all groups > asp.net security > may 2005
Filter by week: 1 2 3 4 5
DPAPI Exception Decrypting across domain
Posted by PK9 at 5/31/2005 4:55:10 PM
Hi, I'm using the dpapi to encrypt and decrypt data that is passed between
computers on a domain. The system has a presentation tier server (domain
controller), web services tier server and a database server. I am encrypting
data from the presentation tier which is sent to the web services t... more >>
IIS and ASP.NET authentication
Posted by KDV at 5/31/2005 3:54:44 PM
I was playing around with IIS and ASP.NET authentication. I understood
Basic,Digest and Integrated Windows authentication provided by IIS. When I
use either of these mode and use Windows authentication in ASP.NET then
ASP.NET automatically constructs Windows principal which is available in any... more >>
Help!! Problem instantiating WORD object using C#.NET
Posted by Handy Mulia at 5/31/2005 12:14:02 AM
Hi experts,
I am trying to open the content of a WORD file from C#.NET which resides in
the REMOTE SERVER, however I get an error:
"System.Runtime.InteropServices.COMException: Server execution failed"
when declaring new Word.ApplicationClass().
string fileName = this.btnWorkOrder1.Value... more >>
Force login up
Posted by VK at 5/30/2005 12:16:03 PM
Hello,
I am letting IIS via AD authenticate the user. Now the window login popup
always appears when the user access any of the pages on the intranet the
first time. However I want that the window popup should appear via a link or
something like that. Now can I force that window pop up to... more >>
NT AUTHORITY\NETWORK SERVICE -- Dangerous?
Posted by Mek at 5/30/2005 8:50:04 AM
I am not entirely sure how this Windows user ID is used, but I have a
security question about it. If I give the NETWORK SERVICE account read/write
permissions on my SQL Server (so that I can use Windows authentication for my
web app), do I incur a security risk? In other words, is it possibl... more >>
SAML
Posted by jt at 5/29/2005 5:20:02 AM
Does Microsoft fully support SAML? One article I read states that Microsoft
supports SAML tokens but does not plan to support the SAML protocol.
Also, does anyone have any recommended resources (books, websites) to find
examples of implementing SAML in .NET.
Any help is appreciated. Tha... more >>
Data source not visible by ASP.NET working process on IIS 6.0
Posted by Nick Poulis at 5/29/2005 2:55:28 AM
Hi to all
I face the following problem,
the following code (very simple) is contained in
a referenced class method
Dim cn As New OdbcConnection("DSN=BOC;UID=Admin;PWD=;")
cn.Open()
When aspx page reaches the method containing those lines
I get the following server error:
ERROR [IM0... more >>
Disable Stack trace sent to client
Posted by robin9876 NO[at]SPAM hotmail.com at 5/27/2005 8:24:16 AM
In an ASP.Net application how do you configure the stack trace not be
sent to the client but record the information on the server?
... more >>
Don't see what you're looking for? Search DevelopmentNow.com.
casting type for objectGuid
Posted by at 5/27/2005 12:00:00 AM
Hi
I am trying to put a user's objectGuid as the primary key onto a datatable
and be used as the unique key on editing / updating. But I seem to get
casting error with the following statement
dt.Columns.Add(new DataColumn("object_Guid", typeof(string)));
Any idea?
TIA
--
... more >>
find out if the user has enough rights to open a page
Posted by Corno at 5/26/2005 2:56:59 PM
Hi all,
How do I find out if the current visitor of my page has enough rights to
open another page on the same server?
I need this to show a link to that page only when the visitor can actually
visit that page and will not get an 'access denied' message.
IOW, I'm looking for the implement... more >>
Windows Authentication not working after publishing asp.net to IIS
Posted by Jim at 5/26/2005 2:50:05 PM
A web application has been built using asp.net and Visual Studio 2005. The
application is setup to use windows authentication to identify users. The
application works when run from in the interactive development environment
using the new web server included in VS 2005. However when the appl... more >>
How to get LDAP directory server
Posted by VK at 5/26/2005 10:52:10 AM
Hello,
We have installed AD and now I want to authenticate the user against AD via
IIS and get the user information via LDAP. However I dont know the LDAP
Directory. How do I get the LDAP directory?
Thanks... more >>
Problem with uploading Image files.
Posted by IkBenHet at 5/26/2005 2:14:03 AM
Hello,
I use this script to upload image files to a folder on a IIS6 server:
******************* START UPLOAD.ASPX FILE **********************
<%@ Page Language="VB" Debug="true" %>
<%@ Import Namespace="System.IO" %>
<script runat="server">
Sub SubmitButton_Click(Source As Objec... more >>
cryptographic service provider problem
Posted by Eli Kremer at 5/25/2005 11:13:27 AM
I get an error "CryptoAPI cryptographic service provider
(CSP) for this implementation could not be acquired"
I used MachineKey store and DefaultKeyStore in order to
define a key container:
const int PROVIDER_RSA_FULL = 1;
const string CONTAINER_NAME = "SpiderContainer";
CspPar... more >>
ASP security
Posted by Reza at 5/25/2005 10:06:08 AM
Hi
I have two domains A and B. I logon to a computer which is in domain A as a
user in domain B. When I connect to a web application in domain A it does not
know my identity. If I logon to the same computer as a user in its native
domain (domain A) everything is ok. Does somebody know in d... more >>
Single Sign-On with Forms Authentication
Posted by Gabriel Giraldo at 5/25/2005 6:32:16 AM
Hello,
I'm trying to integrate the security (authentication) of several web
applications on my enterprise (we do not have active directory implemented
yet).
I would like to implement a Passport-like authentication system, but based
on Forms Authentication: a system where users authentica... more >>
Quering PrincipalSecurityAttributes on class
Posted by Pasi Häkkinen at 5/25/2005 5:01:01 AM
Hello,
I am applying PrincipalSecurityAttributes on class definition to force
role-based security on my ASP.NET pages. Is it somehow possible to query the
needed security roles for a certain page without maybe creating an instance
of that page class and check possible security exception? I'... more >>
How to get ou of an user
Posted by at 5/25/2005 12:00:00 AM
Hi
I wonder if there is other / faster ways to get ou of the login user?
Here is what I can think of
- authentication
- Search with SAMAccountName=<username entered>
- set PropertiesToLoad.Add("distinguishedName")
- parse the OU= string from the property returned
TIA
--
... more >>
File download
Posted by Ldraw at 5/24/2005 11:37:07 AM
I am using forms authentication to prevent users from accessing a download
page unless there username and password are correct. This is working find
but I need some help understanding how to protect the internal files they
will be downloading. I don't want users to access the download files u... more >>
AuthenticateRequest in Global.asax and a custom HTTP Module
Posted by Leslie at 5/24/2005 11:11:09 AM
I am writing a web services application, using basic authentication.
However, I need to authenticate against user setting up in our database. So,
I need to write my own code to authenticate users.
I think that I could put my authentication code in AuthenticateRequest event
in either Glo... more >>
URGENT: please help ASP.NET Forms authentication and recycling of application pool
Posted by anjinho at 5/24/2005 10:38:42 AM
Hello Dominick
I asked and see that my hoster uses IIS 5 and win 2000 and I have not
an option of a state server.
I know that under IIS6 is an application pool that gets recycled, is
this also the case under IIS5?
I have never problems, only now and then that I lose sessions (within
th... more >>
Permission on a Web folder ??
Posted by serge calderara at 5/24/2005 12:34:04 AM
Dear all,
I am testing the FileHTm component for uploadinga file to a server folder
name for instantance UploadedFile
This folder is located under my IIS virtual directory structure that define
my web site and for testing I am running IIS on my local Windows 200o machine
In order to be a... more >>
Folder Authorization.
Posted by Thammarat Charoenchai. at 5/24/2005 12:00:00 AM
Hi.
How I set <location path="/admin"> for my all file in "xxx" folder.
now i can use <location path="/admin/main.aspx"> it's work.
but <location path="/admin">
or <location path="admin/">
or <location path="admin"> is error.
anyo... more >>
Problem decrypting data
Posted by Gordon at 5/23/2005 6:20:05 PM
I'm having a problem with the decryption part of the code below. An
exception is generated when creating the CryptoStream for decryption. It's
the error "Stream does not support seeking". I can't figure out what's
causing the error...
ASCIIEncoding textConverter = new ASCIIEncoding();
b... more >>
Machine Key?
Posted by Andrew Robinson at 5/23/2005 1:05:40 PM
I have a web site that needs to pass some data over the URL. I don't think
this data is super-sensitive, but certainly some potential client or
customer might think it is. I am successfully encrypting and decrypting my
data using the RijndaelManaged provider in System.Security.Cryptography and
a... more >>
Re: roleProvider and Windows Authentication
Posted by Dominick Baier [DevelopMentor] at 5/22/2005 9:11:47 PM
Enable security trimming in web.config and use the authorization element - you have to authorize anyway - then use the role attribute in the sitemap file - if you want to show the links regardless of authorization.
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.... more >>
URGENT: please help ASP.NET Forms authentication and recycling of application pool
Posted by anjinho at 5/20/2005 6:22:04 PM
Hello
Now and then while using a webapp written in asp.net I lose my
variables stored in sessions variables.
I lose them before the time out of 20minutes is over. Sometimes just
after a few minutes.
I think this is because of the application pool that gets recycled.
The webconfig is co... more >>
roleProvider and Windows Authentication
Posted by Mark Parter at 5/20/2005 4:58:01 PM
I have a sitemap file containing all of the pages in my application so far. I
have a menu control on a master page which uses this sitemap as it's
datasource to build the menu. I'm using Windows authentication and the
AspNetWindowsRoleTokenProvider but when I assign roles to a siteMapNode, it ... more >>
Setting File & Folder Permissions
Posted by web.reports NO[at]SPAM poole.gov.uk at 5/20/2005 6:20:44 AM
Hi All,
Has anyone got any sample code, or links to sites that explain how to
set file and folder permissions using ASP.Net. I'm building a document
publishing system for our Intranet which need to read permissions from
one folder/file and replicate them to another.
I've been Googling for a... more >>
Page with multiple IFRAMEs
Posted by benjessel NO[at]SPAM gmail.com at 5/20/2005 3:37:31 AM
We have a web page with IFRAME "portlets". Each "portlet" is served
from either a different virtual server, or from a different server. All
these servers are in the same domain. The pages use integrated windows
authentication.
When the user visits the page he/she is prompted for a login for th... more >>
Cript querystring return value potentially dangerous
Posted by Paj at 5/20/2005 3:27:13 AM
hi,
this code cript a querystring by Rijndael class:
_______________________
RijndaelManaged rjm = new RijndaelManaged();
rjm.KeySize = 128;
rjm.BlockSize = 128;
rjm.Key = ASCIIEncoding.ASCII.GetBytes(cÂhiave);
rjm.IV = ASCIIEncoding.ASCII.GetBytes(iÂv);
Byte[] input = Encoding.U... more >>
System.Security.SecurityException: Requested registry access is no
Posted by Tim Reynolds at 5/19/2005 3:15:04 PM
Using Web Service to raise Event, for Enterpise Instrumentation (EIF) to
write to Application Log (in event viewer). I just reimaged my pC - so trying
to get it set up - I had it setup before using Win 2000 and don't remember
hitting this error. Now I'm on XP Pro, and seeing:
Error loading an... more >>
Delegation user's credential from webserver to backend server through terminal service
Posted by culeno at 5/19/2005 12:01:01 PM
I have an intranet application within a domain. Following the KB
article: How to configure an ASP.NET application for a delegation
scenario
(http://support.microsoft.com/default.aspx?scid=kb;en-us;810572) allows
us to impersonate user's credential from the web server to the back end
server (SQL... more >>
Security problem when writting to Event Log
Posted by JMMB at 5/19/2005 9:38:05 AM
When trying to execute the following code in a web service, I get the
enclosed error. Everyone has full control to the registry and Security
System is configured with the default "Full Control" access for "All code".
thanks a lot.
WEBMETHOD:
EventLog log = new EventLog("ContosoLog");
log.S... more >>
Connecting ASP.NET to SQL Server Application Roles
Posted by Graeme at 5/19/2005 8:32:08 AM
I'm trying to connect an ASP.NET to a SQL Server application role but can't
find how to keep the connection between pages.
My initial page asks the user for their SQL Server username and logon.
I then do the following:
Create a connection string using the user's logon and password;
Crea... more >>
Directory Binding and Search
Posted by at 5/18/2005 6:24:57 PM
Hi Joe and All
Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same credentials
with ldp.exe and I was able to get the attributes I wan... more >>
Authentication via AD
Posted by VK at 5/18/2005 1:59:03 PM
Hello,
I want to authenitcate my users against the Active Directory. Do I have to
go through the LDAP to do that? We are not using LDAP. I have googled and
found several examples - however they all use LDAP.
Any suggestions?
Thanks... more >>
FormsAuthentication.SignOut() help....
Posted by Brian at 5/18/2005 7:46:22 AM
Hey all,
I am using FormsAuthentication.SignOut() to sign users out of their
session, however, if they use the Backspace button they can backspace
through the pages and see some vital information.. Can someone tell me
how to fix this????
Here is my login code..
------------------------... more >>
Active Directory Authentification in asp.net 2.0
Posted by Stefaan Dewulf at 5/17/2005 3:02:52 PM
Hello,
I have an intranet site developped in asp where username and password are
storred in the sql database. Now I want to rewrite the intranet site using
asp.net 2.0. I also want to use form authentification to check active
directory for username and password. I can't just use the windows... more >>
Getting asp.net to not write to c drive where temporary folders reside?
Posted by John Dalberg at 5/17/2005 10:53:23 AM
If an ASP.NET needs to use an Access database and impersonation is turned
on, ASP.NET writes temp files to "Document settings\ServerName\ASPNET\Local
settings\Temp" (in my c drive) even though I have my TMP and TEMP user and
system environment variables set to a folder on another partition.
... more >>
Best practice
Posted by Julia at 5/17/2005 4:35:12 AM
Hi,
I need to read about how to secure my ASP.NET app. Where can I find some
Best Practice about this. My company is using an AD to store all user
information.
Thanks
Julia... more >>
<deny users="?" /> <allow users="*" />
Posted by Kylin at 5/17/2005 12:00:00 AM
<!-- security -->
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
I know the <deny user="?" /> mean that deny the anonymous user ,
And I know the <allow user="*"> mean that allow all the user,
but they are together ,
what is the... more >>
Meaning ?-----------------> ".ASPXAUTH"
Posted by Kylin at 5/17/2005 12:00:00 AM
<authentication mode="Forms">
<forms name=".ASPXAUTH" protection="All" timeout="60"
loginUrl="desktopdefault.aspx" />
</authentication>
".ASPXAUTH" ???
--
FireCrow Studio
Kylin Garden
ICQ:156134382
... more >>
ASP.net impersonation security
Posted by spo via DotNetMonster.com at 5/16/2005 5:24:39 PM
Does .net impersonation have any security risks from the ntfs side of
things? We currently have our intranet apps placed on the webserver
uncompiled and I have a concern that a user can get to the code behind
pages. Is this a valid concern? Please let me know of any other security
issues you ... more >>
Extendig SqlMembershipprovider
Posted by ManniAT at 5/15/2005 12:00:00 AM
Hi,
SqlMembershipProvider does (allmost) what I want.
So I'm not willing to write my own provider.
But I want to change some little things.
a.) I want to be able to add an "Email-OptIn feature"
so the user should get an email with a link "Click here to activate your account"
b.) I want enh... more >>
Newbie question
Posted by RD at 5/14/2005 12:01:06 PM
I have a login which does a lookup in a Sql server table to check for valid
usernames and password. Then if login is Ok user allowed to go to next page
by using a response.redirect. Once on the next page he can continue using
site.
Question is how do I prevent a user from copying a URL from th... more >>
Unable to start debugging on the web server
Posted by Greg Dunn at 5/14/2005 7:11:09 AM
In attempting to run a very basic web application on a student machine in a
classroom, the following error message appears:
Error while trying to run project: Unable to start debugging on the web
server. Access is denied.
The associated Help entry recommends checking several things. I... more >>
Obtaining Windows Username
Posted by lajuan at 5/14/2005 1:48:53 AM
Hey all,
Once again, I find myself requiring your expertise, so I'll say Thank
in advance. I was going to try using Kerberos (thanks for the inf
Ken), but unfortunately after speaking with our network admin, it isn'
an option. So I'm going to use Windows Authentication in the web.confi
file ... more >>
DirectoryEntry.Invoke access is denied
Posted by Jason at 5/13/2005 11:40:03 AM
In an ASP.NET application designed as intranet using Windows Authentication.
I am trying to query a PDC group to see if a string matches a user that is
assigned to the group using the function below. On my development box, all is
ok when I access through debug or using the http://localhost. W... more >>
listing Object properties from SearchResult
Posted by at 5/13/2005 12:00:00 AM
Hi
I have the following lines of code that are suppose to list some selected
properties of all the object entries in a SearchResult but the code is only
listing one property ie. the 'sn' and the corresponding value for all the
entries, do you have a clue why?
TIA
----------------------
... more >> |
