Hi, I've got a problem with an LDAP query submitted from my ASP.NET application. Configuration: Windows 2003 Server Standard Ed., the application uses Windows Integrated Authentication and is configured with <identity impersonate=”true” /> I try to submit the following query: ...more >>

Hello, I've been struggling with this for couple of days now. All I want to do is to enable SSL protocol on the webserver. I want to be able to generate and sign my own certificates. I used various tools to do that, such as makecert.exe from .NET SDK and even downloaded OpenSSL and genera...more >>

Hey, My client wants to implement some sort of dynamic location role-based security rule for a web app. Normally, in my web.config, I define the location authorization rules such as: <location path="WebForm.aspx"> <system.web> <authorization><allow roles="Employee" /></authorizatio...more >>

Hello, I am trying to enable SSL on the web server. I want to generate a test certificate for development server. I used makecert.exe utility to generate test certificate ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfcertificatecreationtoolmakecertexe.a...more >>

Hey, OK, so, i'm implementing windows security in a web app and found a strange thing. can anyone explain what is going on? I have my web app and in web.config i have the following entries in their respective places : <authentication mode="Windows" /> <identity impersonate="t...more >>

does anyone know how to programatically in C# get a list of all groups from active directory? i thought i saw a sample on MSDN, but, I can't find it. Thanks...more >>

Hi, I'm having a problem with forms authentication on an asp.net application. To summarise, after logging in initially, the login never expires. I can come back to the application after days, and I'm still logged in. However, if I delete cookies from the browser I am once again redirected t...more >>

Hi, I'm a bit confused as to how to have windows authentication / integrated windows authentication with allowing anonymous access. for example, i have an app where pages A,B,C i want to allow anonymous users.... but, pages D,E,F, i want to use Windows Security (user must provide a valid...more >>

Hi, I am supposed to modify/manage some code. it was on a machine in "Network Shared", I whacked it from there and put it in my wwwroot folder, I opened it after creating a Virtual directory and it gave me this "Warning" When I open the "Sample.sln" I get warning + Errors which reads: The pr...more >>

I need to build in some role authentication for a web app... so, going to use the web.config to build my rules for the location files. my question is.. does anyone know? on my development box (out of work), i'm out XP Pro... and i've created some groups and users to test it... ...more >>

hi i have write an asp.net application that insert the some rows in sql database i want to deny users from refresh the page because it cause a new insert row in database thanks for your help ...more >>

Hi everyone, In asp.net 2.0, there is a Login control. I want to use that to log in, but I want to check the username and password with an ldap query. Is that possible. I want Windows authentication, without the login screens of windows you get when you use Windows Authentication in the we...more >>

Hi everyone, I want to use the LdapAuthentication class in asp.net 2.0. To use that class, I must say "using System.DirectoryServices" But that doenst' wordt for asp pages, only for windows apps, or am I wrong? thanks! Filip...more >>

I have two webservers running the same aspx pages. (The webpage allows Active Directory Editing). These pages run fine on the 1st server but not on the second server (it errors with Logon failure: unknown user name or bad password). The web.config file (on both servers) have these options se...more >>

is it possible to use authentication mode=windows and forms togather in the same project? i have a 2 different asp pages in my application .one of them should be authenticated with 'forms' mode and the other one with 'windows' mode. i was able to do each one alone with the help of the <applic...more >>

Hello all, I have been struggling with getting role-based security working with forms authentication. There are two things happening/not happening in my code that for the life of me I can not figure out. The first is that when I create my authentication ticket containing my roles and add the...more >>

hello all, why would the following error occur, and how is it fixed? It seems like IIS cant create a temp directory. I also added the ASPNET user to the \Temporary ASP.NET Files\ directory with full rights, but it didn't seem to work. Exception Details: System.UnauthorizedAccessExcep...more >>

Hi! I have website which prompts the user to login to get access. I want to disable the possibility that the user is prompted to save the password by Internet Explorer. I can do this manually by unchecking "Prompt me to save passwords" in the Tools->Internet Options->Content->AutoComplete dialo...more >>

I'm at a loss to what the solution is. I have an intranet application that runs on w2k3 with iis 6.0 security set to Integrated Windows authentication only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1 (1.1.4322 SP1). The web.config authentication mode="Windows" and authorization ...more >>

Hello, 1. where can i place the code which will redirect users, according to their roles ? 2. is redirection, according to roles accustomed or is there another mechanizm out there ? 3. can this be done inside Application_AuthenticateRequest funcion on file: Global.asax ? 4. i want to ...more >>

I neeed to send authentication token /cookie to ASP.NET login page. Can any one tell me how to do it. Do I need to configure anything in ASP ..NET . Please advise. Cheers Prabu ...more >>

Hi, I have a problem with windows authentication, with a web based form. I can logon with the function logonuser with my username, password and domain, but I don't get the windows rights of my windows account. I've looked to different websites, but it doesn't solved my problem. My code, fun...more >>

Hi, 3rd day is already gone without any solution. My problem is, I have a Windows Server 2003 sp1 machine as my development platform having NTFS filesystem. Other notable components installed are ODP.NET (latest version), WSE 2.0 sp3, offcourse VS.NET 2003 so .NET 1.1. When I enable For...more >>

hi, i wrote a asp.net login and i want to deny users who enter incorrect password more than 3 or x. thanks for your help. ...more >>

I have created a web application that is utilizing Forms Authentication and URL Authorzation for application security. The problem arises when an authenticated user (the authentication ticket cookie has been set) attempts to access a sub directory or file where I have explicitely denied them a...more >>

I have a web page that is created in asp.net and uses FormsAuthentication. All of the info for this is set in web.config file.. I copied the login page, the actual page and web.config file to a virtual directory on IIS which has a bunch of other asp pages that belong to the site.. Can I do ...more >>

What are the steps needed to give my webservice adequate security priveledges to run an exe? Here is my basic webmethod: Process proc = null; ProcessStartInfo procInfo = new ProcessStartInfo("Notepad.exe"); procInfo.UseShellExecute = false; procInfo.CreateNoWindow = true; proc = ...more >>

m=2E..@o2.pl 19 Sie. 09:30 poka=BF opcje Grupa dyskusyjna: microsoft.public.adsi.general Od: m...@o2.pl - Znajd=BC wiadomo=B6ci tego autora Data: 19 Aug 2005 00:30:24 -0700 Lokalna: Pi=B1t. 19 Sie. 2005 09:30 Temat: Change User attribute in Active Directory by web (vb.net) Odpowiedz |...more >>

Hi all, I'm trying to implement role-based authentication for the following directory structure in my ASP.NET app. login.aspx Admin/ Members/ The web.config in my Admin directory is as follows <configuration> <system.web> <authorization> <allow roles="Admin"/> ...more >>

I have this same problem, and I've *half-way* resolved it. It turns out that this is not exactly an IO problem; it's actually a security issue and maybe even an ASP.NET bug. Here is what I've done so far... 1. Learned from this post that there are problems with the FromFile method when usin...more >>

Hi. I'm working on an ecommerce application. There is a conventional registration page where the person is identified by his entering an email address and password. I was planning to have all customer information encrypted, and the password salted and hashed with SH-1. However, when a reg...more >>

How to allow the default user account of ASP.NET to access system registry of WinXP? My page raises following exception and I believe that happens because my script accesses the Event Log of WinXP: my code: if (EventLog.SourceExists("MySource")) EventLog.CreateEventSource("MySource"...more >>

Hi, It said that IIS 6 use HTTP.sys as the front end for handling HTTP request, and pass ASP.NET requests to w3wp.exe. So I think this also means security settings in IIS (metabase) is bypassed, right? Apparently the answer is no, I'ved tried using IIS to set my ASP.NET web application's aut...more >>

I have a page that (simply put) displays information from a SQL database. I've split off the business logic and database access logic into different classes. My database access class exposes static methods for loading typed datasets with information from the database. I call methods in this...more >>

We are facing problems while using cookieless session. When the user copies and pastes the url from one machine to another, he is able to access the data entered by the first user. Is there any way to eliminate this problem. Thanks in advance....more >>

I have a web app that allowes you to upload files to a shared forlder and also read them off a list of uploaded files. I created a shared drive on the destination server, and using a mapped virtual folder to the shared, I can view the files from the shared drive. My problem is writing the ...more >>

I restricting access to a web folder in the web.config file with entries like this: <location path="Account" allowOverride="false"> <system.web> <authorization> <allow roles="User,Admin" /> <deny users="*" /> </authorization> </system.web> ...more >>

ASP.NET app running for about a year with no problem and suddenly this week it's giving error message. The same as the one decribed by another user. Even stranger is that we only have this problem from some web clients (desktop browser, IE) , some other people do not have problems at all from...more >>

We are migrating from our old intranet server to a new one. My ASP.Net C# app uses integrated security to connect to a SQL 2000 server located on a different machine in the same domain. It is working fine on the old server. The following are in web.config: <authentication mode="Windo...more >>

I found that .Net 2.0 has Login Controls / support for access control I would like to ask how could these components work with existing 1.1 applications or even asp applications? thanks ...more >>

Hi I have an intranet page that starts / stops windows services on the local machine. This works fine on my dev machine and indeed all machine that I have tried it in that are NOT domain controllers. unfortunatly the machine I want this to run on is a dc. I have turned on windows authent...more >>

I am implementing my own web server that will authenticate users using out-of-band methods (like IIS does in the case of Windows authentication). I am implementing an HttpWorkerRequest and asking HttpRuntime to process the request. I expect existing ASP.NET applications to work without changes...more >>

How can the session be persisted when switching? MattC ...more >>

HI I am calling exe (vb.net application) from web application for this i wrote code like this system.diagnosis.process.start("e:\...") i wrote above code in button click event. inorder to work this application i made few changes 1. in machine.cinfig file, in <Process Model> entitit...more >>

I have an application that runs over our intranet. I have some pages I only want "Administrative" people to see. I thought one way of doing this was to creqate a sub directory in the application dorectory and add a web.config file that would limit access to only those that we want as admin. Bu...more >>

Hello, I am having trouble using Integrated Windows Authentication between our intranet server and our database server, both of which are on our local domain. Windows authentication works for our intranet server - my domain user "DOM\nme" is correctly authenticated and authorized to view...more >>

Hi guyz, I have a form which is to record the user id, password and email. I filter the email using requiredfield validator and regularexpression validator. Everything works great till I found somebody can put this data in the database, like this : having 1=1-- for the email field. Ca...more >>

Will the code below protect me from SQL injection in an ASP.Net page? Dim cmd As SqlCommand Dim prm As SqlParameter Dim salary As String cmd.CommandText = "select salary from employee where name=@name" prm = New SqlParameter("@name", name.text) cmd.Parameters.Add(prm) salary = cmd.ExecuteNonQ...more >>

Hi everyone, im about to start to design an application where security will be a must. I am starting to develop a web service that will be used for winform applications either from the local lan or from the internet. Also, i might use the same thing in an asp.net web site. I will pass a datase...more >>

Hello, im using the enterpirse Library - July 2005 and when i had published my application in the production server, i got this error: Exception Details: System.Security.SecurityException: Requested registry access is not allowed. Im using the configuration, data, exception blocks. ...more >>