I have some security concerns over storing a Active Directory username/ passwd in a text based web.config file for the identity impersonation definition. I know that web.conf is not accessible via the web browser, however someone with account on the server can get to the file and steal the cr...more >>

My network environment consists of a domain with active directory(Win 2003 Server). My web application sits on IIS located outside the domain. The web application is accessible through port 80 and without single sign on, requires user to enter username/password to gain access to the web app...more >>

A client of mine is trying to consume my web service. My web service is requiring client cert. The call is coming from a web server where they host a web application. Their web server has a server cert. They are trying to attach that server cert as their client cert. The server cert's root i...more >>

Hi, I am not sure whether this is the correct newsgroup where I am posting the question. I am currently using Citrix as a solution for connecting to a remote server on which Windows Server 2003 Standard Edition is the operating system. I have created a new virtual site on that machine fo...more >>

I have read somewhere that Basic Authentication should be avoided because it sends passwords in clear text and that Integrated Windows Authentication only works with Internet Explorer on a Windows computer. I have a website in IIS with only Integrated Windows Authentication enabled and not a...more >>

Hi all. I've written a custom membership provider which works with tables in my ms sql database. This works great locally, but as soon as I run the site on the live (shared) server, I get the following error message: Parser Error Message: Attempt to access the method failed. The line in...more >>

I'm a bit new to both managing a server and using visual studio pro 2005. ....hopefully, I'll describe the question properly and hopefully this is the correct newsgroup. I recently went from the free express version of visual web developer to the pro version. It is installed on an XP machine t...more >>

I'm a bit new to both managing a server and using visual studio pro 2005. ....hopefully, I'll describe the question properly and hopefully this is the correct newsgroup. I recently went from the free express version of visual web developer to the pro version. It is installed on an XP machin...more >>

Server Error in '/FifthValley' Application. -------------------------------------------------------------------------------- Failed to access IIS metabase. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more inf...more >>

Hi, Is there a way to detect in asp.net if images are hot-linked from another websites? I intend to create a default image and serve that image instead of the image requested from another website? Kind Regards Med ...more >>

Hi guys Wonder if you could help me out with some security issues I'm having installing my code on a client's network. Here's the setup. We've got 2 servers, the first (DC) is a Win2k3 Std machine running as a domain controller, with Active Directory, etc - and IIS6. IIS is running an I...more >>

Hi, I have read the other posts here on this subject but I am still unsure of the best way to approach my situation. I am new to web security and web programming in general. I have a web service and a thick client and a Standalone Root certificate server. The thick client will be installed on...more >>

Hello. Sorry if this is a novice question but can anyone show or point me to some code in having windows authentication to sql server for an asp.net application where it's not using just one generic windows account? I need to assign individual windows logins to our users (basic authenticatio...more >>

Hi, I am developing an webapplication,which is public user registration system,where i want to get all logged in users information on administrator side.Can you please give me an possible solution. Regards shilpa...more >>

Hi I have a situation where I have to create an entry in the membership database (std. .NET 2.0 asp.net DB). This entry is a new Application in the aspnet_Applications table, but as I do not want to do that directly into the table, what api-object is actually presenting this ability? I h...more >>

I have a custom IPrincipal class that I setup and put into Context.User in the Application_AuthenticateRequest, all works fine. However when I check the HttpContext.Current.User in a page my Custom IPrincipal has been overwritten by the RolePrincipal class, how do I stop it doing this? Than...more >>

Hi; I know this was answered before but with the MS Web interface to the groups down I can't find my saved postings so I have to ask again. We are going to try and figure out Partial Trust again. What is the program that will tell me what permissions a program needs and what method in it re...more >>

Hi; First off, if you have not read Dominick Baier's book yet - GO READ IT NOW. That is the book I wish I had read first - would have saved me boatloads of time. Ok, on to the question. It seems to me the best way to store secrets that we need to plaintext of (ie can't just hash and save th...more >>

I have the following fairly simple scenario. I have a set of pages that require users to be authenticated ONLY when certain other conditions are true. For example... These two pages require users to ALWAYS be authenticated: - PageA.apsx - PageB.aspx While these two pages only require users...more >>

I moved web apps to Win2003. I have given read/write access rights to machinename/IIS_WPG but still getting the error "Access to the path "c:\inetpub\wwwroot\myApp" is denied. " Also gave machinename/IIS_WPG rights to the folder myApp What i notied is that the folder has Read Only attribut...more >>

Greetings All, Being a little less familiar with accessing AD, can someone tell me the best way to obtain an AD user record (profile). Ultimately I would like to simply obtain the manager that has been assigned to a specific user. Thank you in advance for the help! Bob Mixon [SPS MVP] ...more >>

Hi I need to get the Domain Name in NT format. I can do it with the following code, but it takes 5 seconds to execute, which is to much for me. Anyone know how to do it faster ? Thanks Dany DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); strin...more >>

Many months of demanding work came to a point this morning when I demoed my application for the client which consisted of about 30 people. I supplied everyone with a single shared login and we all logged in. Next, nothing happened. The application just froze and was completely unresponsive - ...more >>

Hi; I can call both: using (DirectorySearcher objSearcher = new DirectorySearcher()) { return (string) objSearcher.SearchRoot.Properties["name"].Value; } and: return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain().Name; When I run my app under WinXP using the VS 20...more >>

Could anyone shed some light on this? We have an asp.net 2.0 application that works together with .net remoting. The asp.net application calls a .net remoting server through tcp channel from a separate thread. The basic workflow is like the following: Internet user send a request -> ...more >>

Hi All, when using CreateUserWizard control to register user, it automatically = login the user on after done. I want add some action just after the user = is login and need the user id, but I can not find where to add the code. Please instruct... TIA Jerry...more >>

Hi, I'm working on an intranet asp.net app and at some point a user - other than the currently authenticated user - needs to authorise an action, like creating a purchase order. All usernames/passwords must be authenticated against Active Directory. This already works fine for the overall appli...more >>

Hi; We are storing usernames & passwords in our portal's database. Is there an advantage to encrypting the data in the database? At first I was thinking there is no advantage because the connection string and the decryption key are both in the Web.Config file (encrypted) and so if one ca...more >>

Hi; I'm pretty sure the answer to this is no because I see some security problems if it's yes. But I figure it can't hurt to ask. We want to be able to schedule a report to run at a certain time and run under the crednetials of the user that requested it. In this way we can connect to Sq...more >>

Hi; When installing an ASP.NET application using SqlRoleProvider and SqlMembershipProvider we need to create the initial roles and the inital admin user from our Windows installer application (not ASP.NET). We must do this in the installer as otherwise we either have no users and therefo...more >>

Hi, I created a local group on server and added my self to that group. I am using the following code in my web page to check the membership of the loggedin user against the Windows group on the same server. User.IsInRole(@'MachineName\groupName') . The above always return me false. If i...more >>

Hi, I'm writing an ASP.Net 2.0 webpart that is doing sum HttpWebRequest stuff. I need to go through a proxy, and have configured the web.config like so <system.net> <defaultProxy> <proxy bypassonlocal="true" usesystemdefault="false" proxyaddress="http://isa-srv01:8080" ...more >>

Hi, I'm writning an ASP.Net 2.0 WebPart, which needs WebPermission. I've read http://msdn2.microsoft.com/en-us/library/ms916855.aspx, but still get the error "Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561...more >>

hi, i'm using forms authentication with a web service, and i have the web service passing in the password already encrypted in MD5. can i use any of the built-in FormsAuthentication methods to authenticate with this password? it works fine if i pass in the plain text password. e.g. FormsA...more >>

Hello, I'm currently maintaining an ASP.NET application with not much knowledge about .NET. So any help would be greatly appreciated. The application is access internally and has different modules in it, most modules are available to all users. However, some should be only available to pati...more >>

I am trying to find the best procedure for storing keys used for encryption. This would also be a question for the connection string to the database. At the moment, this is kept in the web.info file. This seems to be norm from all the books on building your Web Apps. Isn't this a problem...more >>

Hello, I am doing the Security Audit of a .Net Application Developed on ASP.Net 1.1. The Developer has informed me that he has implemented RSA-SHA1 for the Authentication Module, The credentials of which are shown below. challenge=AbDwjDe34zzDBEzF5WdnzPuNTUY%3D&hidFlag=T&posx=79e5b 30ea23345a...more >>