Hey I have an ASP.NET application that is on a Win2000 server in a domain with Active Directory. There are a number of client machines on this domain that access a website on the server. IIS has Integrated Authentication only, and no Anonymous access. I use the User.Identity.Name in my C# c...more >>

I need to encrypt data using a weak key (all 0s) that is being supplied but I get an exception because the key is weak. Is there any way to make the TripleDES class encrypt with such a key? Thanks Jeronimo Bertran...more >>

Hi all, I have an ASP .NET application and am experiencing an interesting issue. The application runs under Windows integrated authentication and anonymous access is turned off; I need the current logged in user's ID for some initial processing. Partway through the code, I impersonate a s...more >>

I have a website with a /Admin subdir I want to protect via a signin.aspx page (which is in the Admin dir.) This is the entire contents of the web.config file located at the root of the website: <?xml version="1.0"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0...more >>

My setup: Using ASP.NET web app, have permissions setup properly, using impersonation as admin account before modifying active directory entry. I have the latest ..NET 2.0 and service packs installed. The problem: I can call Active Directory's myDE.Invoke("SetPassword", new object[] {Pas...more >>

Hi, I have set-up my web app to use ASP.NET 2.0 membership and roles. It works OK on my local Windows XP Professional PC but when I upload the site to our Windows 2003 development server it doesn't. The local and development server web sites both point to the same SQL Server 2005 database (loca...more >>

I am using VB 2005/.net building a web site i have created a login screen using a Login control. I need to validate the user no/password entered by the user against an SQL Server database table. I can not figure out how to do this? do I need to write some VB to read the SQL table or is th...more >>

I've lost count of the number of postings I have read on this subject yet I can not find an answer. I've set up my config file with impersonation as true, IIS is set to Basic and Integrated authentication. The web page works fine on my local machine, but on the intranet server I get the error...more >>

Hi all, In moving an app from server 2000 to server 2003, we started getting errors from this code. It pulls a page (on the same web server) using a web request. This is an intranet site, and integrated windows authentication is turned on. Same exact code works fine on a Windows 2000 server. ...more >>

Hello Im creating an asp.net web app that will need to connect to a SQL Server db on another machine. I have set this up using trusted connections and impersonation in the web.config file but I am getting a "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" message. I need this to work...more >>

I get this error in the webbrowser: "The specified domain either does not exist or could not be contacted" The code for the procedure is: Sub ListUsers(ByVal DOMAIN As String, ByVal OU As String) Dim srch As System.DirectoryServices.DirectorySearcher Dim result As System.Direc...more >>

Hi, I have the following problem: 1) We have to validate users on an anonymous/public-website using a custom login page. 2) From this login page we redirect them to an extranet site, which shows them sharepoint information, etc. e.g. from this point on their web requests should be per...more >>

Hi Buddies! I have an app where the client logs in using Forms Authentication. I'm not using the Profile, so I am not using the SQL2005 database for that. I have a "Users" class. Based on that, what's the best way to ensure that the user gets to a certain folder and no other folder? than...more >>

Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal Server 2003. I've made a Form that captures n informations that will be stored under a SQL database. The problem is that i need to generate a Digital Signature using the same data. I Will generate a message Digest an...more >>

I'm trying to protect my class library by using the following code StrongNameIdentityPermission(SecurityAction.Demand, PublicKey = "...")] To test if this is working I wrote another application with a different public key. When I try to call the function it still works. Why is it allowed t...more >>

Hi all, I have membership working well and I'm trying to integrate it into a database that makes heavy use of a pre-existing 'User' table. I'd like to keep my existing table (I've reduced the fields it holds so that it does not duplicate the .Net provided ones) as there are a lot of joins to ...more >>

We recently moved a web site that validated user credentials in Active Directory from IIS 5.1 to IIS 6, and the validation code no longer works. The web.config file is set to Windows authentication because all we do is verify the user on the login form so we can redirect them to the appropriate ...more >>

Hi - I have forms authentication with an AD provider set up. I have a login page Login.aspx and a Default.aspx. When I go to Default.aspx, I get the login screen, I authenticate with my domain name and password, and it just refreshes the login screen (with the fields in the control being blan...more >>

Hello, Ihave strange issue with ASP.NET 2.0 web app using forms authentication. everything works fine from the local machine. But for the remote users (different computer on the LAN), cooies (includin authentication cookie) is missing. Is there a setting I need to change to make this work?...more >>

My setup: Windows 2003 Servers, IIS 6.0. There have almost certainly been adjustments to the configuration performed by the IT group that provisions these, but I don't have complete details on what they did. Visual Studio 2003, .NET 1.1. I created two web services, Ping and PingAuth. I put bo...more >>

Hi all, I am writing an ASP app that requires the users to authenticate (using forms authentication as this will be an internet app). Once authenticated they have access to there own folder that will have been created ahead of time. The folder will only be available to anyone authorised to...more >>

I'm trying to read a smart card from asp.net. I've succesfully done it from a Win32 native application, so I know everything is set up correctly, including the CSP and the certificate on the CSP. So far, to get it to work, i've done the following on iis: Set up a folder inside my project, ...more >>

// ASP.NET 2.0, VS.NET 2005: (authentication mode = Windows) // i'm trying to access/display current users' email from AD. works fine when i run it in debug mode. however, when i publish the website and access the page, i get a "The specified domain either does not exist or could not be conta...more >>

Hi; For forms/ActiveDirectoryMembershipProvider authentication, I get an authenticated user but IsInRole fails. I am getting a FormsIdentity where authentication-"Forms" and name="dave". I do have to enter my domain password for it to login. web.config: <roleManager enabled="true"/> ...more >>

We have a C# webapp which we recently upgraded from .NET 1.1 to .NET 2.0. We need to access remote fileshares from our app, so we enabled impersonation in the web.config file by doing: <identity impersonate="true" userName="NT AUTHORITY\NetworkService"/> While redundant on Windows 2003 since ...more >>

Hello, I'm having a problem configuring ADAM and the AuthorizationStoreRoleProvider in .NET 2.0 and I hope someone can help me out since I've been stuck with this one for quite some time. I did install ADAM, the Win2003 Admin Pack etc and configured my web.config file using the instructions...more >>

Hello, Someone is using HttpWebRequest to automaticly post datas or retrieve datas from my site. How can i stop pages to be get by the HttpWebRequest method ? I know that pages get with HttpWebRequest have is no referer. So for me the solution is to check the referer of the calling page, ...more >>

Hi; Suggestions please. This is for a portal that we will ship to multiple customers so we need to make security as painless as possible while still protecting them. This portal does reporting and therefore needs to read files (xml) and databases (select only). I see it falling into 3 c...more >>

Hi, I've the following code in my web.config - <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".ASPXAUTH" requireSSL="false" slidingExpiration="true" de...more >>

Hello, I derived a custom provider from the provider class. I then set cookieless="UseUri" in the web.config, because we don't want data stored on client machines. Everytime a page with an <asp:loginview> is called, the Role Provider page gets called and the database gets queried. ...more >>

Hi All i m working on a webbased project which includes some classes which are used to encode and decode passwords and authentication keys, i want that no body should b able to use my classes, how can i make them hide or secure so tha no one else is able to use my classes and methods. ...more >>

Hi; Ok, I have ActiveDirectory authentication working but have a couple of issues: 1) My username must be dave@windward.local - it does not take windward\dave - why? 2) The authentication type is shown as forms - shouldn't it be NTLM? 3) Since I'm running from a computer on the domain and us...more >>

Hi, I am relatively new to ASP.NET and I'm having a problem with moving a simple application I wrote to a network web server. The application works find on my development work station and works on the network web server when I access using http:\\localhost\myapp or http:\\127.0.0.1. But I...more >>

Hi; For authentication of: <authentication mode="Windows"> </authentication> <authorization> <deny users="?"/> <allow users="*"/> </authorization> I get the user and the user is authenticated. But IsInRole is failing: // these 4 calls are correct IPrincipal user = Conte...more >>

I'm a programmer new to ASP.NET and web development in general. I'm going to code a web application and I'm concerned about the security issues that arise on this field (that's new to me). I'm using VWD2005 Express Ed. and I've read the online help about security. Now I've a doubt about...more >>

Note: complete Web.Config below When I use AspNetSqlMembershipProvider everything works fine. But when I try AspNetActiveDirectoryMembershipProvider I get "The specified connection string does not represent a valid LDAP adspath.". I can run ldp.exe on the same computer. do Connect, Connect...more >>

I'm using Forms Authentication in my ASP.Net app and I'm separating all = my pages into different directories based on their authorization = requirements (e.g., all my administrative pages will go under one = directory and I have a <location> tag set up in my web.config to allow = rights to only...more >>

Hello, Based on our data model we have a need to create a column 'DealerShipID' in the table aspnet_Users under aspnetdb database for a demo that we are working on. Hod do I do that? Just create another column and throw some dummy values? And how do I retrieve these values into my webform? I...more >>

Hi, How can I calculate the CRC (cyclic redundancy check) of a file in .NET?? If it's not possible, there are a free control that can do that??? Thanks....more >>

We are building our first asp.net 2.0 app. We want to provide signle sign on for our users. We think that a directory server is the way to go (we may use OpenLDAP) However, I found that no LDAP membership provider is provided. Anyone write this one already? Any other advice? thx ...more >>

First, please forgive me I'm new here. This question may already have been answered. I have a Win2K3 server running IIS6 only on our intranet. My plan was to use our domain to authenticate users. Here is what I set in web.config: <authentication mode="Windows"/> <roleManager enabled="tr...more >>

Hi, I have a web application that I upgraded to 2005. The applications uses roles and forms authentication. The application works fine on my dev computer but when I deploy the application and I sign it continues to ask me to signin. Any Ideas what could be wrong again it works fine on my...more >>

I am trying to run a local web site on a clients computer. Created the new web site in IIS and set the ASP .Net version to 2.0. When I try to access the web site using http://localhost:9999 I get a web page with this on it. 'Server Application Unavailable' I looked at the event log and these...more >>

I need to authenticate against AD from a classic asp site. I've created a C# project that runs as an exe and successfully authenticates using DirectorySerivces with the entered credentials. When I add the code to a class (.dll) and register the object with regasm and gacutil the asp page succe...more >>

Hi; I am writing an audit file of actions taken on my website. This is an audit trail, not a log file (I open it in append only mode and the user it is running as does not have delete or overwrite permissions). Where should I place this? I want a folder under the webapp folder that a use...more >>

Hi; I am supporting both ActiveDirectory and the built-in 2.0 forms support for authentication/authorization. How can I get the user's full name and email address in each case? -- thanks - dave david_at_windward_dot_net http://www.windwardreports.com ...more >>

Hi; If I use Active Directory for security, I can track the owner of records I create in the database using the SID of the user. If the user "dave" is deleted and a new one created, the new "dave" does not get access to the records of the original "dave". However using the 2.0 built in f...more >>

I have wriiten a HttpHandler-class that works as a dispatch layer - the class analyses the incomming url and creates the appopriate classes to serve the request. I some cases I want the user to authenticate himself (fx. if the url ends with the word "edit") - how do I force the user to authent...more >>

I know this has been asked many times. I searched a little bit, but could not get a good solution. I am using form authentication for my small web application. I know that I can easily log out a user by using FormsAuthentication.SignOut() and Session.Abandon(). But this will depend on th...more >>

I am trying to determine if the logged in user belongs to an Active Directory Group. I have started with these code snippets: WindowsIdentity id = WindowsIdentity.GetCurrent(); IdentityReferenceCollection irc = id.Groups; This only returns the ID of the groups, I need the AD Group N...more >>