Hi all, I'm trying to set up a SANDBOX-directory to test security issues. Therefor I created a Permission Set with low (or even no) permissions, so that a test application in that Code Group must throw an exception. I created a Code Group (Code Groups\All_Code\.NET Sandbox) with an URL me...more >>

I've got a console app that uses a filesystemwatcher to monitor a directory for new log files. It then parses the data in the file into a dataset upon creation, then connects and sends the dataset to a webservice. The connection to the web service is HTTPS and it reads NTLM credentials into a Cred...more >>

How Can i limit number of sessions in ASP.NET.........more >>

How can I get my web site restricted to a single user? I have my web.config set up as follows: <authorization> <allow users="Fred" /> <deny users="*" /> </authorization> When I do this, nobody has access (not even Fred). If I try: <authorization> <allow users="Fred" /> <de...more >>

Hi, =20 Im trying to programmatically authenticate a user against NT under = windows 2000. I use the LogonUser API[advapi32.dll]. Realizing that the call = needs TCB privilege=20 I had set the 'Act as part of the operating system' and added the below = code also ManagementObject mo =3D...more >>

Hello. I'm about writing an application which would extensively use reflections and dynamic assemblies loading. The application will operate in a rather wild environment, so I need some method which would let me verify that an assembly that I'm about to load is not altered or forged and vice...more >>

I'm trying to build an exportable secure system and am having a hard time finding the definitive answer on export laws. Can't find it on msdn and everything I come accross on the net is from '96-'97 I want to use an asymmetric RSA public/private handshake to establish a weaker 40-bit key for ...more >>

I have a locally installed (Full trust) assembly that is using reflection to invoke methods on a type that is in a partially trusted assembly and I get a security exception (Trace at the end of the post). The method that is making the call has Unrestricted reflection permission asserted. ...more >>

Hi, I am trying to bind to an Active Directory server using the following = snippet, but I always get a user unknown or bad password error message.=20 DirectoryEntry de =3D new = DirectoryEntry(LDAP://srv-dell.waysoft.local); de.AuthenticationType =3D AuthenticationTypes.ServerBind;...more >>

Hi All: I have been attempting to put a strong name into my Assembly. I generated it and put it into the bin of my file and then I tried to put in <AssemblyKeyFile("mykey.snk")> and when I did I get the error: unable to emit assembly: Referenced assembly 'Interop.VBIDE' does not have a strong...more >>

Are there any .NET/CAPICOM/CryptoAPI call to write a private key to a pfx file? Private key is retrieved from CA archives and the public part of the certificate is also available. I didn't see any object that could put these together and export it to a pfx file. Thanks. ...more >>

I want to encrypt something and use the result as a registration key in my program, so it needs to be readable,but all of the encryption methods I have tried return unreadable strings. I need an encryption method that limits the result to chars that can be easily typed in via a standard keyboard...more >>

Hi, I'm trying to make a web page that gathers data from different web servers using JavaScript and ActiveX. I have tried to make an ActiveX in c# .NET, but I get an error message when I try to connect to the remote server with my ActiveX control. "Request for the permission of type Syst...more >>

I try to get the validity date of a certificate with GetEffectiveDateString. It doesn't return the same dates as the certificate viewer included in Windows but it returns a right date but with a wrong time. My pc is located in Italy with +1 GMT and daylight saving time. The certficate viewer i...more >>

Hi there, we are trying to use a web form to authenticate users against Active Directory on .NET 1.1 running under Windows 2003. The authentication using LogonUser works just fine, and we can assert things like if ( Context.User.Identity.IsAuthenticated ) { do stuff } on another page ...more >>

Hello All, I have a link, which if I click redirects me to streaming server. The link is to a media file which opens up when I click on the link. I am asked for a username and password before the video is played. Now, can I automate this basic authentication in code? Like when someone cl...more >>

Hi All: I developed my Windows application (Win app NOT Web App) on Win 2000 professional and it works fine on the client computer. Then I attempted to test the application in the NETWORK environment by putting the application out on a network drive when I tried to run it on the client that...more >>

I have written a windows service, but when I use = System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the = current logon user, it returned NT AUTHOURITY\SYSTEM. How can I get the = name of current logon user, for example DOMAIN\user? Thanks for any solutions....more >>

In an machine with both .net 1.0 and .net 1.1 installed, how to make sure that all the users in this machine make use of .net 1.1 security profile?...more >>

I receive the error message "Access tot the path <\\server\\share\folder> denied" when I trie to access files on another folder. My application is configured to use impersonation and Windows Authentication : <identity impersonate="true"/> <authentication mode="Windows" /> This happens even...more >>

Under IIS 6.0, ASP.NET Web applications run inside the ASP.NET Worker Process (aspnet_wp.exe). When the ASP.NET Worker Process starts a Web application, the Web application inherits the identity of this worker process (Network Service by default), or if impersonation is enabled, the Web applicat...more >>

Short correction, I should be azroles.dll instead of AzMan.dll Sorry! "Henrik Skak Pedersen" <hsp@circlecapital.com> wrote in message news:... > Hi, > > I am developing a windows application and I need some kind of role based > security. I have been looking a little at Authorization Manager ...more >>

Hi everyone, I'm sorry if this has been discussed before, as the news server only has posts from the past few days, but I am looking for some recommendations on products which discourage reverse engineering of .NET code. Please be aware that we make heavy use of COM interop. The products I ...more >>

I wrote a C# application that uses ODBC connection to MS-Sql server. The executable is located on one computer on the local network and Im accessing it from a nother pc. I succeed to open it but when im making a databse operation Im getting the following message: "The application attempted tp perfo...more >>

I am stuck trying to implement method level authorization within an = assembly. I wanted to use Declarative Security but I think this is an = inappropriate use of this technique. I want the role below to be = obtained dynamically at runtime as derived from a SQL Server table where = the user ...more >>

I have written a windows service that needs to perform certain functions only if a User is logged in. The problem I am running into is that I get an error if the computer is in the process of being shut down or restarted. At all other times, the service runs just fine. I need to either detect a...more >>

You're assuming that users want to buy both products which is often not the case. Denis Bauer's decompiler add-in comes at $0 and suddenly high-end obfuscators are not much different in price: http://www.denisbauer.com/NETTools/FileDisassembler.aspx Jonathan Pierce wrote: > The products ...more >>

Hi. all!!!!!!!! With Passport Authentication AFTER SESSION TIME OUT How can i redirect the user to the Passport login page. And after getting the credential. I need to again redirect to the same page.. I used the below code in vb.net identity.LoginUser(redirectURL, 60, 1, Nothing, -...more >>

how do i prevent users from accessing code once the project is compiled into .exe etc? (ex. how to stop CLR debugger from showing code during runtime error?) ...more >>

Which is the command line tool that can accomplish this: 1) Run ".NET Configuration 1.1" from Administrative Tools 2) Runtime Security Policy > Increase Assembly Trust 3) Make changes to this Computer 4) App path: \\SERVER\Path\MyApp.exe 5) set "Full Trust" for MyApp.exe ...more >>

I have a C# application that needs to use an assembly that has a strong name. I also need to use a number of older "C" dll's that are not signed. How do I do this without having to "strong name" all of the "C" dlls? ...more >>

I am trying to parse the PKCS#7 package returned by ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using runtime callable wrappers. I tried using CAPICOM's SignedDataClass but I couldn't get it working. When I try to access the certificates, I get "Message has not been signed" error. ...more >>

Hello, I have an application which calls a web service across the Internet from a client machine. The site that I have deployed the application to is such that to browse the Internet using a web browser, a person needs to do the following: (a) ensure that a proxy server address is specif...more >>

Hi, is it possible to add a permission group to an existing file in user's computer? For example when user click a button, I'll like to add "Internet Guest Account" permission group to a folder/file. Thanks Shelby ...more >>

Hello All, I have recently developed a small application with VB.net. What I wish to do is to add an uninstaller to the application that the user can use to uninstall my application instead of having to use the windows control panel. Can someone please show me how to do this iin VB.net? Tha...more >>

Hi All, I have an ASP.Net application that access an Oracle database using ODP.Net. The application can also use a SQL Server database and works without issue. When pointing at an Oracle Database (8i sever and 9i client) I recieve the following error: System.Security.SecurityException:...more >>

It seems there is no method to test if the current code has "FullTrust" permission? Thanks! ...more >>

I am trying to query couple of things using in LDAP. When user comes to web application, I want to grab the user's id by Context.Current.User.Identity.Name and then I want to query to LDAP Server to grab the firstname and last name of the current user and the groups user is member of. How ca...more >>

Hello all! I am currently developing a project where we want to encrypt passwords with public key encryption. The login procedure is supposed to be: - Encrypt the supplied password with the public key. - Compare it to the stored value. Using the .NET RSA provider though does not seem possibl...more >>

I have a web application written in .Net that uses forms authentication. It consists of two separate apps running on the same server. The first app is a menu system that accepts the login of a user and checks the credentials against active directory, if authenticated the user is presented with a but...more >>

I am coming across a problem using the HttpClientCertificate class. When i try to get the issuer the order is reversed e.g. cn=test001, ou=us, o=DoD becames o=DoD, ou=us, cn=test001. any ideas Davinder...more >>

By using all the security APIs and encryption algorithms we are able to encrypt the data. What about the following scenario? After we encrypt the data we release the BYTE[] or memory stream or something else without doing anytihng to the memory conatined by them. What if some other process ge...more >>

I am using Role based security in my application. Is it necessary to use Code access security also? I am able to restrict the un-authorized users by using role based security. Are there any security issues, if I do not restrict the permissions that are given by .Net security framework to my asse...more >>

I've a fairly simple pb: In an ASP.NET app, I ask for the user identity using: (WindowsPrincipal)(Page.User)).Identity.Name; I'm using Windows integrated authentication + impersonation. The value returned is "DOMAIN\MYLOGON" I'm trying to look for more info in the LDAP about this user, but ...more >>

Hello, I want to know if there are tools out there that will tell me what the minimum permission set that I require to run my application. I've looked at PermView but this does not do this. It just shows the specified permission sets. I basically want the tool to scan my assembly and it's...more >>