Hi; When we create the membership DB we have to create the admin user in it in our setup program. Otherwise, there is no way for an admin to get in our ASP.NET app and create additional users. What we have works unless the user first selects the wrong database for which database is the m...more >>

When my ASP.NET app writes to the event log in Windows 2003 I get this as the event: The description for Event ID ( 0 ) in Source ( Windward Portal ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote comp...more >>

Hi; This appears to be working but I want to make sure I am doing it right. I want to be able to run where it passes my Windows Identity to my ASP.NET app. But I want the ASP.NET app running as whatever user is the default for that - NOT as the client user. What do I set? In IIS Aut...more >>

Hi; My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this the correct user for strictest security? I thought best was "NETWORK SERVICE" or something like that. And do I need to set this when installing the app? I don't think I am specifying the user to run under anyw...more >>

Hi; Ok, I've almost got my system to handle opening files using any uname/pw setup. One item remains. If a share and file is set to allow "Everyone" then I want to allow any user to open it. This requires either: 1) Is there a way to get the access rights for a share and for a file in the...more >>

Hi, I was wondering if there are any samples that uses the new ASP2.0 Login Controls which authenticates NetworkUserName / DomainName / NetworkPassword ? Both on workstation and actual network domain environment. Thanks, Henry :) ...more >>

Hi, I have implemented a .NET 2.0 app which uses Forms Authentication, sets a cookie upon succesful validation from DB etc. Everything works as expected and all pages go to the login page before being sent to the requested page etc. Now the requirements have changed and I need to allow certai...more >>

I have an intranet site that uses Windows Authentication. It is open to all domain users. When I attempt to hit the site it asks me for my credentials. I give it the same domain user name and password I used to log into Windows and it lets me in. It is my understanding that if I am already ...more >>

Hi, I am doing Forms Based Authentication using the built in tools of .NET. Authenticating off a database with some code a wrote and using login.aspx, web.config, etc etc... the usual deal.. I have it all working fine and pages I want to protect show a login page before being logged in to. ...more >>

I have a test http url that allows a connection from any domain user. I am using the following code to test access to it: XmlReaderSettings readerSettings = new XmlReaderSettings(); readerSettings.ProhibitDtd = false; readerSettings.ValidationType = ValidationType.DTD; XmlUrlResolver resolver...more >>

If I call IntPtr tokenHandle = new IntPtr(0); bool returnValue = LogonUser("dave", "windward", "bogus", LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); The returnValue == true and I can successfully create a WindowsIdentity from the passed in tokenHandle, impers...more >>

Dear all, I have been reading some example on how to protect a folder via web.config file. The question is that I wish to protect an audio directory which contains various audio files (mp3, wav, mov, etc.) and the web.config folder protection does not protect these file format. How am I going...more >>

I have used asp.net to develop asp.net application. I want to use https with login page, the others with http. How can I do? ...more >>

Hi; I had assumed that what I am asking here was a common request - but I am not finding anything on this. In my ASP.NET app a user can enter an xml file that we then pull in as data. Needless to say we don't want them able to get the \\hr\payroll\executive_salaries.xml - unless it is th...more >>

Hi, I'd like to access the information in a membership provider from another application. Currently I have an ASP.NET 2.0 application in which I use SQLMemnershipProvider. Everything works fine within the ASP.NET and I may use constructs like Membership.GetUser("name") when I need to access t...more >>

Hi All If I set an ASP.NET 2.0 site to forms authentication mode with requireSSL=true, and I log in though https, then as soon as I swap back to http mode, User.Identity.IsAuthenticated becomes false again and I lose all the previous Identity information. Can anyone tell me how I'm supposed t...more >>

Hi, I am new to web admin and security. Made a certificate server out of the development Win2k server and created a root certificate. The same machine is also the web server for now. Updated the Web site directory properties to require SSL When I query the site from a browser on the LAN it bri...more >>

Hi, I am trying to publish this ASP.NET 2.0 application on IIS 6.0, on a 2003 server. When I publish it on a local drive, it is OK. When I publish it on a file share on file server in the same domain, and try to run it, it throws this exception: //--------Begin Security Exception Descr...more >>

I am looking for some feedback on an approach and if anybody has some documentation to point me to that would be great....So here is the scenario: I have 2 .net apps on running on the same web server. Both apps have databases on the same database server. (web and database are 2 separate boxes...more >>

Okay, I'm using the appservicesDB for users, etc. I understand how to use the web tool to add users, roles, etc. Has anyone figured out how to do a mass users import into this database using SQL? I need to load over 300 user accounts and simply do not want to do this one at a time using the ...more >>

is it possible for a persone to create a cookie client side ? for example my site wants a certain cookie to enter in some sections. is it possible for a person to create that cookie on his computer ? ...more >>

Hi; In our installer (we use WIX so the code has to be C++, not C#) we need to call aspnet_regiis to encrypt the connection strings in web.config. I have three questions about this: 1) What registry entry can we use to determine the location of aspnet_regiis? As not everyone installs to ...more >>

This problem has become a "show-stopper" for us. I have defined a custom section for my web application that contains sensitive data. Because of that, I want to have it encrypted in the same way I encrypt the "connectionStrings" section using the ASPNET_REGIIS tool. The problem is that I get...more >>

Hello, I'm not sure if this is the right forum for this question but it is security related so hopefully someone in here can help. I have two servers, Web01: Windows 2k Adv. Server running IIS 5. Sql01: Windows 2k Adv Server Running SQL 7 I am trying to get user cre...more >>

I am using the login control and need to know how to setup the pages within the site to only be accessible after logging in. I'm have the settings below in my web.config and it works and only allows users in Admin roles. The problem is if I type in the address http:/localhost/test/main.aspx i...more >>

Can someone post an example (preferably framework 1.1, vb.net but c# ok) of how to tell whether anon access is enabled or disabled in IIS? Thanks ...more >>

Hi All, Please find below a snippet from my Web.config <roleManager enabled="true" cacheRolesInCookie="true" cookieTimeout="30" cookieSlidingExpiration="true" cookieName=".ASPROLES" createPersistentCookie="true" cookiePath="/"> My expectation was that for a user session, any calls to Roles...more >>

Hi folks, I've been asking some ASP.NET Membership questions here and there for the past 8 days (or so) over and over again. But surprisingly, it seems that no one takes the Membership/role providers seriously - AFAIK. I've been in a fog for the past week, unfortunately. This is my last try to ...more >>

Hi, I’ve got an ASP.NET 2.0 web application that requires SSL. In addition, the pages are configured to use Integrated Windows Authentication. I am having a problem getting automatic authentication to work for internal network users. If they try to access the page using an internal server name in...more >>