Hi, I have an intranet website using Windows Authentication with impersonation. The website calls a webservice which check accessibility using User.Identity.Name How do I pass the user identity from the website to the webService? Thanks, Homa Wong...more >>

I'm trying to make a customer MembershipProvider. While overrideing the CreateUser(...) method, I get the following compiler error that doesn't make any sense to me: 'System.Web.Security.MembershipUser.MembershipUser()' is inaccessible due to its protection level Here's the relavent code: ...more >>

I would like to extend ADAM's schema and create a custom attribute called myManagedBy which allows mulitple objects to be assigned. That's not the problem though. I would like to also create a myManagedObjects which mirrors the behavior of the constructed attribute 'managedObjects' only agai...more >>

Hi: I have a web application (.NET 2.0), which allow user to create a txt file and write to a sub folder under my web application on server side. I have grant full permission of this sub folder to account ASPNET, but wouldn't get succeed. But after I grant write permission for acount machi...more >>

Hi, Can anyone help me with advice/articles about this? I'd like to allow users to either sign up or login from my initial homepage, but I don't want the overhead of having EVERY visitor to that page invoking a secure connection. So everyone visits http://www.mysite.com but only those users...more >>

hello, i am working on some intranet apps for my organization. many of our users are internal on domain desktops. however, some will be working in the cloud but VPN'ing into our network, where they can access internal web apps like mine. the VPN login info typed in by users matches their AD l...more >>

Hello.. I'm using windows integrated security, with the following web.config: <authentication mode="Windows"/> <identity impersonate="true" userName="netuser" password="p"/> In my app, I am trying to figure out who is the actual human user sitting at the keyboard. With WindowsIdenti...more >>

Hi group, I've been trying to create an RSA key container so I can encrypt my web.config connection strings section, but have been unable to. I was able to create and delete the container, but can no longer. It stopped working while I was creating and testing a deployment script to create t...more >>

With WindowsIdentity, is it possible to figure out the user who is doing the impersonating. For instance, if web.config is this: <authentication mode="Windows"/> <identity impersonate="true" userName="netuser" password="p"/> and I log in as user "jmcleod", I can look at the Name proper...more >>

hello, i am using Windows authentication w/ my web app and lock it down via roles. in my testing it seems like the *order* of the <authorization> elements matters. eg, this works: <authorization> <allow roles="Foo" /> <deny users="?" /> <deny users="*" /> </authorization> b...more >>

hello, i am testing out forms-based authentication using the AD membership provider. i have limited AD experience. i have setup an AD connection street and AD membership provider in my web.config. however, doing some simple tests in code-behind i cannot validate user accounts like so: ...more >>

Hi there, I need to enable Impersonation in order to access a network share from an ASP.NET application. Unfortunately when I do this it enables it for the entire application which causes other issues, how would I do this for a particular folder? Thanks in advance for your time....more >>

Hello, I have an ASP.NET 2.0 web app w/ an Active Directory user base that I need to lock down -- only one Organizational Unity should be able to use the web app. So I need to limit my app to only users w/i that Organizational Unit, as maintained in our Active Directory by our admins. Ca...more >>

I've tried every permutation of aspnet_regiis.exe -pe "connectionStrings" -app "/MySite" -prov "DataProtectionConfigurationProvider" -pkm to encrypt the connectionStrings in my 2.0 machine.config (not web.config). I just get the help dump -- no error message -- and the encryption does not wo...more >>

I'm using AD for my asp.net c# forms authentication. The login control works great. However we need the provider to force a change of password when the AD account's "User must change password on next login" attribute is set to true. Using DirectoryServices I can check to see if the attribute i...more >>

Hi there I implemented a mixed mode authentication as follows: main site using forms authentication redirector site using windows authentication, creates a forms authentication cookie and redirects to main site the problem is if i go to the main site everything works fine if i...more >>

I've built an ASP.NET application on my development computer and incorporated this WebsiteAdminTool to manage the userids used for forms authentication. I delpoyed the application to my webserver, which in a different subnet, and now I get "error: 26 - Error Locating Server/Instance Specifie...more >>

I created a key for encrypting my web.config aspnet_regiis -pz WebEncryptionKeys aspnet_regiis -pc WebEncryptionKeys -exp exported them aspnet_regiis -px WebEncryptionKeys c:\WebEncryptionKeys_Public.xml -pri imported them to developers and server machines aspnet_regiis -pi "WebEn...more >>

Hi, I've been studying asp.net for some months now, based on the requirements for a project. I seem to have a very difficult time grasping the security concepts of asp.net 2.0. I'll be building an online catalog, to display products. I also need to build a customer section where they...more >>