All I want to do is setup a role within the web.config, but what "exactly" do I specify? Can I use a security group? Do I have to specify domain\user? I've tried variations, but none seem to work....more >>

What do I put in the strCookiePath? Thanks public static void SetAuthCookie( string userName, bool createPersistentCookie, string strCookiePath );...more >>

Hi, I'm creating a class, that will go to a database and authenticate if the user exist and the password is correct. What I don't understand, is how I tell my application that the user is authenticated (during a time period), so It doesn't keep asking for the login. Francisco ...more >>

Hi, I was reading that md5 is not that secure and that sha-1 or whilpool or ripemd-160 were better solutions. I'm using asp.net and I want to encrypt the password. Where can I find a sample code for that with sha-1. I can't seem to find one. Thanks Francisco ...more >>

I am trying to set up an ASP.NET 2.0 application using the Membership API with SQL Server 2005 to not require non-alphanumeric characters in the password. I have set minRequiredNonalphanumericCharacters="0" and the passwordStrengthRegularExpression="\w{6-12}" in the web.config. The password ...more >>

Hi there I'm trying to make a web user control using the CreateUserWizard but modified to add a Role during the creation process. Basically I have followed the example given by Scott Guthrie at http://weblogs.asp.net/scottgu/archive/2005/10/18/427754.aspx (the sample he has provider insta...more >>

hi all, how could i get the PC name of the client pc using ASP.net ?? ...more >>

I am writing an ASP.NET 2.0 application using Forms Authentication and a SQL Server 2005 database that was created using the aspnet_regsql utiliity. The database does not use the default name, aspnetdb. I am setting up a page using the CreateUserWizard to allow new users to register with the...more >>

Hello, I'm writing a web method which calls a COM+ method, which I need to call with the user that logged on to windows and invoked the WebMethod (impersonation). Simple impersonation works (impersonte=true in web.config) - however, i need that only a certain part of the code will run in th...more >>

Hello, I am building a web application with the following components: 2 Web Servers - Windows Server 2003 - IIS 6 - .Net Framework version 2.0 - Reside in Domain A 2 Clustered Database Servers - Windows Server 2003 - SQL Server 2000 - Reside in Domain B I am also setting up a...more >>

Hi; Are there any good books out there on security under .NET 2.0? Hopefully covering everything from login/impersonation to cryptography/storing secrets to active directory access. All the books I have are for .NET 1.1 and almost all actions requires calling un-managed code. -- tha...more >>

Hi, I'm using Active Directory as Membership Provider and Azman as RoleProvider, everything works fine except that any change made in Azman after the ASP.NET 2.0 APP is initialized returns a cached version of the roles information. The APP needs to know about any change produced while is runn...more >>

I want my users to get a login page if they forms cookie is not present, but if the forms cookie is present and expired, I want them to get a timeout page. Is this possible with forms authentication? ...more >>

We are using the Membership services and the SQL Membership provider that comes with .Net 2.0. We have no problems but we have added our own tblRoles table to go with the aspnet_Roles table that Microsoft provides. tblRoles has extra information not in aspnet_Roles. There is, and always should...more >>

Hi, I am using MailMessage class to send emails. But the mails sent using my application are recognised as spam. But the same mail when sent using outlook express, are not recognised as spam. Is this because my applications are not using any digital signatures or envelopes while sending mai...more >>

I am stuck with a .Net Compact Framework 2.0 application in Windows Mobile 5.0. The application uses a web service developed in .Net Framework 2.0 to synchronize data with a legacy application. So far, so good. The problem is that this communication is to be protected using SSL and a X.509 ...more >>

Hi, I would like to deploy a web app which uses forms authentication. Because it will be a commercial app, I would like to deliver a standard user / pw. Does anybody know how to do ? thanks Lorenz ...more >>

Hi, I have an ASP.Net 2.0 website which is currently under development, called Web1. It has a link which takes the user to another website called Web2, running ASP which is on a different machine. Web1 uses Forms authentication with IIS6 running with Anonymous user. Web2 uses windows authen...more >>

We're deploying a couple of ASP.Net web apps up to our stage server today, and I'm confounded by some trouble I'm seeing. I'm deploying 2 webs.. one is working, and one is not.. I believe the deployments to be the same with regaurd to how they should be authenitcating... These apps are set up...more >>

Hi everyone! My question is simple. How ca I use the PasswordRecovery against Active Direcory? --- Posted via www.DotNetSlackers.com...more >>

I haven't been able to find a clear explanation on this one. Using Visual Studio 2005, on my test environment (windows xp) the following code returns the user who is logged into windows. However on the server (Windows 2000 server service pack 4) it returns the aspnet account. Both are set t...more >>

First let me apologiose if this is a regular question but I am struggling to find the answer. There are plenty of posts/articles about the AccessMembershipProvider dating back to 12/18 months ago but I havnt seen any recent information about it. One article sugested it was removed during an...more >>

Hi; I think this can be done. I want to be able to do the following: 1) User hits my ASP.NET app from a browser running on Windows XP, and there is a trust relationship between the domain they are logged in as on their workstation and the domain of the server I am running on -> I get their ...more >>

Hi all I have an issue which goes something like this I have a web app that accesses a SQL Sever. I use AD for my users. In SQL i have assigned my users to various roles etc....not SQL users but AD users. my web app uses identity impersonation = true and i have disabled anonymous access ...more >>

I want to create a custom provider, that is going to work with an existing database (I'm not going to use the aspnetdb). I'm going to need to provide additional fields in the creation of a new user account, new fields for changing password and also new fields for the login. Let's take th...more >>

Hello everybody, I have develoved a asp.net application, it is running fine in developmnet environment. But when I deploy it on hosting server, the following error message was displaying during browsing the site: -------------------------------------------------------------- Security Except...more >>

Hello, What I am shooting for is this. I have an asp.net application living on a web farm and I want to have the user sent to a secure server to handle logins and updating private information. What I have done so far is add the machineKey values to the web.config on all instances of the ...more >>

I want to use ASP.NET 2.0 forms authentication for my new website. I have two different distinct types of user roles... "member" and "admin" each should have access to the /member and /admin directories respectively. I can make all that work, but the main question I have is with forms authe...more >>

The code below works fine but if i use Response.Write("First Name=" + result.Properties("givenname")(0) + "<br>Last Name=" + result.Properties("sn")(0) + "") To display the results it doesn't work unless i do "result.GetDirectoryEntry.Properties("sn").Value" to get a value and using GetDirecto...more >>

For those who can help me Hi i want to register people at my website. If i use the dotnet login wizard controle could some one tell me how to enable the account only after i have send an e-mail to the provided e-mail by the user. Within this e-mail i enclose a unique tag from the log...more >>

Hello, I'm trying to use forms authentication and the new automated login process in VS2005. My development machine is WINXP but my database is on WS2003 under SQL Server 2005. I modified my web.config to include the following: <connectionStrings> <remove name="LocalSqlServer"/> <add na...more >>

We have got an application which is using Integrated Windows authentication credential method for logging into the site. Our customer now is asking for a requirement to provide more security. The requirement is like this.. "Whenever the session of the application expires(as per time in web.co...more >>

I am using Windows 2003 Server Standard edition, i just prepared this machine to use for one ASP.net application. i am using IIS 6. ASP.net application runs fine but it become unavailable in every hour with a big red color message "Server Application Unavailable". I did search on net and did...more >>

I am setting up a new web application with ASP.NET 2.0 and I was wanting to utilize the 2.0 Membership and Profiles system. However, I am having a lot of trouble importing a table of user info into the aspnet_Users table due to the unique identifiers and large number of dependencies this new sys...more >>

I want to use forms authentication, but since the forms authentication cookie is not updated all the time, I want to use server-side to check for validation user's login status/information. If I create an unique session key and store it in the forms authentication cookie as custom data, can I ...more >>

HI all, I'm using the forms-authentication/ provider model with the aspnetdb.mdf file. All is OK in devlopment. Now, I've got the site up on a hosting server. How do I remotely manage this database? IOW, I'm going to constantly be adding/deleting users, short of creating another applica...more >>

I am authenticating against an AD using DirectoryEntry and binding by getting NativeObject. Just two lines, create DirectoryEntry and call NativeObject. Functionally everything works. However, it takes over 13 sec to return NativeObject when invoked ASP.Net page. The same exact code in a t...more >>

I'm creating a site which will allow our clients to place orders. Because of different price list and sensitive merchandise we sell (Medical Supplies.) I'm concerned about security. I though that either I have to do a Windows Authentication or Form Authentication. If I use windows authenticati...more >>

Greetings - I'm trying to set up domain login impersonation and delegation for a multi-tier web application. The goal is for the application, middle tier services, and back end database to operate under the end user's Windows domain login id. This is in the context of a intranet deploymen...more >>

I am a fairly new developer and need some help setting up some security for a site I am helping to build. The site should allow any one who goes there to view and use some basic pages, but should also give the option of signing in and then being redirected to the appropriate area of the appli...more >>

Hello, We are going to have a web application that will be load balanced. Uploading documents into the same server is not an option. So we need to create a shared folder in a different machine and the 2 web servers will be accessing the shared folder. Problem is, how can we access the shared ...more >>

Hi Guys, I have a problem which I cannot seem to fix. I have a registration page that requires users to fill in certain information. One of the fields required is "user-Email". In my code behind page (c#), I used one of the overloaded Membership.createUser() methods to create the ...more >>

Hi all, I'm working on a web site and I would like to use the VS login controls. The problem I'm having is that when I create a new user all works fine. The user gets added to the database and is logged in to the web site. the problem is when you leave the web site you can not login again. ...more >>

I am trying to use the DPAPI for encryption of some string data. I took the code right from the MSDN example: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht07.asp Encryption goes off without any issues, but when I try to decrypt I get the following ...more >>

Hi, I have just configured my application to use forms based authentication. Now, when I try to access a page I am redirected to the login page but its CSS and images do not load. It is great that ASP.NET 2 authentication finally protects non asp.net content but how can I change the prote...more >>

Hello, I am getting the following event in the application event log when trying to view a ASP.NET web application. This only happens on 2 of the 8 machines where I've deployed the application. My application is running as the ASPNET user (<processModel ... userName="machine" password...more >>

Hi, I've a problem with my asp.net app. In my developer enviroment, it wor perfect. When we publish teh app in the production server, the followin error msg is recived: Server Error in '/Aplication' Application. ------------------------------------------------------------------------------...more >>

I want to browse the web server physical drives from asp.net page and possibility of creating and deleting folders and get properties of any directory and file , using c# and visual studio 2003 please help thanks. ...more >>

Is there a way to make certain profile properties writable to only users in a certain role? Like allow/deny tags on the property definition. Or some attribute to be placed on a property of a custom profile objects properties the way SettingsAllowAnonymousAttribute is? I could use something like ...more >>

Hello, I am writing a page using asp.NET and C#. So far it's going well but I have hit a small wall here. There are several resources (PDF and Text files) on separate server that requires basic authentication to enter. In the past we used to use http://username:password@www.server.com bu...more >>