I recently installed Windows XP SP2 on a web server(development machine). I now get the following error when running a web application which writes to a file off the root folder: [ArgumentException: Illegal characters in path.] System.Security.Permissions.FileIOPermission.HasIllegalCharact...more >>

Hello all, Here is my problem. I have a windows service (C#) that is supposed to move files from/to the local drive to/from a UNC share (\\domainserver\share). The service is running on a Win3k server not connected to a domain, as a local user. The service impersonates a local user (on domainse...more >>

hello i write a smtp client winform (using socket 25 connect to smtp server),and deploy it to iis by NTD (no-touch deployment),i can launch the form from the client machine,when i want connect to the smtp server,the security exception is thrown,i know that i have not assigned the socket permissi...more >>

Is RSA a good encryption method? Also I'm having a problem pulling the string out of the database and decrypting it. Please Help Code is below: Private Function EncryptPassword(ByVal a_Password As String) As String Dim ByteConverter As New ASCIIEncoding Dim dataToEncrypt...more >>

Is there a function that validates if a URL is valid or not? Basically I'm trying to filter out bogus input, and things like cross site scripting attacks. Example: <img src="javascript:alert(document.cookie)"> Doing it by regex seems way too complicated and there could be holes in the log...more >>

> Therefore my statement stays that parameterized SQL actually provides > better protection against SQL injection than parameterized call to stored > procedure. obvious typo. Should read: Therefore my statement stays that parameterized SQL select (insert/update/delete) actually provides bett...more >>

"Valery Pryamikov" <Valery@nospam.harper.no> wrote in message news:... >> Sorry but you lost me. :( Can you explain the difference in an easier to >> understand manner? I'm a newbie. Thanks. > Lets us compare call of stored procedure and sql select with using > parameters (? or @paramname): ...more >>

How do I grant acess to a folder using VB.NET. I need to add a group and 2 users. I know this can be a long answer so if you can just point me in the right direction or where I should porst this question, that would be great. Any links on how to would be greate. -- Thanks, Dave...more >>

Is RSA a good encryption method? Also I'm having a problem pulling the string out of the database and decrypting it. Please Help Code is below: Private Function EncryptPassword(ByVal a_Password As String) As String Dim ByteConverter As New ASCIIEncoding Dim dataToEncrypt...more >>

Hello all - I'm having a problem concerning Impersonation while connecting to SQL Server. I'm not sure if I'm posting this to the right newsgroups, so let me know if it belongs elsewhere, and please excuse the cross-post. I'm writing a Windows Forms application that makes direct calls to a...more >>

I have an application that stores user input via a text box. The text box lets user enter their hobby, which can then be viewed in their page by others. This hobby is linked by the application so that it searches the database for other users who have the same hobby. The search string is displ...more >>

I've read a few articles on ways to prevent SQL injection. I'd like = your opinion as to which is better. Or, if there's another way I've not = heard of, please suggest it. Thanks! #1. http://www.sitepoint.com/article/sql-injection-attacks-safe/5 Run user input through a function which s...more >>

We are endeavouring to get a .NET product certified as "Designed for Windows XP". As you know, this involves getting a VeriSign ID. While enrolling for this, one question asked for the "Cryptographic Service Provider", giving a drop down containing smart-card providers like Inifineon, and al...more >>

Hi This is a question for all those .Net gurus who have ssen umpteen .Net products come and go so far. The question is fairly simple -- Do the softeware houses really obtain digital signatures from (eg. Verisign) and sign their assemblies before releasing them for production? How important it ...more >>

Hi, I have several web pages in my app and would like to restrict certain users from accessing certain pages. Can you provide me any pointers on how to implement a role based security so that a page is displayed only to a certain role? TIA. ...more >>

Hi, Iam using SignedXML.CheckSignature() method for validating XMLDSIG SignedInfo signature value. It works great until u have a reference which cant be resolved. My requirement is to sign an MIME attachment which cant be directly resolved by SignedInfo class..So Iam trying to manually implem...more >>

Ladies and Gentlemen, EldoS Corporation recognizes the growing importance of security, based on industry standards, and to support security efforts of various organizations we release PKIBlackbox as free library for use in your end-user applications. Why PKIBlackbox? Unlike CryptoAPI, OpenS...more >>

Hi, I am a newbie at .net so I appreciate all of your help. I have a datagrid displaying unc_path's as a hyperlink to shares on servers. The problem that I'm having is that I get "Access denied" but only on serverA. Shares on ServerB are accessible. ServerA is located remotely, ServerB is l...more >>

Last night our production servers were updated with the following patches: 814078 jscript5.6 ..net1.1sp1 gdi+detection tool, 833989-28 IE6, 867801-25 IE6, Office XP -28- 832332, Wordperfect -27- 873379 Since the update, the Windows service I created in VB.NET is no longer able to update ...more >>

While working at a small application, and trying to be a good .net citizen I perform a check to see if the executing code has permission to work with files in a specific directory, like this Dim FilePerm As FileIOPermission = _ New FileIOPermission(FileIOPermissionAccess.AllAcc...more >>

Hi, I am trying to get remote process and servicecontroller objects. While they code works if i have privilages in the remote machine, it does not when i dont have them. Now my question is how do i specify username/password/privilages when i use process and servicecontroller objects. Any co...more >>

Hi, I'd like to have some advice to set our security procedure. I've read several blogs and articles and now know several methods and techniques. What I need is some code details and best practices. I have two scenarios. All this is in Web applications and XML Web Services in C# and .Net...more >>

I posted this message a couple of weeks ago and know one answered. I am not sure if why. I am sure that I am not the only one that has had this issue. Or is it because I used a dirty N word. "Novell" Here is my previous post. I really hope someone can help with this because I don't know wha...more >>

Are the encryption algorithms used by System.Security.Cryptography FIPS 140 compliant and is there any documentation that backs this up?...more >>

Is there a way I can toggle SecurityManager.SecurityEnabled so that I can test some methods that check this value? For example, I have a class that I want to use with NUnit as follows: [Category("Exceptions - code access security is disabled.")] [TestFixture()] public class CodeAccessSe...more >>

Hi everyone, I've used the Win32 API before to access files on restricted directories. This work involved the "LogonUser" and "ImpersonateLoggedOnUser" API functions, among others. I'm into .Net now, and while I could continue using the API functions to access these files, ...more >>

Hi I have just run FxCop against one of my assemblies. It fails which a few errors. The first is the fact the I'm note specifying permission requests in the assembly. Can someone tell me the easiest way of finding out what permissions I should be requesting? Is there some form of permiss...more >>

I want to implement an authentication to my ASP .NET web service. Passing userId and password as parameter to all my web methods seem unreliable to me. Any ideas how to do it? TIA ...more >>

Since installing Whidbey beta 1 on my laptop, existing ASP.NET projects have been inaccessible to VS.NET 2003. I've already re-run aspnet_regiis -i from the 1.1 framework directory, and gone into the IIS manager and selected the 1.1 runtime for each web app, yet VS.NET 2003 refuses to open ...more >>

Hello, I want to know if .Net supports the following features that I require. - Canonicalise (c14n) the XML document - generate a 160-bit binary secure hash from the canonicalise XML using the SHA-1 algorithm - encode the binary data using base-64 to produce a 28 character string. Ple...more >>

I'm a 2 week newbie to VS.NET, .NET, and C# and need help on this time critical project. TIA I'm using WSE 1.0sp1/.NET 1.0 and signing and verifying xml documents not SOAP. So I'm using WSE's SignedXml and getting this exception. My guess ???: machine.config doesn't have the tra...more >>

hi!! i'm looking for a way to=20 Managing User Accounts and Groups at Runtime using C#=20 code... is that possible?? thanks! Jo=E3o Paulo Melo...more >>

Hello! Does anybody have a working example (C# or VB.NET) of using SecurityDescriptor and SecurityAttributes to create a kernel object (event, mutex, MMF) with access rights set to "everybody allowed"? I tried various combinations of code and nothing works. In most combinations I get "Invalid ...more >>

Hello all, I'm implementing a class that extends the .NET 1.1 framework X509Certificate class. The purpose is to end up with a class that has the (inhereted) functionalities of the X509Certificate class plus some more. One of the methods I am implementing is the Verify method. Let's call my ...more >>

I am running an application that connects to a SQL Server database that is running on one computer on the network. the computer that hosts SQL Server is running Windows XP. I use COM+ to enable transactions. It was working fine until I installed service pack 2 on the host computer. When...more >>

Why didn't you simply use "WindowsIdentity.Impersonate()" ?? --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.security/<acd4da3b.0409150806.2598a4d1@posting.google.com> "richlm" <rich_lm@h0tmai1.com> wrote in me...more >>

hi, i am afraid - this won't work. COM+ and .NET Role Based Security are not compatible. COM+ is tied to windows accounts - you are using custom roles COM+ does not expose the IPrincipal through Thread.CurrentPrincipal - it uses the COM+ security context which is exposed through Secu...more >>

Hi, My database holds information about users, groups and roles and I've written a custom principal class (implements IPrincipal) to read this information from tables. When a user signs on to my ASP.NET web app, I first use the forms authentication to authenticate the user, then I...more >>

My application configuration file contain sensitive information, such as the SQL Server name and the database name. How can secure application configuration files ? ...more >>

Hi, you are right - Windows needs the password in plaintext to impersonate a user (having to call LogonUser, which requires a password). Thinking about it - it is the only way Windows can do it. So if you want to use the Windows infrastructure that's already there you have to combine option ...more >>

Hi, can I find somewhere any whitepaper about authentication and best practice about application logon ? We have many application , with IIS, COM+, Databases and so on. Some of them have integrated, some use impersonate . I'd like to find soe example of the best way.. thank you so m...more >>

Hi, Iam trying to sign XML messages using X509 certificate.The problem Iam facing is extracting the private key out of the X509 certificate ..I know that the private key is not stored as part of the .cer files but shouldn't it be part of the .pl2 files .I tried with that format as well but no...more >>

Hello All, I wrote the following code in a button click event in a windows application. CodeAccessPermission perm = new FileDialogPermission(FileDialogPermissionAccess.Open); perm.Deny(); try { OpenFileDialog dlgOpen = new OpenFileDialo...more >>

Hi, We're current using the sql server .net data provider to talk to Sql Server, but required to change to using DSN. Is it posssible to connect to Sql Server using DSN? Thanks, Ben ...more >>

Access to the path is denied when calling StreamWriter from aspx to dynamicaly create asp files. how to enable this in the web.config? ...more >>

Hi, I'm trying to pull pages from news sites like New York Times and WSJ. (I have accounts with them.) I wrote a ultility that goes to their home pages and pulls out the links that I want. But when I try to get those links, authentication fails--I get login pages instead (I don't get those ...more >>

Hi. Is it possible to implement windows internal security for .net remoting tcp channel (by writing custom sink or smth else)? Thanx. ...more >>

1. signed assembly with a StrongName 2. Caspol -m -af MyUpdServ.exe Following Code functioned: File.Copy(@"\\SERVER01\MyApp\MyApp.exe", @"C:\Programme\MyApp\MyApp.exe", true); Following Code not functioned: File.Copy(@"\\SERVER01\MyApp\MyApp.xml", @"C:\Programme\MyApp\MyApp.xml", tr...more >>

Hi! In a program, I want to perform some statements with a different user than the user who performs the program. So I search for Impersonate in the Visual Studio help and read the article with title: "WindowsIdentity.Impersonate Method" Unfortunately, the LogonUser Function only works on W...more >>

I'm running an ASP.NET webapplication on a Windows 2000 Server SP4 machine with .Net Framework 1.0 installed. The ASP.Net application uses impersonation (windows domain account). This is needed for communication between two servers (some ldap stuff). Furthermore the application uses FormsAuthe...more >>