I have a collection of various .NET assemblies I authored used in various applications within our corporate Intranet. The assemblies are used in fat-client apps, asp.net apps, etc, therefore many of the assemblies are distributed to end user systems (they are not installed in the GAC). It ...more >>

Hi, my client has an extranet IIS web server protected by RSA SecurID. it's running my asp.net 1.1 application. when they use the web app from a browser they have to log in to RSA, then they see the login screen for our application (forms authentication) and everything is fine. however, wh...more >>

Here goes. We have a web server that needs to go into the DMZ. I have a SQL server in my local lan attached to the domain. First question. Can I setup a oneway trust with the standalone server trusts the domain. Thanks. ...more >>

Hi, I have a web project that I started building below My Documents\Visual Studio folder. When trying to place it in IIS 5.1 (I am running XPSP2) I get an error: ----------------- Failed to execute the request because the ASP.NET process identity does not have read permissions to the gl...more >>

I followed the partical "How To: Implement Iprincipal -- J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy -- November 2002" to implement a custom principal. After created the CustomPrincipalApp exactly as described in the artical, I changed two things: The first is that I use...more >>

Hi All, Couple of hopefully simple questions: 1) Where do I get the sql script to create the built in asp.net security db? 2) Is it possible to deploy the admin site? Thanks in advance! Derrick ...more >>

Hello, I have created an outlook 2003 addin with VSTO for VS 2005, some class demands a fulltrust right to run. It is working on dev station as VSTO do everything for this. But on the enduser workstation, we get an error and can't load the addin in outlook. We need to give .NET full trust ...more >>

I am using the ActiveDirectoryMembershipProvider for forms authentication in a application the user id validated with the line. if (Membership.ValidateUser(UserName.Text,Password.Text)) { wp.IsInRole("cd\\System Admin") //Works great String ICdUser = WindowsIdentity.GetCurrent(...more >>

Greetings all I've just re-engineered a small system to use the Roles/Membership and ASP.Net Configuraton Tool. I've configured it for 'From the Internet' access. However, I can access the Config Tool by just running it. I don't have to login. I hunted around and found this: C:\WIND...more >>

Hello, I am developing a Website in ASP.Net 2.0 with Login Control as a Starting page. I have already implemented Membership for login control. Now I want to know 1. How do I implement unique Session IDs for every login, so as to prevent Session Replay attack. 2. How do I encrypt the Passw...more >>

Apparently the long held theorum upon which most secure encryption has been established has been proven unsound [1]. News is spreading rapidly. Its already been said that radio talk show hosts have been warned by the U.S. government to repress discussion of the implications. As I type, I a...more >>

Is it possible to make the login process case sensitive? I want to make the user 'bob' unable to logon if he types 'BoB' or if he does the same with the password. Thank you in advance!...more >>

I have my ASP.NET sites setup to connect to SQL Server using trusted security and their application pool identities according to this article: http://msdn2.microsoft.com/en-us/library/ms998292.aspx Everything is working fine without trouble. However, now I have a site which requires the iden...more >>

I don't get what the problem is here. I have tried everything for 5 hours straight and have not had any luck. The project is being compiled, the .dll does exist in the /bin folder of the web server. The .NET framework is the same (2.0) on the web server as on my PC. I'm just trying to cre...more >>

Hi An addition to my IWA query really - the sysadmin had promoted the web server to a domain controller, and it *seems* to be letting us into the Intranet app, but it's throwing the following error... I wonder if some could explain what it's trying to do, and how to fix it? Ta, Dan. ...more >>

I am adding new attributes in Active Directory and adding those attributes in User class. Now when I am adding this attributes in Web.config file in <membership> tag it is not getting reflected. For eg I added an attribute passwordQuestion in Active Directory schema. And then I added that att...more >>

Hi, When clicking on "remember me" when logging, the user asks for not to have to log in next time he visits the site. Now, on one side, i read it is recommended to logout properly (clicking on 'logout') when quiting the site, but then, the user looses the benefit of the option "remember...more >>

Hello, I'm trying to apply the techniques found in the following article : http://msdn2.microsoft.com/en-us/library/ms998355.aspx However the backend tier is not a SQL Server, but a domain controller accessed via the System.DirectoryServices Namespace. My scenarii is the following: - The we...more >>

I'm using asp.net 2.0 login control to authenticate my users against AD. I'm storing their encrypted password in session state, which I then pass to the LogonUser method and succesfully impersonate their account. The problem I'm having is that I have to continually re-impersonate the user o...more >>

We have the following structure: Windows (probably vista) WPF Service Layer WCF in IIS Service Layer Business Objects Domain Model Database We need to use the WindowsIdentity from the user logged on to the windows machine all the way through to the database. We'd like to make sure th...more >>

We are setting up Authentication and authorization of users in Active Directory using ActiveDirectoryMembershipProvider in Asp.net 2.0. Login and Creating users in the system is working fine. But while changing password using Membership it is giving error as the "New password does not comply wit...more >>

What I'm attempting to do is make a basic extension of the System.IO.File class with Copy and Move methods, but what I need to be able to do is provide it with a credential to perform the file operations in a new thread (for example I would have an Active Directory account DW_Archiver with acces...more >>

Hi guys. We've got an intranet application (.net 2.0) which uses Integrated Windows Authentication to obtain the current logged on user and allow/prevent access to certain features, etc. This worked fine with IIS running on the Domain Controller. However, as our needs have grown, we ha...more >>

Hi, I defined roles in order to deny access for some pages to anonymous users. I tested it by typing the url of a denied page to test the system (http://denypage.aspx). It works (access denied), and i'm automatically redirected to the login.aspx file that is defined in the root of the a...more >>

How do I validate that a user belongs to a particular domain, programmatically? For example, I have a user (user1) who claims to belong to a particular domain (domain1). How do I confirm whether user1 belongs to domain1, in my web application? Any help is appreciated. Thanks....more >>

Hi, I have a problem where after protecting the "connectionStrings" section of the web.config file and then saving the encrypted version I am getting "Access to the path C:*******\web.config is denied" - This is both local IIS (Windows 2003) and hosting site. Any clues as how I can save ...more >>

Hi all, I'm quite new to the securit system of ASP .Net and I have a question regarding the requriements on the password a user supplies. On the web site I'm currently working on there ara two groups of users I need to authenticate. One is the registered users and the other is the regist...more >>

Hello all, While I'm fairly familiar with C# and .NET Windows Forms, I'm being asked to retrofit/enlarge an existing intranet app with ActiveDirectory-based user security - where I'm an admitted newbie. In a nutshell, we want to: Use group membership in Active Directory to define basic role...more >>

I am having trouble with reading Active Directory from my aspx page. IIS 6.0 is set for Windows and basic autentication for the application. The IIS 6.0 Windows 2003 server is set for trust for delegation at the domain server. The user is set for trust for delegation at the domain server. Th...more >>

ASP.NET 2.0 Which field from aspnet_Users table should I use as a foreign key in the related tables in my application? Ex. I have a message board app in old asp and there is a table Topics containing all the messages posted by users. And I had MsgID as pk and UserId fk to identify the user....more >>

Hello all, I am having a significant problem with the security in my app. I am experiencing a problem, where the session apparently times out, and all my session data is reset just as if a new session was started, ... but the FormsAuthentication ticket doesn't expire, and so i wind up with ...more >>

I have an ASP.NET2 web app, and I've created a small box where I show all logged-in users; I use a simple iteration trough all registered users and I check whether each user is online or not. The problems is: when a user logs out, it still appears on the list! Is it possible to update the stat...more >>

I am building a site in which I would like to keep validateRequest turned on, but I would like to either override it or scrub my inputstream. If the input has potential for XSS, I don't want to throw an error, I want to clean the data. I have tried using the httprequest.filter in my global....more >>

Hello, we are unable to solve the following problem: Will the Membership Model allow to restrict access on a control level. For example i have a form with multiple buttons and i want only users in specific roles to access some of them. How would this be accomplished using integrated ASP.Net...more >>

Greetings! For a project we are deveolping, we need to guess the algorithm used to generate a code for an integer number. The only information we have is some pairs of integers and codes generated. My bet is that the code is being generated with a HASH function. I have already tried with SH...more >>

Hello, i'm developing an application where i want to use the login auth application provided by our organisation. However i'm a bit stuck on processing the auth string i get back. The way it works is as follows: people go to a general login form, where they type in their username and pas...more >>

If we use forms authentication in our web application we need an initial administrator account from which the first user can log on to create new users and assign roles. How do others do this, use the member ship API to create the first user as part of the installation process or use direct ...more >>

Can anyone please comment on this ASP.NET 2.0 Membership error & how to get the following code to run? ERROR: >>> "The password-answer supplied is wrong." The Membership database seems to be encrypting randomly & it's causing our web app to keep throwing errors & keeping our users from logg...more >>

I'm using Forms Authentication to secure an admin area of a website. In the admin area, I have an .aspx file that updates an unsecured XML file which is not inside the admin area. This file should be have anonymous read but not anonymous write access. Is there a way to accomplish this? ...more >>

Guys, Does anyone know the best way to implement both windows and forms based authentication in the same web site? I'd like intranet based windows user to be able to use single sign on and not require them to log in so the full windows name including domain name can be used. However for ...more >>

In ASP.NET 2.0 Membership (aspnet_Membership table) can anyone tell me whether the web.config machineKey tag (with validationKey & decryptionKey) actually controls how the aspnet_Membership.passwordAnswer column is encrypted? NOTE: In our situation, ALL users have the same static value fo...more >>

My users often forget their passwords. Because of this, I have to go into the Administration website delete and recreate them because I don't see a way to change their password w/o knowing the existing password. I realize that the stored procedure aspnet_Membership_ResetPassword exists, an...more >>