What is the easiest way to test if asp is working? With php i can upload a file with <?php phpinfo(); ?> and it tells me its working. Is there a simple asp query i can run to see if it is working and which version etc. I didnt set it up as i dont have the knowledge so i had to have...more >>

Hi, I want to call a COM+ server from a webservice. I want to use the client credentials so I have set <authentication mode="Windows"/> <identity impersonate="true"/> Calling the webservice is no problem but the COM service fails because it still runs under the ASPNET account (I have ...more >>

Thinking about my application, I am worried about an exploit that I am not proficient enough to test. Can a user use a set of roles (fully encrypted cookie) gained by logging in on one account and pass it to another session with a different logon. That could make an "account administrator" of ...more >>

Is the Username and Password specified in the Connection String of an ASP.NET application transmitted to an SQL Server 2005 sent as clear text from the IIS Server? The reason I ask is our IT department has mandated that all username/passwords be encrypted when sent from one server to anothe...more >>

Hi I'm using protocol transition to create user accounts in an ASP.NET context. The login seems to be working ok, but I'm getting a nasty security exception "Attempted to perform an unauthorized operation" (see stacktrace). I get the same error message in the debugger when I quick watch htt...more >>

Hello all, I am working with Adobe LiveCycle Designer 8.1 to create forms that the user will sign with their X.509 Certificate and submit electronically to a generic .NET HTTP handler (ASHX). I have done some work in both creating and verifying digital signatures, but I have run into an issue ...more >>

I am cross posting from another group hoping to get a feed back: I need to build a simple web apps with login control authenticating with AD. Looking from security point: 1. web.config : connection strings etc. OR 2. build my own onAuthenticate method calling ... a pre-compiled dll. The dll ...more >>

Greetings, I'm using the normal <authentication mode="Forms"/> in conjunction with "Login" template (provided by Asp.NET 2.0) to authenticate users on my protected pages. The problem is the timeout session seems to be too fast tomeout even my users still in the midst of inserting the dat...more >>

I have an ASP Website setup which presents some data, then posts changes to that data to another webpage (whcih is java based) by using variables on the URL Line, the Java website trapps the user's details and places some information against the closed call, such as who closed it. This works ...more >>

When I load a VS 2005 project from a network drive I get a dialog that informs me that this "is not a trusted location". How do I make it trusted? Many thanks. ...more >>

I was planning to deploy my control using a digitally signed XML signature but when I come to think of it nothing prevents a savvy user from taking the XML file, stripping the Digital signature, altering the XML document and signing it again with his/her own key. Am I right? or am I missing...more >>

I have a custom application that creates the windowsidentity from user UPNs and uses it to perform authorization. if a user is removed from an AD group while the application is running, the application disposes the windowsidentity and creates a new one but the windowsidentity.Groups still co...more >>

I have a simple logon control and I use form/AD authentication using a service account. I still get the above error on testing. I am testing in: vs2005/ XP/localhost, asp.net 2.0 The web.config is: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings> <add...more >>

Is their a way to read the name and preferably set the name of the RoleProvider Roles.CookieName. I have a class public sealed class MyRoleProvider : RoleProvider { public override void Initialize(string providerName, NameValueCollection providerWebConfig) { /...more >>

Hi, I have written support for HTTP Digest Authentication in my ASP.NET application. When I am authenticating against a custom user store, such as a database, all is well. The way Digest works is a one-way hash so I simply retrieve the password, hash it, and compare the result against what...more >>

Since all of the brightest at Microsoft seem to be in here, I will ask you guys this question. We have an intranet application using Windows Authentication. I was NOT in on writing it, I just have to squash the bugs. This application has a timeout set in the web.config file of xx minutes. U...more >>

Hello, We're selling an ASP.Net web app to a customer and I've been going through their requirements doc and they have this recommendation: Do not place Scripts directories in a subdirectory of wwwroot. Rather, keep scripts in a separate directory like <IIS_Scripts>. I've not come across ...more >>

Hi, I have a asp.net application, which control virtual directory, we want any user to access and we do not want to use windows authentication(we do not want windows authentication dialog) or forms authentication(as we do not want any login page). However we want to impersonate the user. ...more >>

Everytime I try to run or execute a default.aspx or any other pages from Visual Studio 2003 by right clicking on the default.aspx page and selecting 'View in Browser' option, a Log in dialog box appears asking for my user name and password. How can I stop this login prompt from keep appear...more >>

I have set up my project to use Security Trimming by editing my web.config file. I added the securityTrimmingEnabled = "True" I added <roleManager enabled="true" /> In my Site map provider .vb file, I override the IsAccessibleToUser function to query a database to get application specif...more >>

I have a project where I need to build a security provider using Oracle (for roles) and AD. Can anyone suggest a place to look for examples of doing this? Thanks... -- Thanks, Joel WZ ___________________ ...more >>

I have looked at this example and it uses the webconfig file as the external datasource. So that was totally unhelpful. http://www.aspnettutorials.com/tutorials/validation/authentication-aspnet2-vb.aspx I have a 1.1 Login form that implements forms authentication that obviously will not co...more >>

I was trying to reduce the trust level in a web application. I am a newbie at playing with trust levels. <trust level="High" originUrl="" processRequestInApplicationTrust = "true" /> We use a non-Gac dll in it that has this code: AppDomain.CurrentDomain.UnhandledExce...more >>

I'm trying to create a use a genericprincipal object with roles authorization to use in my asp.net apps My user directs new users to an asp.net login page. They log in and I use that ifnormation to create a genericidentity. Then i get their roles from the data store and use that and the gener...more >>

Hello, I have to verify that all method calls to a web service are done via an encrypted communication (SSL / HTTPS). Could someone suggest me a solution to do that check from the code of my web service? Thank you. Adriano ...more >>

I have just moved over from a linux host to a windows host. Is it fair to say that web.config is the windows version of .htaccess? thanks ...more >>

When using BASIC authentication in a .NET application, with cookie managed sessionState, do the login credentials have to be sent with each request, or only with the first one? What about with Digest? Thanks! -- James ...more >>

I'm trying to encrypt the <membership> section in my web.config file. I'm able to encrypt the <connectionStrings> but not <membership>. It doesn;t matter if I'm use -pef or -pe I get the same error indication the configuration section is not found. Rather than -pef "membership" do I need addi...more >>

Hi, All I have VB 2005, I use login control to logn in, after log in, I go to another page. I want to use the login username in another, how to use session varible to pass the username? I use the following code, but I cannot login: Protected Sub Login1_Authenticate1(ByVal sender As ...more >>