I want to create a user certificate with W2K3's Certificate Service and programatically store it in Active Direcory as the value of the userCertificate attribute. Is this the best place to put the certificate? What format (der encoded bibary, base-64 encoded, pkcs #7) should the certificate...more >>

I have two forms,1 is http and another is https. Https is a pop up form and http is its opener. Now, I want to pass back some data from Https side to its opener page but it prompts message" permission denied." Is it possible that i can refresh or pass back some data to the http page from th...more >>

IIS 6.0 Our developer created a asp.net application. I keep getting an error on the website: Exception Details: System.UnauthorizedAccessException: Access to the path "D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is denied. I have used filemon and found that it is trying...more >>

I have an ASP.NET Web Service and Web Site. It accesses a SQL database for its data and retrieves images from another server. There are 4 servers all running Win 2003 as follows... 1 - Domain Controller 2 - SQL Server 3 - IIS Server (runs Web Service and Web Site) 4 - File Server (stores...more >>

I have a question about cookies & browser permissions and turning off cookies when creating a web site (cookieless mode in web.config). I have a web site that of course uses Session variables. But we decided to turn off the cookieless mode because the client specifically said her browser did n...more >>

The requirement is to build an ASP.Net intranet application, so external users can log in to the main web portal via forms authentication, using their windows NT login. This must be done using a standard HTML form. Once they have been authenticated and authorized, they can get into the main po...more >>

I have an webform from which I open a child window to display a calendar. When a date is selected in the calendar window it attempts to set the value of a textbox in the main (parent) window by using the window.opener property to reference the textbox. Everything works fine initially. Howev...more >>

Hi I am using ADAM as i am using XP prof. I am getting error while creating new GROUP. "System.UnauthorizedAccessException - General access denied error" Dim de As DirectoryEntry = New DirectoryEntry("LDAP://localhost:389/CN=Builtin,DC=XXX,DC=com") Dim newProcCntr As DirectoryEntr...more >>

I am trying to create an application using ASP.NET 2.0 which takes advantage of the new Membership features (I am using Visual Web Developer Beta 2). I created a default database on SQL Server 2000 using aspnet_regsql -W on my machine. After following the setup instructions, I am unable to cre...more >>

Hello, I'm working on a portal derived from IBuySpy, and I have changed I check username and pwd against a database, then I make a Session["User"]= UserID (the ID I get from the database, if it exists). Now I create all the pages based on that ID stored in a session variable. If that use...more >>

I currently wrote a login application using asp.net. It works just great on my local computer, but I need to use it on the internet for the company website. I deployed it using the Web Setup Project onto the webserver. Now when I try to access the page that is supposed to be protected(by login), ...more >>

Hello, I'm working on a portal based on IBuySpy, where the main page is desktopdefault.aspx and all content is stored in www.domain.com/content/html/nnn or www.domain.com/content/images/nnn and injected in the desktopdefault.aspx page. How can I prevent users doing www.domain.com/content/i...more >>

Hello, I am trying to copy a file from one domain to another. I have the username and password of the destination domain. I tried a couple of options - 1. Using the Impersonator Class - http://www.codeproject.com/useritems/ZetaImpersonator.asp 2. Using WebRequest object to write the file ...more >>

I am trying to run a batch file from within an Asp.net webservice and am receiving an Access Denied error. I have verified that the impersonated user has proper rights to the directory that the batch file is in by executing a program from the same directory. It seems that everything works fi...more >>

Hallo, wie have an RSA ACE Server. I must implement RSA check by loging into webapplication (ASP.NET) . which api (and which RSA Agent) should I get? Or I should write an RSA-Agent? Thanks...more >>

Hi, I am writing a web application, and would like to make it secure. By secure I mean, that the data that is transmitted is not altered, and if data is stolen the data that they view has no meaning to them. I was trying to following this link, though I don't know if I am on the correct path...more >>

Hi I am trying to build an aspx application. The application needs to upload images to a web folder. Uploading images works fine, but if the image being uploaded exists, it needs to be deleted first. I use dotnet's IO objects do do the work, but keep getting an access denied security issue....more >>

I'm using Forms Authentication. When I authenticate a user from a database, I use the following line: FormsAuthentication.RedirectFromLoginPage(parameterID.Value.ToString(),chkRemember.Checked); where parameterID.Value is the ouput parameter from my stored proc which is the primary key from...more >>

I am new to implementing LDAP I need directions to implement LDAP. Any detailed articles ?? Thanks -- http://pathidotnet.blogspot.com ===== vInAypAtHi o__ ---_,>/'_------ (_) \(_) ---------------...more >>

<REPOSTED> Guys, I need to build a web intranet application that can automatically create a user account when a new user registers on the site. The user account will be on the web server, member of the guests group (or some other limited group), and get read permissions to a special folder....more >>

Hi all, In my aspx page, I initial the Word object like this: - Microsoft.Office.Interop.Word.ApplicationClass app = new ApplicationClass(); but the IIS response "Access is denied". I appreciate any response. ...more >>

I am using forms authentication on my web application which requires users to log in to add content on their website. Upon loggin out, i used the log out method in the Forms Authentication Ticket. However when i have hijacked the cookie, i am still able to access the protected pages. ...more >>

Hi all I need to implement the following scenario in my application: 1. Roles are stored in SQL-SERVER. 2. Access Rights will be given to the roles by the administrator by the application itself. 3. Access Rights will be given on functionality basis. e.g. some role can Add a new record, some...more >>

Hi All, I have a web app on our intranet, and when an employee goes to the main page, it authenticates via Windows Authentication when the user fills in the user credentials dialog popup. I grab their name from wp.Identity.Name (WindowsPrincipal), and look the user up in a SQL Server databa...more >>

I have just finished an ASP.NET application, but I don't know if I need to deploy/release the project in order to use it on the internet. It doesn't sound right to just put all of the projects' files onto the web server where the site is hosted, because then anyone could access them. I have lo...more >>

I have a asp.net web application on windows 2000 advanced server having latest security updates installed and .net framework 1.1. with latest patch. Eventhough application is configured to allow anonymous, when I try to access the application using its IP address, it shows a dialog asking log...more >>

For some unexplained reason, I am suddenly unable to browse to a virtual directory on my laptop. I have a number of sample websites to which I could happliy browse up until last week. As of Monday, if I browse to any of the sites, I get an HttpException saying "The directory does not exist or ...more >>

I have a web.config section that only allows certain groups into a subdirectory. Is it possible to specify that only some types of files (example .htm) should be protected and the rest are unprotected? Thanks. ...more >>

I have an ASP.NET/C# web site that the user has logged into using my own logon page. How do I set the current web request to use the credentials the user has just provided? I want this so that I can access Exchange 2003 without the user being redirected to the OWA logon page. -- Thanks, ...more >>

Does anyone know if the W3C (or another accredited organization) has created a web security standard - something like the ISO 9000 standard, but for security? I'm architecting a public site with sensitive data, and I'd like to have it's security model certified. Thank you....more >>

I am trying to decide on an cryptography class to use with my ASP.NET web application. I have looked and several articles on building crypto classes, but I wanted to stick with Microsoft best practices. The application could contain some very sensitive information. The first class I looked...more >>

Hi, I've got this asp project, Authentication mode is set to Windows and the identity impersonate is enabled. Is there any way to find out what user is logged in? I was thinking about something like the User.Identity object. But when i check the User.Identity, it is logged-in as an annony...more >>

I got access is denied error in asp.net when setting authentication mode="Windows", <allow users="*" /> and identity impersonate="true" in web.config. Anonymous Access is disabled and Windows authentication enabled....more >>

Hi All, I have a web page that tries to write in a xml file but I have an Access Denied error on the xml file. The page is working properly on the development computer but not on test environment. On the test environment the Web sServer is also PDC so there is no ASPNET account on this c...more >>

Hi, I am trying to figure out the default Worker Process Account for ASP.NET Worker Process. Following is my list - IIS 5.0 on Windows 2000 - ASPNET IIS 5.0 on Windows 2000 with Domain Contoller - IWAM_<machine name> IIS 5.1 on Windows XP ...more >>

I want to use Forms Authentication and authenticate user credentials against active directory. Using advapi32.dll and LogonUser I am able to do just that as long as the machine IIS is running on is a member of the domain. But what if the web server is not a domain member? Can I still use the ...more >>

Normally impersonation is set to true. Due to an intermittent Kerberos issue I'd like to set impersonate='False' on a per session or per error basis. In other works I would like to handle the error by turning impersonation off. This would allow the user experience to continue while I trou...more >>

I'm using forms authentication and I want to limit access to certain directories only to users with certain roles. I have the following code (simplified to isolate problem): Web.config (main directory) <authentication mode="Forms"> <forms name="WhsWebAuth" loginUrl="~/login.aspx" prot...more >>

Is it possible to exclude a web page from forms authentication? -- Steve...more >>

Hello all! I'd like to to impersonate the domain account a web service runs under. I need this to do a trusted connection to SQL Server. The current settings for the ASP.NET app are windows authentication and impersonation. So if I do a trusted connection to SQL Server it would be in ...more >>

I have to restart IIS every time I add a domain user to the local accounts I use for windows authentication in my asp.net application. I would like to deploy this application, surely I'm missing something. Is there any way to get IIS to re-read the local machine groups for authentication...more >>

Dear all I'm having a probelm concerning the security of my application. the problem is when a user is loggoed in and then he looged out i redirect him to the main page of my application but if he clicks on the Browser's "back button" he could then enter to the application. i'm removing all ses...more >>

Hello, I was given some code that was done in ColdFusion, and I am trying to figure out how to map the LDAP path. Any help would be appreciated. This is what I got from the Microsoft web site // Path to you LDAP directory server. string adPath = "LDAP://yourCompanyName.com/DC=yourCompanyNa...more >>

Hi All! I am busy developing the probe tool to ensure that end to end communication is working, this is done by sending an xml message to a server, and they accept it. I have now included SSL support, currently, I have created a Certficate policy to accept any server certificate, I will lat...more >>

I have an asp.net program that needs to request info from another server but authenticate that other server certificate to ensure an "unauthroized" redirect has occurred. Note that "authorized" redirect can occur, we need to validate the server cert to ensure we're still submitting sensative i...more >>

I’m working on an ASP.Net application that uses forms authentication and I could use some help. I need to build some custom HTTPHandlers to handle security on some word documents that I have on my website. I’ve created a class named DocHandler (see the code below, thanks Atal Bihari Upad...more >>

I'd like to restrict access to part of my web application based on IP addresses so that only my company's computer can access. I understand that IIS Manager has a security feature to restrict access based on IP addresses. Does my company have to invest on a STATIC IP address, so that IIS can ...more >>

I have a question regarding the storage and encryption of connection string data within an ASP .Net application that I am writing. I am using ASP .NET 2.0 and have just recently downloaded the latest CTP Beta 2 version of Whidbey. After some trial and error, I am faced with three options and...more >>

I have several questions. 1) Does forms authentication store and re-send data intended for the secured page via a post request during its redirection to the login page? For example, I am a authenticated user filling out a form. I leave my computer for a bit and my session times out. I...more >>

Hi, I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the menu options visible to users. However I have struck a problem. How do you use roles= to only show items when there is no user logged in (no roles). For example: <siteMapNode url="" id="User" title="User Feature...more >>