Password length minimum: 7. Non-alphanumeric characters required.I ve taken this error. Microsoft Security Policy requires something nonsense I think. I never think a password like "75256asdf!^+%&" this. How can I use normal passwords which users demand what their hearth say as a password ...more >>

I would like to check if a user is currently a member of a Local Group on the server. I am able to do the test for the current user and all is ok, however I would like to be able to take a list of users from a table in the database and check if the user is in the specified group. is it possible ...more >>

Hi I am quite new to membership and security etc. I have a large Access DB and want to create a special section on a website for some of the members in the database. I have looked how to do this and have found about 10 sites, all with different ways to do this. I have tried all but none...more >>

I'm trying to access an access database on the file server from a web server using asp.net and IIS 6.0. I can do it when I have anonymous access enabled in IIS 6.0 as in the public internet web site style. I want to do the same with the intranet setup where IIS 6.0 is not setup to allow anon...more >>

Hi All, Can you please advise on the following - We want a custom form where we capture username,password, domain and then using this programmatically (redirect without having to enter credentials again) logon the user to IWA website. Is this possible? If yes, how can I acheive this. Tha...more >>

In my intranet app, I have my web.config file's authorization section defined as follows: <authorization> <allow roles="foo" /> <deny users="*" /> </authorization> The IIS 6 virtual dir is set to anonymous=NO, Integrated Windows Authentication = ON. When I add a user...more >>

Hello! I am just learning about forms authentication so please excuse this basic question. I am using .NET 1.1 and C#. I have created my web.config file and my login.aspx and the associated cs file using examples on MSDN. I have created a FormsAuthenticationTicket and cookie and added the...more >>

I have different Sharepoint site and subsites(WSSv3) I'm using Windows Auth (with AD) I wrote an application that uses the IsinRole method to redirect users to there different sharepoint pages when they login. But i'm having an issue with logging in twice:) The first page they have to launch c...more >>

Hi everybody, Is it possible to do ASP.NET Impersonation in a windows 2003 non domain member server (locate at the DMZ)? If so, how can I do that? Thanks in advance for your kind reply Best regards, Johann Granados Staff DotNet...more >>

Hello. A customer has asked that we provide, in writing, the permissions required for our deployed .NET (C#) web service. I have located MSDN articles on ASP.NET permissions but none of these articles cover the C:\WINDOWS\TEMP folder. If we lock this folder down (part of our security pac...more >>

I have problem writing content to a UNC file from my ASP.NET 1.1 application. This is on Windows server 2003 The event log says "X:\temp\abc.txt path not found" and stuff. Note that I have allowed Full Control permission on abc.txt on the other machine. any idea? thanks, Vince ...more >>

Hi All, I'm really no expert whatsoever when it comes to security in dotnet and have a question about setting up login security to a web application we are building. The application will be accessible to mainly users within the company but there are also a couple of users that access the...more >>

Hi all, I'm wondering how can i prevent this scenario: I have asp.net application , not using any kind of asp.net secuirty models [ neither Windows Nor Forms Auth]. Client can save a complete copy of the web site locally, he can change any Javascript funciton , then chnage the Action att...more >>

Hello, I've speant the past couple months reading off and on about the use of roles & memberships in ASP.NET sites, using the role providers, etc. However, the largest problem that I've been having reading all this information, code smaples, etc, it that it is 95% focused on external internet...more >>

Hi there, We are in the process of implementing Membership and Role Management and have a problem with the connection strings in our web.config. We currently have a system that on Application_Start set the Application["connection_string"] to the relevant ConnectionString from the web.con...more >>

ASP.NET 2.0 Windows app written in C# and VS 2005 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D I am having difficulties encryting web.config files when using Cassini = (IIS is currenly disabled) as the VirtualDirectory param seems to only = work whe...more >>

I am writing a Post client with the HttpWebRequest object and using the Crypto API to access "MY" store and pull out the certificate that I want. I attach it and send it, but I still get a forbidden (403). If I browse the site with Internet Explorer, the certificate exchange is different. ...more >>

I would like to know if it's possible to set up two seperate servers with the same SSL certificate and not have the customer/client notice anything when traffic goes from one server to the other (no SSL security notices or anything). Here is the detailed scenario: 1) Server A with cert for...more >>

I ran the aspnet_regsql.exe tool with the -sqlexportonly option to create the script. I searched and replace the string [dbo] by [mySchema] and had the dba's run the script. When I do anything like Membership.CreateUser or click on the 'security' tab in the website admin tool I get... Could no...more >>

Hi, I know how to create membership user and to define role via "Administer website" in design mode of e.g. an ASP.NET login control. My questions are: 1) how to create a membership user directly in web.config? 2) how to define a role directly in web.config? 3) how to assign a existing me...more >>

Hi, i'm building an web application for anonymous users. They can take a look in the website, nothing more. In order to perform other actions, the anonymous user must be logged. So i create an aspx page with the CreateUserWizard control. The user can fill his username, password etc .... ...more >>

Hello. Developing a VS2005, SP1, VB, .NET 2.0, ASP.NET 2.0, WSE 3.0 web site to consume web service with SQL Server Express 2005. It was working excellent with the logins, passwords, roles and access rules. All membership controls were put onto forms without using all the default setting...more >>

Hi; I assumed the following code would not load. And if it loaded, would throw an exception on the OpenText. However it runs fine. AssemblyInfo.cs: // only permission - set to cause all other to be disallowed [assembly: RegistryPermission(SecurityAction.RequestMinimum)] Program.cs: cl...more >>

Hello everyone, Just a quick question with regard to where to hold roles for applications. Is it better to have a central user, application & roles database and pass a user object to an application OR store the roles for each user in each applications own database? What are people opini...more >>

Hi, I'm working on a content pages web site engine which deifnes 2 types of security methods. some of the pages don't need authentication and can be accessed by everyone, while other pages (the same aspx page- different content) requires to have Basic Authentication, ie. having the popup wind...more >>