Hi, I've been getting dozens of the same exceptions every week from our web server (running asp.net v1.1). I looked at the viewstate in the exception, all of them shared the same problem: having some extra characters (0x21 0x0d 0x0a 0x20, which is "!\r\n ") inserted after the 978th characte...more >>

Hi, I have a web application which gets data from clients via XML. Up to now I used the DataSet.readXML("http://xmlURL.xml") to get and parse xml content into my database. Now one of my clients has placed his XML on a server that requires authentication and has provided the username and passw...more >>

I have been tasked with developing a web application that only 2 people and myself for development purposes are allowed to access. I dont think its possible to use the web.config file for this as other members of the IT departement have full administrator access to teh network meaning they co...more >>

I create a user token for the windows anonymous user ("NT AUTHORITY\ANONYMOUS LOGON") using ImpersonateAnonymousToken. I successfully create a WindowsIdentity from that token, but the Groups property always reports zero groups, even though I have added the "NT AUTHORITY\ANONYMOUS LOGON" user...more >>

Hi, Does anyone know how to duplicate AspCrypt's function using .NET framework? I have an existing ASP application that use AspCrypt to encrypt employees' password. Now I'm moving to ASP.NET but need to continue using old data. I don't know actually which encryption algorithm AspCrypt u...more >>

Hi, I'm using the following code to check the user authentication Set dso = GetObject("LDAP:") Set cont = dso.OpenDSObject(AdsPath,user,password, 34) But I getting the following error error '8007203a' Technology: ASP, IIS 6.0 , ADSI, VBScript Coluld you please tell the solution fo...more >>

Hi, I want to disable teh refresh button on my pop window. Whenever I right click, my pop up window, the 'Refresh' button should be disbaled.... Can anyone help me on this.... any javascript functions to be included?...more >>

hi, I've a problem in accessing user controls when I deploy the application in the production server.. I'm receiving the following error... Ambiguous match found. Source Error: Line 1: <%@ Control Language="c#" AutoEventWireup="false" Codebehind="CommViewEvents.ascx.cs" Inherits="HydP...more >>

A few questions from someone who hasn't done this before. I run the following commands makecert.exe -n "CN=Certifit" -sv yourkeypair.pvk yourcert.cer cert2spc.exe yourcert.cer yourspc.spc signtool.exe sign /a /s "Trusted Root Certification Authorities" ConflictResolver.dll signtool.e...more >>

I have some problems with a site project im working on. It should be easy, but im running into an error. My page has a server sided form and client sided (basic html) textboxes, a button and a simple jscript to submit the form to an other page. Currently there are no asp.net controls on the...more >>

Hello All, I'm working on an ASP.NET application where I need for only a few machines (machines accessing the site will have fixed public IP) to be able to have access to the website. It should check some hardware components of PC to give access to the website. It should also g...more >>

I use <deny users="*"/> in my web.config file to disable my ASP.Net webs. This works fine on one of my web servers but not on another. Both are 2003 IIS6 web servers. What configuration option could be disabling my ability to use this mehod? ...more >>

The line in web.config looks like this: <appSettings> <add key="abc" value="Data Source=SQLSERVER3;Initial Catalog=Venues;Persist Security Info=True;User ID=sqluser123;password=sqluser123pass" /> </appSettings> As you can see the username and pass are in the web.config in plain text...how...more >>

Hi We currently use FormsAuthentication functions to encrypt and decrypt our cookies. Unfortunatly when this was first implemented (not by me honest!!) the machinekey was left to Autogenerate. We now need to role out a second server to work with NLB. I know that we need to specify a key to ...more >>

I have an internal app that is complex enough that I'd like to user either create a windows app or use a windows user control in an aps.net web page. The windows version uses the fileOpen component. I've modified the program to be a user control and access the data for the controls via a web ...more >>

Hello, I am using membership and profile providers in my asp.net 2.0 website. Our client uses a pre-compiled content management site and my code is added to the site as user controls. When i uploaded the new registration (createuserwizard) and login controls along with web.config, I get the ...more >>

This is related to my other post. I'm trying to impersonate NT AUTHORITY\ANONYMOUS LOGON when a user is not authenticated, rather than having it impersonate the IUSR account. I seem to be able to assume the id using ImpersonateAnonymousToken, but I get access denied to machine.config when ...more >>

Hello, I have a question as to how URL Authorization and File Authorization work together. In particular, how can one supercede the other. In our setup, the impersonated user has an ACL on the resource (File Authorization would be successful). Yet, the URL Authorization rules are written s...more >>

I have an ASP.NET 2.0 app with windows authentication and impersonation enabled. The application pool is running as local system. I'm trying to call NetUserGetInfo to retrieve the full name of a user account. The code works when run from a console application. When I execute it from the ...more >>

I had a question regarding ProfileProviders. Here is our situation. I have a custom MembershipProvider which is using ADAM. The reason that I have custom provider is because, we have client companies who have people with overlapping usernames. In other words, one client company, Company A has ...more >>

We are looking to create a web based application developed in ASP.Net but the security on the site has to be very tight and we do not want any to access the data on the site. Can someone please point out what are the various methods to secure your ..Net Applications. SSL, Client Certific...more >>

I have a problem with formviews and DropDownLists in ASP.NET 2.0. I'm using a formview to insert an order into a database. Part of the order is a Driver's name. Currently, I have a dropdownlist bound to a database that simply selects all drivers from a database table. After inserting the data, t...more >>

Hello, I've configured SQL server 2005 as my back-end data store via aspnet_regsql.exe. I presume it was succesvol. Creating users en roles programmatically is no problem. When I start the Web Site Administration Tool I can see the created users and roles. But when I want to show them by code...more >>

Hi, I have seen and used an example of a login page that uses ASP.Net 1.1 and Active Directory. I have recently updated the code to work with ASP.Net 2.0 and all is working. I have now been trying to ad roles to my Web site. I would like to see a sample where a user could be authenicated again...more >>

I programmed my web using VS.Net 2005 with the a website as a file system and Database as system wide(as in not using the dynamic attach method) SQL 2005 DB. I had no problem during development. Finally, I published my web and I get the following error: SELECT permission denied on object ...more >>

Hi there, Our business doesn' t allow the anonymous users to create an account on our website. Only web admin creates user account. So using createuserWizard we are able to create users. But once we create the user we need to be able to send his UserID , password and Secret Question and also ...more >>

Styling CreateUserWizardStep Buttons? I thought I had all aspects of the CreateUserWizard templated and all of my Previous and Next buttons use the style of the Button control as declared in the Skin file but the CreateUserWizardStep wires up its Previous and Next buttons some way I don't u...more >>

Hi, I have to implement single sign on between 2 web application, 1st is asp.net2.0 web app and 2nd is asp.net 1.1 web app, domains of both the applications are diff. I have already configured forms authentication for both the applications and <<<its working if both the applications are on ...more >>

Hello, Ask advice for the better way in ASP.NET 2.0 to use the memebership provider but extended with the capability to lookup tuned access right from a DB. eg. Role = SalesManager then lookup for which Region(s) in a Database. Consider that this is just a sample, being the number of occurre...more >>

"Server" :Windows XP SP2 Professional IIS User: Windows XP SP2 professional I have a WEB-Service an a server . When I call the service locally inside IEXPLORER I can see a INVOKE-Button When I call the service from a remote compueter with IEXPLORER I CANNOT see a...more >>

Using the DPAPI techniques described in http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000005.asp, I'd like to encrypt a connection string in the user store for a certain 3rd-party web app. Unfortunately, the 3rd-party web app company doesn't specify an al...more >>

I'm using a .net 2.0 Hosted server, IIS has trust level I think I medium, which I can't over-ride. I'm working off the Personal Website wizard. I get this security issue usually after I log in and come back. Sometimes I get it, and sometimes I don't. I can't repeat it all the time. How should...more >>

Hi, I need a regular expression for a login control i am using. It needs to validate a minimum password length of 8. Must consist of 1 upper case character and 1 numeric character and no non-alphanumeric characters. Can some one please show me an example. I tried the following but have had...more >>

If I understand correctly, by default, ASP.NET 2.0 hashes the user password and this hashed password is unintelligible to the user (and unusable) when it is sent by the Password Recovery control. By default, this control resets the user's password to something random but I've never been able ...more >>

Hi experts, i wrote a custom MembershipProvider and when i come to implement the method "UnlockUser" i wonder that there is no method "LockUser". The member "IsLockedOut" of a MembershipUser is readony. So, how do I lock a user? I extend my custom provider class with a Method "LockUser". I...more >>

I have tested the output against a hash calculation application. Every thing works fine but the only problem is that in order for the hash to match the ap's hash the HMACSHA1.Key needs to be set to HEX. Is there a different encoding type I should be using? Any help would be appreciated. ...more >>

Hi, When I make a call to this API it works fine on my PC but not on another development PC. We both have the same OS and we both have local admin rights. I get no error. The LogonUser call returns false each time. Anyone have a similar problem? Thanks. ...more >>

On my web app I need to have a login screen, I've been reading about the Role and MembershipAPI that 2.0 offers and the login control as well. My web app is using Forms Auth, my question is, is it possible to use the Login Control, the MemberShipAPI, etc, BUT validate the user against my exisi...more >>

Hi, I need to retrieve only users and there information in the aspnet_Membership table that are associated with certain roles and then populate a GridView with only those users found that belong to those roles. I have searched through all the class associated to try and find some method that...more >>

Hi, I am using the RSACryptoServiceProvider Class for all my encryption requirements. I have looked at various websites which detail this class. I am finding it hard to get any information in relation to the Public & Private Keys it uses and where the Keys are stored / distributed. When...more >>

Hello - We have an existing ASP.NET 1.0 web site that already has a set of tables for Users (user id and password plus many other attributes), Roles, etc. We are trying to migrate to ASP.NET 2.0 and we're hoping to hook into or extend the memberhsip and security features that are part of...more >>

Hi I'm building a new website where I'd like to use the built in membership model and the controls that come with it. I'd like to do a bit more than usual with it, so I'm hoping someone here can give me a few hints. 1) I'd like to register some additional information about the users of the...more >>

Hi. I am developing a sports based administration site where a user adminsters sports leagues .e.g. a soccer league. As i understand it, the current role based security is based on a user being in one to many global roles for the whole web application. In my application, a user may regi...more >>

Hi, I'm having two ASP.net applications.One in asp.net 1.1 and another in 2.0 In the first application i'm using forms authentication where i'm storing the username details in the ticket. Now i'm invoking the second application from the first using a hyper link. Here i'm not getting the logge...more >>

I have successfully been using Forms Auth and remember me but I just found that I was not using forms auth signout. So for my login I was doing this .... if (HttpContext.Current.User.Identity.IsAuthenticated) { FormsIdentity id = HttpContext.Current.User.Identity as FormsIdentity; } Whe...more >>

Hi, I am using DPAPI for encrypting and decrypting my connection string. What i hv did is created a dll assembly which calls win32 API's CryptProtectData & CryptUnprotectData and in turn windows app and web app calls this dll assembly for encrypting and decrypting data respectively. Now...more >>

Hi, We are working on a Web Application (in ASP.NET). The application basically deals with uploads from the client machine. We need to check the size of the file that will be uploaded. The size must be known in the client - side of the application, so that proper validations can be done bef...more >>

Hi Folks, I am having a problem, I am not sure how to attach an event to my code, so that the validate certificate routine runs when the HttpWebRequest.Create is called. Please can someone just advise me on how to do this, I would like to read the target server certificate when I connect to...more >>

I've setup the app to disallow the user from clicking to or seeing the admin functions. The forced-login works on the click-to-the-restricted-pages, but I can still see the menu items even when not in the appropriate group. I have an Administrators role. web.config restricts both the admi...more >>

I have successfully used a domain account to serve as the identify for a "Windows Authentication Only" ASP.Net web application on one Windows 20003 server, but cannot get it to work on another Windows 2003 server. The error on the second server is "Service Unavailable". If I switch the c...more >>