I have a VB.net app running on the 1.0 framework. The exe resides on a network share and all of the client computers have a full trust configured to the shared folder from which the exe runs. The app was deployed one year ago and the clients had no trouble using it. This is a seasonal app a...more >>

Hi group, I want my app to show a msg if my it doesn't have the required permission(s), however this simply doesn't work. What am I overlooking/doing wrong?? [VB.NET] Try Dim x As New SecurityPermission(SecurityPermissionFlag.UnmanagedCode) x.Flags = Security.Permissions.Securit...more >>

When should you explicitly check for correct permission? Perhaps this sounds strang, I know, but stick with me for a moment. For example the GetCurrentDirectory method on the Directory class throws an UnauthorizedAccessException if the caller doesn't have access to the I/O operation, so there w...more >>

Hi, I'm a newbie to code access permissions in .net. I tried reading code access document in MSDN and they don't have fully working code samples or step by step walkthroughs that will help me understand how to implement code access permission/security in my web application. May be I'm expec...more >>

I have someone who has given me a string that was encrypted with their RSA private key. I tried to import their RSA public key and decrypt their strng but I get "Bad Key." as the response: 'Verify the signature is authentic using the sender's public key. Dim rsa As New RSACr...more >>

hi while trying to execute the following program i am getting "System.ComponentModel.Win32Exception: Access is denied" as errror message. <% @Page Language="C#" %> <% @Import Namespace="System.Diagnostics" %> <script language="C#" runat="server"> void Page_Load(Object sender, EventArgs e)...more >>

Hi, In an effort to learn about the .NET security settings I tried a simple experiment. I created a noddy console application and assigned it a strong name. I then extracted the public key token from the assembly. This was all on my local disk. I then tried stop the console applicat...more >>

The following code doesn't produse the expected effect to only allow the members of Administrators group to access the web method, it stops everyone. ========= <WebMethod(), _ PrincipalPermission(SecurityAction.Demand, Role:="Administrators")> _ Public Function HelloWorld() As ...more >>

I am at the beginning stages of writing a massive database-connected business management application using the .NET framework and am becoming worried about the security of the application upon completion. I have recently become aware of the ease at which a .NET assembly can be disassembled ...more >>

I am at the beginning stages of writing a massive database-connected business management application using the .NET framework and am becoming worried about the security of the application upon completion. I have recently become aware of the ease at which a .NET assembly can be disassembled ...more >>

Hey all, I was just wondering what hash algorithm is used when you provide a key through the used of the Strong Name Tool or is it configurable? For example when I generate a keypair.snk file using the the Strong Name Tool (Sn.exe) and then include the following in my application: [assembl...more >>

Hello, I created a WindowsIdentity object using the WindowsIdentity(IntPtr) constructor passing it a token I received from a call to the LogonUser API function. Why is IsAuthenticated returning false although I just authenticated the user by calling LogonUser ? Is this a bug or am I misinte...more >>

I have a service that logs/traces information through a custom trace listener to a log file in System32. The name of the file is something like ApplicationServerYYYYMMDD.log. Where YYYY is the year, MM is the month, and DD is the day. So I get a maximum of one log file per day. When I was runn...more >>

Hi list! I have 2 questions about TripleDes- first about a problem I'm running into implementing the tripleDES algorithm in the .net framework, and the second is an academic one about what I thought I knew about tripleDES vs. how it's implemented in the framework. Question 1) When I'm c...more >>

Can I authenticate users of my ASP .NET apps, using their windows credentials, but using a SQL db. Let me explain a little more. I have an Windows XP station where i run my ASP .NET apps. I wish users to authenticate them using their current windows usernames and passwords. I have stored my u...more >>

I'm working on a programming project that needs to control network traffic. What I would like to do implement a mini-firewall as part of my program. What would be involved with writing a firewall like program in C#? I realize it's not really a simple project, but the firewall doesn't have to be v...more >>

Good day Ladies, Gentlemen, Help needed or confirmation that it's a designed "feature" ! We have a strange situation here. We once were using AuthenticationTypes.SecureSocketsLayer as in : __________________________ public static DirectoryEntry SecureConnectDC(string adsPath, string usr, ...more >>

I am new to .Net, so apologies if this is a simple question. I need a way of display folders and files to my users. However, it must show whether they have NTFS access to the file/folder. For example, if they have access the folder or file is displayed as a link, if they dont it is displa...more >>

have a look at the new msdn magazine issue msdn.microsoft.com/msdnmag --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.security/<uHxGt22tEHA.1308@tk2msftngp13.phx.gbl> Hello, I need some help w/ signing...more >>

Hello - after completing a simple app and finally getting it right, I put the app on a network share for others to test. Well, you know the rest. Doesn't work with a System.Security.Permissions.SecurityPermission error. I found out about the .NET administrative tool to create an MSI and it works ...more >>

I have an application where users have to log in to view their account information. The problem is, if I log in as user A, then in another browser I log in as user B, and copy over a url from user B to user A (with GET arguments specific to user B), user A will now see user B's account info. ...more >>

I have a control which connects to an object on a server. This object has an event, and client (the control) subscribes to this event. So something happens on the server, it fires the event - the control is notified. All this works just fine when the controll is hosted in a windows applicati...more >>

Hey all, I've read that security policy can be administered at the following levels: Enterprise Policy Level Machine Policy Level User Policy Level Application Domain Policy Level I found the above levels in the following document: http://msdn.microsoft.com/library/ en-us/dnnetsec/html...more >>

Hello, When using RijndaelManaged in CBC mode, I believe that ICryptoTransform.TransformFinalBlock() is behaving "wrong". After a call to TransformFinalblock is made, it seems like the class is resetting the CBC state with the intial IV. This makes it act more like ECB mode. I was porting a ...more >>

Hello everyone, I want to develop a secure application in .Net. I am in the analysis pahse of the "security" aspect and one of my requirements is to work in a mixed environment... The Client applications may be in a domain or a workgroup. :-( My server will always be in a domain.... d...more >>

Is it possible to authenticate user using a SQL database, containing users and passwords? What I want to achive is: I have as SQL database containig data for my app. This database also contains usernames, passwords and rights which are specific for my app. Also I have a middle tier WebService...more >>

How do I produce a detached signature using the SignedCMS class (found in System.Security.Cryptography.Pkcs namespace)? I cant find any property or option to be able to control this. Meaning the "Detached" property on the class is marked as read-only so one can only know if a given signe...more >>

I have two conceptual questions that I would like to hear some opinions on: 1. Assume you are developing an application which incoporates a role-based security model. An administrator can define roles with specific privileges and then add users to those roles. After a user has been authentic...more >>

I get a vague 'Security Error' when I try to access Active Directory via the 'System.DirectoryServices' DLL. I am doing this within a SharePoint Web Part. I also stripped the code out of the SharePoint Web Part and put it on a regular ASP.NET Form and it worked fine. The error message is ...more >>

Can anyone tell me how I can get the Full UserName from a logged on user from a NT4 Domain in my ASP.NET(C#) page? I do know how to get a userrole but don't know if the WindowsPrincipal can get me the fullname. please help....more >>

I have the following web method: <WebMethod()> _ Public Function Test_CurrentCredentials() As String() Dim tmpArr(2) As String tmpArr(0) = "User: " & System.Threading.Thread.CurrentPrincipal.Identity.Name tmpArr(1) = System.Threading.Thread.CurrentPrincipal.Identity.Authenti...more >>

I'm working with a group that is using Java for their web application. They use X.509 certificates and have requested our public RSA key in X.509 format. I can create the X.509 certificate using makecert.exe (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrf...more >>

Why does this code need "Full Trust" permission set to run ? I try running it with "Everything" permission set, but this raisses a SecurityException in "Unknown Module". using System; using System.Security; using PiaExcel = Microsoft.Office.Interop.Excel; using PiaOffice = Microsoft.Office.C...more >>

I have a problem using the Authorization and Profile Application Block in conjunction with the AzMan provider and an xml based store. While everything works fine when the application is running as ASPNET, I need to run the application under a fixed identity using <identity impersonate="true"...more >>

I am currently learning to develop web app but I ran into problem when I tried to access the web form from another computer in my MS Windows Network (a small local home network that I set up in my house). When I try to remotely access the web form from one of the computers in my home netwo...more >>

Hi there, I need to check the permissions of the current NT-User to a Webfolder (subweb). How? I know there was a discussion about this here but the problem itself wasn't solved. So I'm asking again. Unfortunatly the PermissionChecker Object doesn't exists in .NET (in ASP it does) so I'm stuck n...more >>

We created a .Net Dll whose purpose is to create a file on a mapped network drive and write some data to that file. When this Dll is called from a C# windows application running under Windows XP operating system, the Dll is serving the purpose. The same Dll when called from a windows servic...more >>

hi how to use p12 certificate in .net. I came across library from http://mentalis.org/soft/projects/certificates/ to convert p12 to x509 certificate , but i am getting 403 forbidden error while trying to access the secured website any ideas ? Regards. Guru...more >>

Hajo, is it possible to get hashed password of current user? I know that I can not get password but maybe the hash? Or even better, can I get any information(whatever, string, bytes etc) that is specific for given user and that can not be read by other users ? It is importat that this informa...more >>

I need to append encrypted messages to an application log file. I'm following the approach used in MS "307010 - How To Encrypt and Decrypt a File by Using Visual C# .NET". If I append only one message and then decrypt it works fine. If I append more than one message and then decrypt the entir...more >>

I have a SmartClient (Windows Forms) application that uses a WSE2.0SP1 WebService. The SmartClient exe and dll's are signed with a strong name. The Client maschines have a modified Policy, that grants Full Trust to any assembly signed with the key. Any Sync Calls to the WebService works ...more >>

Folks, I have a simple question about how CompactFramework Runtime handles Code Signing and hacking. My scenario is that i have a signed assembly. A hacker ILDasm it, changes something, and recompile it back to executable. 1. Is it possible to Recompile back into executable (since the origin...more >>

First, please redirect me if it is appropriate to the right newsgroup. I have a service using .NET classes. I am trying to follow suggestions of reducing my attack surface by making the service run as non admin. The problem is that when I start the service it seems to start then stop. When I ...more >>

This is guru , i am using transunion's secured feature using client certificate. we are using the following segments in the following order 1> TU4I 2> EU01 3> CD01 4> SH01 5> NM01 6> PI01 7> AD01 8> RP01 9> OD01 10> ENDS I am getting the following error An unhandled except...more >>

I am trying to dynamically create directories in my ASP.NET application (I am using Server.MapPath("/")+"test" as the folder) and I am getting a DirectoryNotFoundException saying "Could not find a part of the path "D:\". My site is hosted on a public ISP that for obvious security reasons does no...more >>

I keep getting an error in FxCop: Partially trusted types extend only other partially trusted types Nothing I do seem to make the error go away. My assembly AllowsPartialTrustedCallers, but during Design time it's fine to require FullTrust. My original declaration looked like this: public ...more >>

When ran from network Windows says "the application is running in partially trusted context...." and disables some of my app functionality, mostly io operations How to enable all functionality in my app, when ran from network? (I am using VB.NET) TIA ...more >>

I've encrypted the contents of a textbox using RSA encryption with no issues but when I try to decode the message in another application I'm getting a 'bad data' error. Here is the the general proceedure I'm using: VB.net 'This is how I encoded: Dim xmlPublicKey As String = "MyKeyPublic" '...more >>

Hi, I'm launching a winform app from a network share which must be run in fulltrust mode. In case the .NET security settings aren't adjusted on the workstation where the app is launched, I want to display a messagebox to contact the helpdesk in order to adjust the security settings. Code...more >>

Hi, I have an application running on on internal network. The security we think we want to use is NT Authentication and breakdown further by determining if a particular user is in an NT group. We have 7 NT groups allowed to access the app. For each group there are only a handful of users...more >>