Nicole, The exception is thrown when I click the button that tries to construct the class. The weird thing is that it never even gets to the constructor. From my console output, I can see that the assembly gets loaded: 'Consumer.exe': Loaded 'e:\fun\security\consumer\bin\debug\class1.dll', ...more >>

How do I get the Certificates stored on my computer ?? I want to use RSACryptoServiceProvider, and my certificates are hashed with SHA1 I think that I just use: System.Security.Cryptography and under that uses the RSACryptoServiceProvider, but I can't find out how to get the certificat...more >>

Hello, I would like to know how I can restrict others from accessing the source code of my application. I was looking at Licensing but that is to restrict the number of people from running the application. Is there anyway I can give others, my application software so that they can use it bu...more >>

Hi, I have a problem with the FileIOPermission attribute. Here's my situation: I've written a class in whose AssemblyInfo I've added the line [assembly: FileIOPermission(SecurityAction.RequestRefuse, All = @"c:\myOtherFolder")] I added the same line to the AssemblyInfo of a WinForms ap...more >>

I have looked over the internet and found some code to create an application domain policy, create a permission set based on "LocalIntranet", add additional permissions, union membership conditions with the permission set, and try to execute another application. My code can be found below. Even...more >>

Hi, Im signing a mail with a digital signature, using CAPICOM to get my certificate and sign my data, that works fine. My problem is that when I sign my data for the mail: szSignature = oSignedData.Sign(oSigner, True, CAPICOM_ENCODE_BINARY) the thirt party (TDC, CA in denmark) comes up ...more >>

Hi All, I have an asp.net application that needs to set it's priority to normal, but I get access denied when the below code executes. The reason I have to do this is I use a third party com component and it changes the priority to high, so I want to bang it on the head to make it normal a...more >>

I found this article to be a bit disturbing http://www.developer.com/net/asp/print.php/3318911 Anyone have comments, or know of links out there that provide more information on the problem? Thanks Hari ...more >>

I run an application off a network share. Every time I release a new version of the application, users have to run the Framework wizard and trust the version of the application. I would like to automate this with a command file and re-trust all the assemblies. Is there a security tool that ...more >>

Hello. I have a question: My methods are implementing the <PrincipalPermission> attribute and checking through role in the identity. I have implemented my own Principal and Identity object. The user should logon and the info is loaded from a database. If this library exposes public metho...more >>

Does anyone know how I catch the exception raised when the securityAction.Demand method fails in the declarative role-based security example below. <PrincipalPermission(SecurityAction.Demand, _ Name:="????", _ Role:="????")> _ Private Sub Button5_Click(ByVal sender As System.Objec...more >>

I created new group "SomeGroup" on Domain controler. If I add myself to that group and try following code on my machine .... WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent()); bool is_in_role = wp.IsInRole(Environment.UserDomainName + @"\SomeGroup"); .... is_in_r...more >>

When installing our ASP.Net application at a site (Win2K machines), some of the pages of the application started requiring authentication (poping up the username/password/domain popup) - something that never happened before. Interestingly, even if these popups are closed using Cancel/ESC, the...more >>

I would like to prevent someone sharing a login in my .net app but I know that it would know that would be difficult so it would be acceptable to prevent concurrent logins. So here is my current plan, each time a user logins we will create a unique id (a guid for example) and store it both in t...more >>

Hi We have two virtual directories in which our .NET controls reside. We host these controls in IE. These controls need full trust permission set. We tried to create a codegroup that has a URL condition http://localhost/* and gave full trust permission and tested by opening IE on the same m...more >>

I have an application that stores data in the "All Users\Application Data" folder. Unfortunately it often sets the security of the created folder such that normal users can't write to the folder. I thought All Users was by definition accessible to all users. I can see that normal users ha...more >>

Is there a way to validate the digital signature of a file (the one show in it's properties window of windows explorer) using code (preferable vb code)? dimitris ...more >>

Hi ! I'm trying to access a registry key on a remote computer. Here is my code : [RegistryPermissionAttribute(SecurityAction.RequestMinimum, Read = @"HKEY_LOCAL_MACHINE\SOFTWARE\MyKey")] public static string ReadRegistryKey(string PsMachineName) { try { RegistryKey LoK...more >>

Hi I'm about to develop an application that sends/receives e-mails encrypted and signed using x509v3 certificates. The asymmetric encryption algorithm will be RSA. I don't want to buy any third-party tools, but using unmanaged COM-objects is OK. Do you have good links on this? What classes...more >>

Is it possible to retain local file system read, write, delete access while impersonating for access to a remote drive in a different domain? I need to be able to move files from a local computer to a remote computer. do i have to copy them from the local computer to the remote computer then del...more >>

I randomly get a "Policy Level Enterprise cannot be saved." error. Does anyone know if this can be caused by including a X509 certificate to a deployment project? Our app uses .net remoting and we push a shim app to the user. This little app does create a machine level policy to accept our st...more >>

Hi! You can read in http://support.microsoft.com/default.aspx?kbid=307220 following: "The .NET runtime does not, however, support automatic proxy discovery scripts." I am working with a customer that IS using a complex "automatic configuration script" (see Internet Options/Connections/LAN ...more >>

I recently installed VS 2005, on .net Framework v2.0.40607. Tried to connect to local sql server in a mixed mode via client written in C#. I am logged in as a administrator on my box ( WinXP pro) below is the connection string object I see in my debug mode. {System.Data.SqlClient.SqlConnecti...more >>

Hi. How can I create an instance of WindowsIdentity class knowing user samaccountname and domain password? Thanx. ...more >>

Hi all! With a signed Java applet you can use URLConnection to connect to a remote webserver and all user needs to do is to accept a certificate. Is this possible with a UserControl made in .NET? I know how to code it using the WebRequest object, but there is always a security error. Can ...more >>

I know this has been asked before, I have read the answers given and I am unable to get this work ( I don't know that much about AD configuration) I have an asp.net web service that is designed to authenticate and maintain accounts in active directory. It all works fine when the web service is ...more >>

If i log into my computer as domain A and user X and password Y but then I need to give C# application access to domain B as user F and password G. Is this possible? or do i have to log into the computer as domain B, user F and password G in order for the application to have permissions to domain...more >>

I have wrriten a reverse proxy for a client of mine, this reverse proxy takes the url takes it attempt to access a *.XXXX and returns the the contents of an aspx web page from another internal server, the user then clicks on a button on the page that then posts data to the reverse proxy and it r...more >>

Hello: I have a vb.net app (framework 1.1) which submit data to an https application. I have set-up the ASP application to require a client certificate: I get an obvious error (403) Forbidden. I have a digital certificate on the client ... how do I send it to the web server ? Thanks Terry _...more >>

Hi Everyone, I encountered this problem after generating private and public keys for my project. This Error pops up while building my solution : - ) "Unable to emit assembly: Referenced assembly 'clsDataNHS.DataObjects' does not have a strong name" May I know y this is happening ?? ! ...more >>

I am trying to understand how the LogonUser API works. I would like to utilize the credentials of the currently logged on user as the basis for authenticating access to a client-server application. Currently, the application only forwards the user name of the currently logged on user. Sinc...more >>

I 'think' my problem is the result of my attempts to use an EventLogTraceListener as I am getting an Security Exception as follows in this scenario... XP SP1a IIS 5.1 (new install with all updates applied) ASP.NET Machine Account: Read & Execute, List, Read (added) After submitting the erro...more >>

Hi guys, I am intending to install VB.NET Program in Window server 2003.. and accessing the .EXE File from client computer to server. After successful installation, when i try to access the program from Client PC, Error Box pops up.. "An Exception 'System.Security.SecurityException has ...more >>

Hi all, I am trying to write a secure application and some of you have been very helpful on that subject. the only question remaining open after implementing certain methodologies is this: from a hacker point of view, is it possible to impersonate to SYSTEM or ASPNET windows identities o...more >>

Hi, I am developing on a shared host system, therefore I don't have any access to system configuration files. I have a third party component (compiled DLL) that always give me an error when I run it "live". It requires the code to be trusted. I know that I should add a trusted key to the Asse...more >>

This is the problem: I do not get the output I need when encoding and decoding data using rijndael alghoritm. Look at the code and see what the problem is actually: Please paste this code into your Visual Studio and compile it + run it; so you can see what the actual problem is. Thanks. ...more >>

Hi all, I know that asymmetric encryption does not support encrypting values larger than the modulus minus the space required for padding. (with 1024 bit RSA that leaves (1024 bits \ 8) - 11 = 117 bytes. However, if I need to encrypt MORE data than that (in my case a remoting response st...more >>

Anyone have some code for getting the SID for "Everyone" in byte[] format? I've been trying to PInvoke CreateWellKnownSid() without much success. Thanks, -e ...more >>

Hi all, Lets say I have a "secret" I wish to "hide", lets say a database password. For the more detailed problem, a web application/service that uses a connection string. all the solutions I came up with (embedding in code, encrypting-decrypting) involve embedding the/another secret in the ...more >>

Hi, I want to encrypt binary data on a w2003 server. Encryption of short byte[] (length<118) works fine. Encryption of a byte[] with 118 results in CryptographicException: Ungültige Länge (invalid length) What can I do to encrypt byte arrays with more than 117 bytes? Klaus ...more >>

Hi everyone, i wanted to know if inserting padding data into a string before encrypting it, so that after it is decrypted this paded data can be checked to validate that it was decrypted correctly, is good practice? Does it make some one cracking the password easier? i want to know, b...more >>

I have a win form appplication that require user to reenter their Windows' user name/password/Domain, if all entered info match to the current logged on user credential, it allow user to continue. I konw how to get current user's name, but how do I get current user's password and domain? Th...more >>

Hello, The following code shows how I access come of the other things I want from a certificate store but I can't find the "friendly name" anywhere - can anyone tell me where to look? (I mean the friendly name as shown in a column of the Certificates management plug-in) using Microsoft...more >>

Hi, If one serializes the SecurityElement using: http://blogs.msdn.com/shawnfa/archive/2004/02/24/79598.aspx or in any other way, most of the elements will have version, such as: <SecurityClass Name="UIPermission" Description="System.Security.Permissions.UIPermission, mscorlib, Version=1.0...more >>

Hello all, I apologise in advance for the long windedness of this post, but I feel that if I am going to get any solution to this problem, it is important that I present as much information that will be useful in diagnosing the problem. I have an application which calls a method of a web s...more >>

Anyone have an idea how to sign a manifest.xml file with an X.509 certificate without having to use that buggy XMLSign utility? ...more >>

i have a point of sale program where i impersonate different users on the local machine using setthreadprincipal to easily manage business level database access. for example the manager needs to be able to access different things like closeouts than the busboy can. the problem is that i want ...more >>

I'm using .net on an XP webserver, and trying to have my application write to the event log when I get an application error. Here is the error message I'm getting: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant thi...more >>

Hi. I have a simple request: can someone please explain to me, the reasoning behind strong naming an assembly also implies a FullTrust LinkDemand? The .NET Framework assemblies (mscorlib.dll, System.*) all have the APTC Attribute making them useful in scenarios where assemblies have limited ...more >>