I'm implementing an HttpModule for authorization. I want to authorize the user after I know they have been authenticated. The documentation for the HttpApplication AuthenticateRequest event states: The AuthenticateRequest event signals that the configured authentication mechanism has auth...more >>

I'm working against an Oracle database, trying to implement a custom profile provider. I have the membership and roles providers working, and in fact I can get the profile provider to work as well. I'm wondering, however, how this works logically. It seems that when I add an new property to...more >>

I am wondering how create a security framework for all our web application. Is it possible to create a single forms authenication (cookieless) setting for multiple web applications and web config files. For example, I want the security web site on our webserver to serve as a portal for other s...more >>

After quite some time of troubleshooting, searching the web and posting to newsgroups, I have finally managed to use the ActiveDirectoryMembershipProvider and the AuthorizationStoreRoleProvider. The issue I am running into now however is I can not get the two to work together. So I can Aut...more >>

Hi. Can anyone tell me the best way to disable a group of buttons on an asp.net form when the form is submitted? I know I can't disable the submit button in JavaScript before the form goes back to the server, because that would prevent the submission from making it back to the server. I've ...more >>

Ok, I've managed to get authenticated on my proxy by doing : System.Net.WebRequest req; req = System.Net.WebRequest.Create("http://www.mywebsite.com/"); System.Net.WebProxy prx = new System.Net.WebProxy("http://myproxyserver",true); System.Net.CredentialCache cache = new System.Net.Credential...more >>

Hi, I have an ASP.NET web application that requires a signed assembly to be downloaded from the server to the client. In prior versions of the .NET framework, I used the .NET Framework configuration wizard to give full trust to this assembly or any other assembly with the same signature and...more >>

Hello I want to create a WebService which belongs to a custom application pool & doesnt allow anonymous access. I created a user Named "TestUser", and added it to the IIS_WPG group. Then i created a new application pool "TestAppPool" which is run by TestUser & Created a WebService that runs...more >>

hello, how i can get the key container name for each certificate in the my personal store if i create the certificate using makecert.exe then i am able to explicitly mention certificate key container name but if i have certificate from the certififying authority how would i get the k...more >>

I'm looking for a provider or some type of programmatic access to beable to map which URL's in my website need authentication. Using the web.config does not give me a real time way to say which URL's are authorized. Many of the URL's in our website are dynamic and allow dynamic authorization...more >>

I am trying to use a custom role provider (along with custom membership/profile providers) to secure some sections of our website.For testing purposes I have implemented a very basic role provider as shown in the code below. In the website I have test.aspx under secure folder and I use <locatio...more >>

Hi, In my application, I am using a .net wrapper class (a dll) which internally calls the Win32 DP API for encryption and decryption. Now, my client has following queries: 1. Since the encryption Key is managed by Windows internally what is the security of the Key used for encryption? ...more >>

Hi! I am trying to write a simple public web application (internet) where the root is public (anonymous) and where I have a subfolder called admin where a few aspx-pages should be restricted to one user. In dotnet 1.1 (or was it 2.0 beta) I had this funcionality using Authentication mode se...more >>

I know this is an asp.net question but I've had no answers there. How do you start a new visible process from a asp.net page? I can use: System.Diagnostics.Process.Start ("mspaint.exe"); from Main() in console application and it works fine. When I put it in the Page_Load procedure of ...more >>

I am trying to design a login system, but I am running in to a couple of design issues. All tips are welcome. There are two principals that need to access the system: employees and clients. Clients login at clients.example.com. Employees login at employees.example.com. First design issu...more >>

Hi i've made a loginpage and a protected one. If the user tries to enter the protected page he gets redirected to the loginpage and at this point everything works fine. But when the user goes directly to the loginpage and types his pasword it fails to login. it tried to solve this with foll...more >>

hello, i would like to implement a secure web service based on the active directory, without using HTTPS / SSL, using the Kerberos mechanism. As documentation mentions - Checking "Windows Integrated" & attaching CredentialCache.DefaultCredentails to the web service will suffice (will use th...more >>

Re: system.security.securityexception [CAS error message] The program I have written [works just fine in the My Computer Zone] requires "Full Trust" to run and will throw a security exception if a user tries to load it while working in the Intranet Zone, i.e., on a LAN. I am tryin...more >>

Hello, I'm using windows authentication to authenticate users to my site. I now want to 1. Add the ability of listing domain users (From Active Directory) 2. Filter the user list based on the roles (or groups) assigned to them (via Active Directory). Any help would be greatly appreciated...more >>

I want my site to remember users when they come back without requiring them to login again (assuming they checked "remember me" on the login control). I've tried increasing the timeouts to 3000000+ but it still requires users to login if the session times out (roughly 30 minutes or so). Wha...more >>

I can use aspnet_setreg to securely store the credentials to be used by the ASPNET identity, but can the same technique be used to store data for other custom config keys? i.e., does ASP.Net understand what to do if I have this in the web.config? <appSettings> <add key="myUser" value...more >>

I've been involved in building an application in ASP.NET which has utilised application pools in IIS6 to allow the site to run under the credentials of a domain user and authenticate with SQL Server. Having recently rolled this application out to a number of sites, we have encountered a pro...more >>

Hi, I am trying to make my own website which is using an SQL Express MDF db for membership with the default SQL Membership Provider running on a cheap server which does not offer the SQL server, but only Access (MDB) connection. I have found an example by Microsoft (SampleAccessProviders.vs...more >>

Hi all, I'm trying to save an uploaded file to a share on another computer in the domain. If I use the <identity impersonate ..... /> tag in the web.config and enter the credentials of a domain user which has sufficient rights on that share it works fine. However I don't need (and want) ...more >>

I have an ASP.NET 2.0 application using Forms authentication with a SQL 2005 Membership provider. I can get users logged in OK, but it is not clear how to log them out without timing out the session? How can this be done? I'd like to provide a logout button and log the user out in the handl...more >>

Hi, The web utility in VS.Net 2005 for managing security: Users, Roles and Access is great, but once I deploy to the web server, how can I access the web utility? I couldn't find anything in the docs that worked. Thanks in advance, Donald ...more >>

Hi there!! I am relatively new at ASP.NET. I have built a web app using ASP.NET / VB.NET with data being stored in SQL Server 2000 (SQL Authentication). This app is going to be used inhouse. The specific URL will be given to selective people. Now I am not sure how I can prevent unauthorized e...more >>

Hello, We have an existing site with members and we're using the default membership system for ASP.NET 2.0. The original developer set up membership with clear-text passwords and we'd like to change to enrypted passwords. Does anyone know how to change the member's passwords behind the ...more >>

Hi all, We want to be able to log to the event log when an error occurs in our web parts. Currently we cannot do that under SharePoint because it throws an exception. Below is the code where is fails: EventLog log = new EventLog("Application", ".", "MyThing"); log.EnableRaisingE...more >>

Hi, guys, I'm trying to migrate one of my application written in .NET 1.1 to the new 2.0, and keep the Form type Authentication for the login part, which should only show the LogOff tag on the banner to logged-in users. Currently I'm having problem to show the LogOff tab after valid user logi...more >>

I love Web Apps in ASP.NET 2.0 because you can easily deny users access to pages by role or user. But for desktop client to webservice methods, I am not sure what to do.... I am looking for the simplest and safest method or pattern to have my Desktop client be able to call a web servic...more >>

I have developed an ASP.NET 2.0 application using localhost on my Windows XP workstation, and it all works fine there. I tried to copy it to my test web server, which is a domain controller running Windows 2000 Server SP4. I can't get it to work on the server. For testing, I created a simpl...more >>

Hello, I am trying to achieve Forms Authentication using Asp.Net 2.0 across multiple servers. I've gotten it to work across applications on same machine. I generated keys for the machine element and placed it web.config on all machines. <machineKey validationKey="key goes her...more >>

In my current database I have passwords that were hashed and then stored using the following method: public static string Encrypt(string cleanString) { Byte[] clearBytes = new UnicodeEncoding().GetBytes(cleanString); Byte[] hashedBytes = ((HashAlgorithm) CryptoConfig.CreateFromNam...more >>

Hi All, My machine.config contains the following setting. <httpRuntime executionTimeout="90" maxRequestLength="4096" useFullyQualifiedRedirectUrl="false" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100" /> I want to extract the value for max request length...more >>

Hello all. Just after some help with handling page security. I'm writing an app that has a number of companies. Each company has a number of employees, standard stuff. If I have a user who is a member of one company, they can request to see all the that companie employees, however, if t...more >>

Hello, Can anybody help me in solving the following problem. My web application needs to access all the certificates (the entire certificate chain) provided by the client side. As far as I can see, HttpRequest.ClientCertificate gives access only to the end-entity certificate. Is there a possib...more >>

Is it possible for a web application to authenticate user in Active Directory without having them to provide a password associated with the account name. What I meant is after user logged into windows from the domain, is it possible for a web application to authenticate the user just like SQL...more >>

I have setup a custom membership provider for an ASP.NET 2.0 application as follows: <connectionStrings> <add name="MyDB" connectionString="Data Source=localhost; user id=myAppLogon; password=pppwwwddd;Initial Catalog=MyAppDB" providerName="System.Data.SqlClie...more >>

Howdy. I've got a permissions issue I can't figure out; I've been searching for info and haven't found anything to help me. I'm testing an ASP.Net 2.0 application that allows a user to upload files, and delete them later. The upload works fine; the file gets saved to the proper directory. T...more >>

Hi All I'm developing an ASP.NET 2.0 application that uses the new membership features, however I also need to develop a WinForms application that manages users when they have registered. This management revolves around linking users to internal business data, however I would also like to b...more >>

Hi, I have a custom HttpHandler to handle requests for custom pages and I want to programmatically add an Application Mapping into IIS for this handler. What security rights will be required to add the mapping into IIS? Will it be necessry to be logged on as an Administrator for the machine?...more >>

Hello, I need to create an asp.net 2.0 site where users login with a X509 certificate. I have a db with certificate serialnumbers mapped to user specific information like firstname, lastname, address, job,... In my website I want to have an easy way to access these fields like User.Firstnam...more >>

content of web.config file(briefly) ------- <Admins> <add key="EXPLORER\Administrator" value=""/> <add key="EXPLORER\Administrators" value=""/> <add key="EXPLORER\Debugger Users" value=""/> </Admins> ...... <authentication mode="Windows" /> <authorization> <allow users="*" /> ...more >>

Hi, I have a web application that requires the lookup of group memberships. I'm currently using the WindowsPrincipal.isinrole, which has been working great, however I now have to extend the application to support multiple (3) forests. It seems from initial testing that the WindowsIdentity tok...more >>

I want to use Windows authentication, but I'd like control over what the login screen looks like, rather than the default login dialog box. Is this possible? Thanks. Also, if I use integrated windows authentication, can I force the user to login rather than having the browser assume the cred...more >>

Hi, I am trying to create a named folder using VB2005 and then set permissions for this folder for a new user i want to create using just code. I have searched and not found any code which works. Any ideas? Thanks...more >>

Hi, I've created a web application and through this I want to import Excel data to database. Following is the code that I've written, ******************************************************************* string fileLocation = txtboxFileName.Text.ToString(); string sheetName = "Import"; str...more >>

I'm testing an ASP.NET 2.0 Application that uses Forms Authentication, a custom Security Provider, and the built-in asp:Login server control. I've discovered that if I open two or more separate instances of a given browser (ie; 2+ instances of IE or 2+ instances of FireFox) and log in to one ...more >>

Hi all. I've got a problem with SqlMembershipProvider and impersonation that I'm stuck on. I'm using forms authentication for membership on the site, which is running under a windows user account with priverlages to the SQL database using impersonation and a connection string including Integr...more >>