I'm trying to better understand the role of the NT AUTHORITY\NETWORK SERVICE and how it works with respect to SQL Server connections. First some background and then the question. I have a very simple test web page that does the following: using( SqlConnection dbConnection = new SqlConnect...more >>

Hello, If I use RSACryptoServiceProvider in ASP.Net, it can only be implemented at Server Side. But Authentication Credentials are still passing in clear text from Client to Server. What should I do to encrypt passing of Authentication Credentials from Client to Server Thank you....more >>

Hi, I am facing a problem of failure to assert unrestricted permissions for a resource from asp.net. The scenario is like this: I have a custom assembly which connects to windows active dicrectory using ..Net Directory Services. I plug this into reporting services and create a code group to...more >>

In all the documentation I've read, the default behavior for ValidateUser on the ActiveDirectoryMembershipProvider is that user names must be in username@domain format. My web.config contains: <membership defaultProvider="AspNetActiveDirectoryMembershipProvider"> <providers> <add n...more >>

Guys, I'm unsure how to use windows authentication in an intranet application. I'd like to user existing windows account to identify users however the issue I have is how to then add settings to those users and map them to roles. If I'd like to restrict the windows users which log on and w...more >>

I have a .NET 2.0 web app that uses forms authentication to get around an issue with FireFox. FireFox will allow you to save the username/pass and this is a SOX no no. The objects in the web application call a Windows Authenticated web service. I do have the username and password so I can c...more >>

When accessing our web sites, users must enter their smart card, type in a PIN, and then a third party site authenticates and sets a server variable if they are valid. My apps take this value (request.ServerVariables("HTTP_OURUSERS")) and then compares it to values in my database. Based on t...more >>

I've a got an IIS web service that accesses a remote IIS site to get information from and I'm trying to get the web service to use a client certificate. If the remote IIS site is set up to ignore the client ceritficate then the request works with no problem. If I set the remote IIS site to a...more >>

Hi all, I was asked today if setting textmode="password" of a textbox control was secure over http. I assumed that the browser does encryption before sending it over the wire. Why aren't most login screen forms sent over https? Is my assumption about the browser providing encryption on special...more >>

Hello. I use forms authentication and it's work except one thing. I want push users make relogin (insert login and pass) when they close browser. I have those settings in Web.config : <authentication mode="Forms"> <forms loginUrl="login.aspx" cookieless="UseCookies" name="Login...more >>

Here's my configuration: - ASP.NET application - Windows XP Pro running IIS -Vdir is configured to allow anonymous access - Anonymous access account is my domain account (for testing purposes it's quicker and easier to do this than to try to get another domain account set up) - Web appli...more >>

Hi; In one portal we have people can request a free demo of our portal product. To give them a login I need to create a user for them in the membership database for our portal product. So in web app GET_DEMO how can I make calls into the membership database for the portal REPORT_PORTAL? ...more >>

I used the WindowsTokenRoleProvider and i was able to input my username and i retrieved all the GROUPS i belong to on my PC. I'm thinking of doing the same but against Active Directory. How can i do the same against AD? Will i have to use "AuthorizationStoreRoleProvider" and install Azman? Or ...more >>

Ok, when I first started to play with the Provider model for all things membership in ASP.NET 2.0, I have to say I was pleased... but I must have missed something here... I've got two questions... 1) I'd like to have profile be a strongly typed complex object derived from profilebase. I'...more >>

I'm a little unclear on when exactly I would need to use FormsAuthentication.Encrypt. If I have the cookie protection in the web.config set to All (i.e. <forms loginUrl="login.aspx" protection="All">), shouldn't my cookie already be encrypted and tamper-proof even if I don't encrypt the auth...more >>

Hi all, I have a web app running on a local PC that can start and stop windows = service on a remote machine, but only when I browse to it locally. If I = browse to it from my other PC and try to start/stop the service, it = gives me "Cannot open Service Control Manager on computer = 'xxx.xxx.x...more >>

Hello, friends, We developed a web site using asp.net 1.1 and Form Authentication. It works ok. However, when our users use our website through internet to login, it requires users to reset their IE cookie settings. For example, for IE 6.0 users, a user will have to (1) Click on Tool...more >>

I've been researching using Domain Groups within our application. I found a code sample that I've been experimenting with, but need confirmation on one behavioral thing that I've noticed. My web.config contains the following: <system.web> <authentication mode="Windows" /> ...more >>

Hello! I 'm quite new to asp.net and trying to accomplish a web that gives 'admins' some extra options in an aspx page. I have a local group called admins at the dotnet server. In this group I have domain users/groups. I have this "code" in the web.config: <authentication mode="Windows"/> ...more >>

Hi everybody, I'm developing an ASP.NET application which calls business components in a remote server located at the DMZ (this is, a non domain member server). The problem I'm facing is that because the server is not a domain member, it is not able to access the active directory in order ...more >>

Hi, I have a Windows Application that I am successfully using Membership.ValidateUser to validate a user against the same database I use for the Web App part of the system. My question is, how do I use the role based security similiar to IsInRole function that is available in a Web App t...more >>

Hi - I'm trying to implement a custom RoleProvider based on the SqlRoleProvider. I keep receiving a an error that it can't load type 'MyRoleTest.MyRoleProvider' when trying to load my RoleProvider. However this only occurs after deployment. On my local machine it works fine. So I creat...more >>

Hello. I have a bit of a dilemma. I have implemented a forms authentication for my application built in asp.net and it's working fine so far. I was trying to create a menu based on roles. I put th emenu in a .master page so it is available to all pages. I was planning to do the permissions che...more >>

I am trying to debug an ASP.Net application that uses impersonation to access a secured SQL Server database (Microsoft cRM as it happens) so my web.config has <authentication mode="Windows" /> <identity impersonate="true"/> <authorization> <deny users="?" /> </author...more >>

Hi, The problem with Authorization is it stops at the first match and doesn't permit Grouping. On the Web Site, I am trying to Secure Page Access and SiteNaviagation by implementing the following ASP.NET 2.0 features: - Membership - Site Maps - SiteMap Security Trimming A User has ...more >>

Hi, I use the logon control for logging into the application. When logging and checking the option "remember me next time" and then closing the browser without to press any logout button which logout the user, the next time i start the browser and go to the application, i don't need to logi...more >>

Hi, I run a webserver on windows xp prof sp2 and IIS 5.1. (no domain). I have an asp.net application which is accessible for anonymous users. IIS-configuration is set on Anonymous allowed (IUSR_server). No other authentification. The windows account ASP.NET has READ permissions for the direc...more >>

Hi All, What is column IsAnonymous in dbo.aspnet_Users table used for? How to set it to 1? Thanks..... ...more >>

Hello all, I've written a Customer Membership Provider and am trying the call the ValidateUser method from a button click, as below: CustomOracleMembershipProvider COMP = new CustomOracleMembershipProvider(); bool validated = new Security.CustomOracleMembershipProvider().Val...more >>

Hi, I define a Login control with PasswordRecovery and a CreateUserWizard. I use the default ASPNETDB.mdf database. I can create an user (let's say 'dan' and i can log in. The problem is: when i try the PasswordRecovery with username 'dan' with the right question answered, but there i...more >>

Hello All, First of all, let me make it very clear that I do not have any idea about implementing the windows authentication, so all inputs would be appreciated. The scenario : I have a client - server application. At the moment, the passwords for the users are stored in a password storag...more >>

Hello. I am tryin gto setup Application services to make use of SQL server for user authentication. I have tried to follow the steps that Microsoft recommends, but to no avail. I keep getting the same error every time I try to connect from the Web Site Administration Utility. The error that po...more >>

Hi.. I am using form authentication on a web site that consumes web services. Can the identity of the user that is logged on to the web site passed to the web services for the same authentication? if so, what would need to be configuered? Thanks a lot,...more >>

Hi, We have an asp.net 2 application that prints a file (integrated security and impersonation is configured for the application). The application is a non-windows version of: http://msdn2.microsoft.com/en-us/library/system.drawing.printing.printdocument.aspx It all works fine on IIS 5 (XP...more >>

I am able to implement Forms Based Authentication successfully, following the example in this link: http://support.microsoft.com/kb/326340/ Although functional, the resulting page (logon.aspx) is plain vanilla. I just want to dress it up by adding a company logo to this logon page. So, I ...more >>

I have a second thread that is being passed the context from the main thread. The functions that run within this thread start off by executing under the (passed in) context but after completing the first few functions, the remainder execute under the context of the App Pool identity. All...more >>

Hi, I am running an ASP.Net application on .Net Framework 1.1 version with the operating system as Windows 2003 server Standard Edition. I have the same ASP.Net application running on 2 different virtual websites with ports 8080 and 8081. Example : 1. http://localhost:8080/Company1/A...more >>

Hi all, I have an asp.net 2 application that get an image from SQL reporting services and sends it to the printer. It works fine as a console application on all computers and as an asp.net application on my windows xp computer. However when I run it under IIS on a 2003 server it return the ...more >>

Hello Is there a way to log all emails that have been sent using ASP.NET Mailclient? Because I run a Webserver with some ASP.NET applications on it. And it looks like some are abused for spamming. So I want to find out what pages are called. As I do Hosting for more customers, I can't check...more >>

I have created a website that uses forms authentication <authentication mode="Forms"/>. I have traced the response sent from the web browser after the user has entered a password and pressed Login. The password is then sent in clear text. Is the only way not to have the users password in clear t...more >>

Hi all I've developed a shopping cart in C# and to allow moderators to upload product images, news images and downloadable PDFs, the app creates a folder for each product. I start out with the following empty folders: /img/products/ /img/news/ /pdf/ When a new item is uploaded, the app ...more >>