picture dynamically. To do this I'm using Metafile (System.Drawing.Imaging.Metafile). All that works Fine (on my local machine) untill we run on hosting environment where is set medium trust level. As result I catch the following: ...more >>

Hello. I have a site that uses Basic Authentication (with SSL). The user has an option within the site to change their password. Since this affects their domain account the user no longer can access the site after they change their password. They have to close the browser and then log on ...more >>

I'm trying to enable single sign-in using forms authentication between two ASP.NET applications, one running under ASP.NET 1.1 and another running under ASP.NET 2.0 on the same server. While single sign in between ASP.NET applications is well documented, the solutions described won't work when...more >>

I have developed a ASP.Net page with VS 2005 and SQL Server 2005. The server I am using is Windows 2003 and I have set up 2 websites, one production and one for test and development. This is our corporate intranet server and a DNS entry is setup to point 'intranet' to this machine, however, ...more >>

i have an access 2000 database in a shared folder at network. i have to pull data out of it to process. If i use Window application, it worked fine. but i need to use it in ASP.net. OleDB Connection fails and say it is not a valid path or make sure file exist. I added identity impersonate ...more >>

I am desperately trying to create a login page in ASP.NET in which a user can be authenticated against a Domino Directory but for the life of me, I cannot even find anything remotely close to this on the internet. It's like nobody has ever needed to do this. I already did it in a ColdFusion pa...more >>

I'm trying to use ADAM as the membership provider for my app. I've created a new adam instance with O=test and I imported all the four ldf-files during the install. I added the following to my web.config: <connectionStrings> <add name="ADAMServerLDAP" connectionString="LDAP://localhost:...more >>

How secure is the .net framework in a shared hosting enviroment? I am discussing running a .net application with a hosting company and they are reluctant to allow the aspnet user account write access to a folder within my site. They are saying that this is insecure. I believe that they are ...more >>

Hi, I try to redirect users to specific pages depending on roles: If Membership.ValidateUser(TextBox1.Text, TextBox2.Text) Then 'Membership.ValidateUser(TextBox1.Text, TextBox2.Text) Then Dim encryptedStr As String Dim cookie As HttpCookie ...more >>

>From what I have read, my best guess is the LogOnUser method of Win32API is the culprit here. An article I ran across talked about: - - - On the Windows NT and Windows 2000 platforms, the account under which a program is running requires the Windows SE_TCB_NAME privilege to call LogonUser...more >>