Windows Service System Account Permissions My windows service runs under the system account but the system account can't see a domain on the LAN. Is there some sort of permissions that have to be set for the system account to see the domain on the lan? my user account when i log onto my own ma...more >>

Hi, I would like to store my connection string encrypted in a xml file, but I have some problems figuring out the encryption. I have tried some different examples but there is always a key involved which have to be stored as plain text in my code. That does not seem very secure to me? Do...more >>

A web application of mine developed using C# + MS SQL runs fine normally. However when I stress test it with a load testing software (using about 60 simultaneous users) some instances start erroring out. I see two different errors. One is a "Object reference not set to an instance of an object....more >>

I want to use remoting to talk between two applications on the same PC but am concerned about security. What are the security implications of using Remoting locally on a computer? I keep hearing about how it is insecure but is it really any more insecure that any sockets for interprocess com...more >>

Hi all, I was wondering if it was possible to programmatically create a self-signed X.509 Certificate using the .NET framework? After playing around with certificates for a bit, I ended up installing the Web Service Enhancements 2 which provides support for access the certificate store. But...more >>

I'm trying to use a password protected Access database with VB.NET. I've looked in the knowledgebase articles and none of them work for me. I keep getting the "Cannot start your application. The workgroup information file is missing or opened exclusively by another user." error. I'm using a...more >>

Hey Group, Today we gonna discuss Soapsuds tool. Soapsuds is shipped with .Net FrameWork and is used by .Net remoting Client Applications to generate xml schema,proxy class or assembly for their HTTP Remoting Server. Client App can use this proxy class or the assembly as a reference to the...more >>

Hello folks, i get a wrong Username for some accounts by using "System.Environment.UserName". This behaivor depends on renaming the UserName after creating the account. For example: Creating the Account "Name1" i get the correct name. Change the Username to "Name2" i always get the UserName "...more >>

I read one article at CodeProject (www.CodeProject.com) where the author was telling how even Strong Named assemblies can be tampered with, by using the IL code (generated from ILDASM). So, is Strong Naming really tamper-proof? -- Warm Regards, N.T.GOPALAKRISHNAN ...more >>

I've been thinking of implementing the following and seek comments pro and con. When registering, the user provides an e-mail address and creates a password phrase question such as "What is your father's middle name?" The user also provides the answer to the phrase he or she has created. Fu...more >>

When I set validateRequest="true", and a user tries to submit html into the form, the server returns with a huge error page detailing what wasn't allowed. Is there a way to customize just this error page to something more friendly? I want to use different error pages for other things, but for ...more >>

I have a multi-user web application that allows users to log in and use the features. As admin I need to have full access to these accounts and all data contained. It's not enough that I'm able to browse and delete accounts. My question is, to do this, for every feature on the system, would...more >>

1) Being a VB.NET guy from the beginning I do no want to learn ancient C++ and Win32 API. Did anyone rewrite Mr. Howard's code examples (both in the book as well as in MSDN) in VB.NET? my feeling is that the new generation of .NET programmers simply doesn't care about security coding becaus...more >>

The way that RSACryptoServiceProvider works is that we encrypt with a public key and decrypt with a private key. This architecture works great for people sending messages to me. However, I now have the opposite application: I want to put a license file on a destination computer and be sure ...more >>

Hi there: I am trying to export (use) a private key from the certificate store to sign a hash. But I am getting the error: Export of private parameters is not supported I have this: Dim store = Microsoft.Web.Services2.Security.X509.X509CertificateStore.LocalMachineStore(Microsoft...more >>

What is the best way to use CAPICOM or other mechanism through ASP.NET to access the list of certificates from the browser client machine? Normally the code-behind will access the certificates on the server but that is not what is needed here. In ASP.NET how should one "seamlessly" allow a user ...more >>

Hello, I am adding a strong name to my assemblies in order to work with Enterprise Services' Transactions. When I add the strong name (with sn.exe -k), my compile time for a Rebuild goes from 15 seconds to 3 minutes. This is for 1 solution with 11 projects. Does anyone know if this is nor...more >>

I am decrypting using RSACyptoServiceProvider with a 1024 bit key and OAEP padding set to false. I load the RSA key in from an XML string (originally from a machine key store container) that is pass to this method. It works fine on WinXP, but fails on Win98, with a CryptographicException con...more >>

Hi, I have a window based application developed using C#. In this application i am using the file operation to check whether the file is available and whether it in expected size. While doing this file operation i am getting the following error message. Please some one help me to find th...more >>

I am porting a Java application to .NET and came across a problem working with .NET’s MD5CryptoServiceProvider producing a different result from Java’s MessageDigest. I was hoping someone could help me as this as the only thread I could find that tackled the subject directly: http://grou...more >>

Why I always get 'Requested registry access is not allowed' when i try to Read/Write to Windows Registry from ASP service. I use ASP NET account? Also granted full permissions to required Registry keys. What is the problem? TIA ...more >>

A common business problem using role based security is that users may have different security within different contexts. For example, a user may have "Administrator" role in his department, but not another department. A VP may have "Administrator" over both. I'd been thinking about implement...more >>

Hey, I'm trying to work out a minimum permission set that my app (several separate assemblies) needs. I'd like to be a good .net citizen by not requesting more permissions than I need, so I'm using the approach I found on the web an in this group to start with [assembly:PermissionSet(Sec...more >>

I just had an application ported/rewritten from VFP to .net and in order to give users access to it in a Terminal Services deployment (in a one server setting) , ALL USERS MUST BE ADDED TO THE ADMINISTRATORS GROUP!!!!! My developer told me this is necessary, and is not a big deal. HUH???!!! ...more >>

Hello! I'm trying to write aplication, that will check signature and certificate in file, but i don't know how do this.... Can someone give me example or tutorial for it? I cannot find anything.... :/ ...more >>

I am getting this error at random in my ASP.NET app (i.e. at different times on different pages): You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. HTTP 401.2 - Unauthorized: Logon failed due to server conf...more >>

Using C# or VB.Net, using the DirectoryService namespace, I am able to retrieve the groups a user belongs in, except for the primary group. The primary group is an ID. Tried searching the knowledge base, but all documents are for VB 6. Are there any examples on retrieving the primary group'...more >>

I always thought that the main point of CFB mode was that it allowed you to use a block cipher like a stream cipher. eg if you set the feedback size to 8 bits, you can put a byte in and get a byte out. etc The .NET framework implementation offers CFB mode for DES, and it even lets you set t...more >>

Hi ! I have Visual Basic .Net application which dynamically loads assemblies from directory. I use: Assembly.LoadFrom() -method to do this. As method to see if the .dll is mine I check its namespace. I get types from target assembly and then check if namespace equals with certain string...more >>

Hello sirs, I am trying to understand how strong names work. Suppose I have lib.dll (a .net library), and also MyApplication.exe (a .NET WinApp) . MyApplication uses lib.dll . Suppose someone decompiles lib.dll and replaces code parts, and then recompiles again. When MyApplication.exe will ...more >>

Hi there, I need to check the permissions of the current NT-User to a Webfolder (subweb). How? I know there was a discussion about this here but the problem itself wasn't solved. So I'm asking again. Unfortunatly the PermissionChecker Object doesn't exists in .NET (in ASP it does) so I'm stuck n...more >>

hi, there: I was developing a new page for a web part project. My page keeps on getting security exception whereas other pages in the same project don't. I set the security level to be WSS_MediumTrust level. I wasn't using any database connection, but I was using a third party DLL( which is...more >>

hi all i have a webservice that is called by a client, this works fine on the local machine but when i try and access this from other machines the client on the machine comes up with the system.net.webexception i have added a trust relationship to the client thru the .net wizard i also tried t...more >>

is it possible to know what kind of encryption the connection is on a webpage through the certificate??? all i see is a RSA 1024 bit key??? Is that 128bit ssl encryption?? ...more >>

All, I am attempting to sign an assembly using our company's X.509 certificate. The only signing attribute options are AssemblyKeyFile and AssemblyKeyName. As I have had no luck figuring out how to create the .snk file from .pfx, cer & pvk, etc. I assume my only real option is to use Assembl...more >>

When using attributes to declare security, e.g. [PricipalPermissionAttribute(SecurityAction.Demand, Role="User")] private void DoSomething() { ... } can I obtain a reference to the object on which the method is invoked? Regards, Jacek ...more >>

Hello all, I'm writing a SETI@Home-like application that runs work items received from other machines that need processing power. It loads assemblies with very restricted privileges (usually it only allows them to execute) since their origin is not known. I run these work items in a low pri...more >>

Hi guys! I asked myself if it is possible at all to create a program that would be licensed safe at all in .Net . I mean, thanks to utilities like Lutz Roeder's ..Net Reflector and ILDasm each .net program is practically open source and everybody can read "native" code, decompile it and chang...more >>

I am decrypting using RSACyptoServiceProvider with a 128 byte key and OAEP padding set to false. I load the RSA key in from an XML string (originally from a machine key store container). It works fine in WinXP, but fails in Win98, with a CryptographicException containing the unhelpful message...more >>

Hello, I'm Francesco and I write from Italy. we are creating a new web site in ASP.NET. In our network infrastructure we have a win 2003 domain. This web site will have a secure zone with two kinds of login groups, User and Admin, I was thinking to use active directory for the authentication,...more >>

Hey all, I wrote some impersonation code that works fine (i.e. I'm able to get the name of the user being impersonated and it works as expected) - but I'm trying to use a PrincipalPermission object to make a demand and it doesn't seem to be working as expected. Basically I'm impersonating t...more >>

------ Setup ------ - IIS runs with a domain user account 'domain\iisuser' - SQL Server has 'domain\iisuser' login setup to act as a data reader/writer Requirement is to use 'domain\iisuser' to authenticate in SQL Server ------------------- More info on setup ------------------- - asp...more >>

Hi All, I am new to this so bear with me. I have a network drive mapped on my computer where I want to place all my Visual Studio class libraries and programs etc. When I begin by starting a new class library project and specifying that I want to store it on the network drive I get the me...more >>

Is it possible to write a server app that can take an SSPI context and authenticate the client against a custom username/password scheme? I have got the Microsoft sample SSPI classes working to impersonate a client that supplies their Windows logon details, but I would like to extend my app ...more >>

First, I'm having this problem with SharePoint Portal Server 2003... but I think this is more of a CAS issue than it is a SharePoint issue, hence why I've modified my original post for this group (orig: http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.sharepoint.portalserv...more >>

I have a personal signature from a national authority which I can use to sign e-mail etc. As a software consultant I run my own web+exchange 2003 server (actually SBS2003) and often want to use e.g. OWA, remote desktop and maybe even VPN from remote sites. I would like to implement more ...more >>

I have a service that runs as "NetworkService". I get an exception when I try to delete performance counter. Is there a way to assign this priviledge to the NetworkService account? Exception: System.ComponentModel.Win32Exception Message: Access is denied Source: System at System.Diagnosti...more >>

I am trying to use the .Net Configuration 1.1 snap-in to create an Enterprise Code Access Security Policy Deployment Package. This seems to be successful in that the appropriate msi is created. I then attempt to deploy it to a computer by assigning the msi via the software installation group pol...more >>

Is there a way to convert a login id from the form username@domain.com to the form domain\username? Thanks. ...more >>

First I'd like to thank you for taking the time to read my message. Using the FSO Application intention is to copy a directory and subfolders from one web server to another for replication. The user has permissions to both servers, (on source server I have read and destination folder has writ...more >>