We have (will have) a business-2-business eCommerce system. This means that the end users are grouped together by the companies that employ them. As part of the authentication screen, I'd like the following 3 fields to be completed as part of the log-on process: 1 - Your company name 2 -...more >>

We are currently developing a corporate intranet app using ASP.Net 2.0 app and wish to use Windows Integrated Security. I have developed a small test app that excercises the capabilities of using Windows authentication and I have two questions. First, we have a requirement that our app be ...more >>

Is there a way to enable the trace output programmatically? For example in the web.config under I have: <trace enabled="true" localOnly="true" pageOutput="true" /> but then I would like the code to decide at runtime (by a variable in the URL query string or something) if debug tracing...more >>

My research to this point indicates that cookieless sessions have two main drawbacks: 1.) Absolute paths cannot be used without a workaround for the session id storage in the URL. 2.) A security hole is opened due to the visibility of the session id in the URL. Are there any other draw bac...more >>

Hi , I am creating a user login page using ASP.NET 2.0 in C# to authenticate users thru LDAP MS Active Directory. Can anyone provide a sample in C# code for the user authentication ?. Thanks !. ...more >>

I have an ASP.NET 2.0 base site that needs to access files on Snap Appliance's Guardian OS 4.2, which is running SAMBA 3.x which is a domain member on the network. How do I get our web-server, which is a DC, to retrieve files on the Snap server? Thanks, Mike Ober. ...more >>

We have these ASP.Net 1.1 apps that use ADS authentication. There was a requirement to load ALL the roles for a particular user. We had used reflection to get to the Principal's m_roles field to get them. Now, we're running in ASP.Net 2.0 and I see that m_roles is null, m_rolesTable is null and ...more >>

Hi, I am trying set up my site so that once a user logs in, they stay logged in for 72 hours unless they close their browser. I have the following in place: (web.config) ----------------- <system.web> <sessionState timeout="4320" /> <httpRuntime maxRequestLength="102400" executio...more >>

haiii... first i have created a login page ..i had loged in with the existing username & password.. after linking to several pages with that user name...i had signout the account.... & returned to my login page...but here my problem araised .... being in the login page ..i have clic...more >>

Hi all, I come from a win forms background, and am building a web site that needs to interface to a FOXPRO database (DBF files). My problem is as follows: I have created a virtual directory on the same machine as where the DBF files are located. I have created a share for the DBF files, and...more >>

Our existing ASP.NET web application does store a session ID in the cookies (ASP.Net_SessionID) for a logged in user. A new requirement has been stated that we need to be able to send a customer an email with a link to a specific page in the application, and if the user clicks on the email link ...more >>

Hi everybody Does anybody have examples (source code or links) of best practices for managing user rights, roles, etc using SQL Server? Thanks in advance ...more >>

Hi, I'm writing a HttpModule which is going to require certain settings in the FormsAuthentication configuration (for example, I need to ensure enableCrossAppRedirects = true). Now my best effort so far has been to run through the configuration settings I require and raise exceptions if the...more >>

All of the configurations I've seen for the role provider specify a simple (weak) type name. What if I had multiple custom role provider implementations in the GAC and wanted to specify an exact version? I've tried putting the fully qualified (strong) name into the "type" attribute but it ...more >>

Hi, I’m trying to create a simple ASP.Net 2 web page to allow users to alter their Active Directory passwords, but I can’t seem to get it working and I was hoping someone might be able to help me please? Basically, the situation I’m in is this. I have a small, air-gapped network for ...more >>

Hello, I want to create a website in IIS which has its ApplicationPath or Virtual Directory from a network share. Its a ASP.Net 2.0 website. I've the site percompiled (One Assembly Per Page). When I try to do the above I get a "Code Access Security" error, which is justified since I am ...more >>

Hi, I have the requirement to allow users to log in just once per day even if their session has expired. Sessions are set to 30 minutes, and I'm using forms authentication. I had this working nicely under .NET 1.1. Once authenticated, I wrote a persistent authentication cookie that timed out ...more >>

Hi We are re-writing an old classic ASP system and I've been doing some reading up of the new security features in ASP.NET and I'm not sure that they're suitable for me...but perhaps I've got completely the wrong end of a the stick. I'd be grateful of some guidance here. To describe the...more >>

We have an ASP.Net 1.0 application that has a proprietary database with role information in it. The site is configured to use Windows authentication, then it uses your Windows ID as the key to load your role information and store it in a custom object along with some other user attributes. N...more >>

Hi all, I have made one FAX application using FAXCOMLib on Windows 2003. Dim FS As New FAXCOMLib.FaxServer Dim FD As FAXCOMLib.FaxDoc FS.Connect(ServerToConnect.Trim()) FD = FS.CreateDocument("C:\FAX.DOC") FD.FileName = C:\FAX.DOC ...more >>

Hello. I've created a web app in asp.net 2.0 to be able to copy files accross DOMAINS. Server A, the source server is in Domain 1 and Server B the destination server is in Domain 2. An ipsec tunnel was tested via a drived mapped on Server A to Server B. Mapping the drive on server A prompte...more >>

Hi, I'm getting the following error: "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS." I have researched this issue a lot, and ca...more >>

I need a vb.net sample code that authenticates users against a repository that supports LDAP. The resposiitory is NOT Active Directory. After authentication it would be great if the sample code also retrieves group membership using LDAP. -- Chris Davoli ...more >>

Hi, Can anyone tell me why I get two different results with the following 2 ways of checking to see if I'm in the Administrators group? This is in a Windows form in C#: If I comment out the first line (the PrincipalPermissionAttribute line), then I get the message that I am an Administrato...more >>

Will a forms authentication allow me to impersonate a user? I am working on an application that will run on a kiosk, and allow a user to login and view their homedirectory. I have a form with the new login control which works great. I get logged in, and find the user's homedirectory. I ...more >>

I have come across a very weird situation. I made a slight modification to our authentication process to allow a single deployed website to authenticate a user with either forms authentication (if coming from an unknown network, such as the internet) or windows authentication (if coming fro...more >>

I am using the ASP.NET membership stuff and have succesfully implemented it on my site. However, I would now like to be able to get the UserId which is stored for registered users in the aspnet_users table in ASPNETDB.MDF. The reason is that I would like to include this value for users who ins...more >>

Environment: Win XP, VS2003, Active Directory I'm trying to use LDAP to authenticate users. I used article http://support.microsoft.com/?id=326340 How to authenticate against the Active Directory by using forms authentication and Visual Basic .NET, but am having a COM interop error when I do...more >>

Hi I am using the security model of ASP.NET 2.0, am trying to do Forms authentication in my application. I am creating the roles and the users necessary for the application using the in-built provider model. Now the question is 1. how to design my application, to make sure that certai...more >>

I have developed a profile database with a SQL provider using ASP.Net 2.0 profile programming and utilities in an IIS Web application. From other Web applications on the same web server I cannot access this data through profile common while using the same web.config profile settings and class ...more >>

If I mix classic asp pages into a .Net ptoject, and I need the Authorization_request event in the gloabal.asax to fire (implementing LDAP security), will the Authorization_request event fire for the classic ASP page? -- Chris Davoli ...more >>

Joe, below is the error. Is there anything you can think of? Also, I am going to buy the book this weekend. Can I download these samples from chapter 12? What is this .Net 2.0 ActiveDirectoryMembershipProvider? Where can I find some info on it? Chris Server Error in '/FormsAuth...more >>

Hi, all I have tested the Sample Access Providers from Provider Toolkit and get some feeling how to write a Custom Membership Provider. But now in my own asp.net app I cannot make my Custom Membership Provider working with multi databases. My aps.net web site using querystring such as htt...more >>

Environment: Win XP, VS2003, Active Directory I'm trying to use LDAP to authenticate users. I used article http://support.microsoft.com/?id=326340 How to authenticate against the Active Directory by using forms authentication and Visual Basic .NET, but am having a COM interop error when I do...more >>

Hello. I developed and tested a web application using VS.NET 2003, VB, .NET Framework 1.1.4322, ASP.NET 1.1.4322 and IIS5.1. It uses a web form. When i go to client site, if they have their own SBS2003 SP1 server with IIS6.0 installed on it and their company web site is accessed using Sh...more >>

Hello. I developed and tested a web application using VS.NET 2003, VB, .NET Framework 1.1.4322, ASP.NET 1.1.4322 and IIS5.1. It uses a web form. I'm having the darndest time trying to make this program install and run at client site. Not so much install anymore, but there are still some i...more >>

We have an ASP.NET application (v1.1) that requires some impersonation in order to access network shares. We have the following setting in the web.config file: <identity impersonate="true" /> This allows the application to access network shares if the web site is using Basic or Integrat...more >>

Hi, I have a requirement wherein the users would send mails with excel attachements to a particular group id. I have to open the files read the data and store the data in the database. The mail server is an exchange server. Any pointers on how this could be implemented or code snippets would...more >>

Using .NET 2.0 I need to be able to authenticate against an instance of ADAM from an internet browser. At the moment, I am assuming forms based authentication. Here is what I have so far: ADAM is installed on my local workstation (XP Pro). The web site is on a server (Win2K3). Using ...more >>

I am going to use LDAP to look up userids on an active directory server. The LDAP server is on the outside in the DMZ. The Active Directory server is on the inside, so holes need to be poked into the firewall. My question is, what ports need to be poked into the firewall so I can read active d...more >>

We are tyring to get the ASP.NET 2.0 ActiveDirectoryMembershipProvider to work so we can use the built in Login Control but we are getting "Access is denied.". Our user in our provider config was made an Account Operator so we believe it should have the appropriate permissions. It also appea...more >>

Hello, I wanted some help for "How to import public key from X509 certificate and encrypt it with an XML token". X509 class in ASP.NET 1.1 isnt much help or maybe i am missing something here . I wanted to know if someone has details about how to go about this.I m planning to use RSA crypyto s...more >>

Hi I have a pure asp app which I need to integrate into an asp.net app in terms of the asp.net membership/roles/login that asp.net app uses. I understand there is no way for a pure asp app to share session etc. with asp.net i.e. it can't work with asp.net membership/login. In which case is ...more >>

The "FormsAuthentication.GetRedirectUrl()" function takes two parameters: - username - createPersistentCookie I don't know *why* the function needs these parameters to tell me what the original URL had been that had been requested before the user was redirected to the Login page. Is the...more >>

Hi, My local computer is Windows XP, and other server is Windows Server 2003. I use VB.Net 2005 to develop some web service program, this program will connect to this server. The local computer and the server is using same domain. (e.g. MyDomain) By the way, I use the debug mode (dynamic p...more >>

Hello everyone, I've got a security issue that I can't find a solution to and was hoping someone could point me in the right direction. I'm trying to open a registry key for read only access with Registry.LocalMachine.OpenSubKey but I'm getting this security exception "The application attem...more >>

I am going around in circles. Sorry for posting a question that may already be answered. I want to use the ADAM Membership Provider on my development Windows XP machine using VS2005. I have ADAM working on my local computer. I got it working through the ASP.NET 2.0 RBAC article. I se...more >>

I have an ASP.NET application that is used remotely (over the internet) by our clients that uses Forms authentication and the usernames/passwords are stored in the database. I need to integrate Windows authentication with the existing Forms authentication so that our employees (on the intranet...more >>

Hi, I wrote a stored procedure to check user's name (vartype: chr) and password (chr, too). Do I have to check whether there is an apostrophe ("'") in the name string and password string? I tried to put some "'"s in the name string and didn't replace them with double "'", but it seemed you can n...more >>

Why do I get different results from WindowsIdentity.GetCurrent().Name than what is defined for authentication on the IIS virtual directory? For example in IIS6 I have the VD set to Windows Integrated Authentication only, yet the property WindowsIdentity.GetCurrent().Name or WindowsIdentity.G...more >>