I need to manage SQL Users and their Roles using a web interface. There are no database tables with user information involved, just the SQL Server Security setting for Users and Roles. Does the membership class support this (Login control)? Where do I set the property to look at the SQL rol...more >>

Hi, I have a domain at an ISP provider and try to install an ASP.NET 2.0 application in a subdirectory. It's a wiki called ScrewTurn. I have asked my ISP to set it up according to the developers' specification, but I constantly run into problems. The subdirectory is set as an .net applicati...more >>

I'm not really sure where this should be posted as this is a Baseline Security Analyzer question but I'm hoping someone here would have come across this. I'm using MS Baseline Security Analyzer (2.0.6706.0) to check a web app on Win 2k3 we've developed with .Net but we're getting a Servere ...more >>

I've got an asp.net site where it's setup to use forms authentication. I take the username and password provided and authenticate them by calling the LogonUser method (from advapi32). If that is successful I call the DuplicateToken method and then using WindowsIdentity impersonate the user a...more >>

I have an asp.net 1.1 application running on a server on a different network. It runs fine when clients have been accessing it. However there is 1 server from which the forms authentication doesn't work. Basically when I try to access the application I get directed to the login page and whe...more >>

GC.Collect() not cleaning memory, how to find out what references to lots of memory still exist? When all my processign is done i set everything to null and then: GC.Collect(); and then GC.WaitForPendingFinalizers(); but it still shows that my process takes 400 MB of memory. Is there any ea...more >>

I have a simple asp.net 2.0 application that includes two components: - a file uploader - a lister of files that have been uploaded Files are word processing documents; they get stored to a "papers" subdirectory of the application. It would be good if both the file lister *and* the files ...more >>

Hello All, We have an application in which we are planning to have a virtual url system which is completely driven by configuration files. to accomplish this we need to receive all urls at the same directory path, and then according to url rules write them out to different pages which m...more >>

Hi, How to create System.Net.Cookie from System.Web.Cookie? THanks. William...more >>

Hello, I have a doubt, maybe related with "Best Pratices" and "How to do a securely SQL Lookup to authenticate a user against a Database". It's a simple solution, everybody nows how to do, but what's more secure ? Send the query or SP with the following statement: "SELECT COUNT(*) FROM t...more >>

hi, I have a web site with "forms authentication" and all works. What are the steps to use SSL in my website? Thanks. ...more >>

Hello all. I am developing a 2.0 web site whereby the client wants to give access to everyone in their company's domain (I assume that means Active Directory). The site will be accessed from the Internet (outside the company' intranet). Once logged in, I will grab the authenticated user's ...more >>

When I configure my app for integrated windows security, users are always challenged by a Windows "Connect to <ServerName>" pop-up, even though they are already logged into the domain. Furthermore, if they re-type their credentials, they are still denied access. Obviously, I would like to ...more >>

I'm trying to trace the client computer name or IP address who access to my local intranet ASP.NET pages. Is this possible? What is the easiest way to achieve this? Thanks in advance. -- Message posted via DotNetMonster.com http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/20...more >>

Not complaining, just looking for info. Can anyone tell me if there's a better place to ask asp.net questions (especially security issues)? I'm used to using the SQL, Access, Delphi and other newsgroups that have a LOT more activity. It's a bummer when you get stuck on something and never get an ...more >>

I added a page to my site (in a secure folder that only my login has access to) that lets me (and only me) encrypt or decrypt the web.config at will. Ok, so far so good. What I don't understand is that if a hacker can get to my web.config, certainly he could probably get to my encrypt/decr...more >>

Using C# 3.5, I would like to set my Service to use the NetworkService account on the local computer. But I don't know that users password of course. What is the smart way to handle that? Thanks. ...more >>

Hi, I would like to create new mail box's in Exchange server using Asp.net for my users. I would also want to create a public folder via Asp.net for the mailbox/users. Can anyone point me in the right direction here? Any tutorials , articles would be great. Any comments, suggestions a...more >>