The "secure" cookie option dictates that the value of the cookie should only be sent over (unspecified) secure means. In practice this has come to mean over SSL. This is critical in keeping session cookies safe from prying eyes. If the user-agent does not send a sensitive session cookie ove...more >>

I'm using .NET 2.0 to develop my product. I've built a build system using MSBuild that is building my C# assemblies. I've created a strong name key pair, and I've extracted the public key into a separate file. The MSBuild build process is using the standard Microsoft.CSharp.targets file to b...more >>

Seems like all of the authentication-related questions I see on the net don't seem to fully answer my question or dive off into alternate tangents. So, here's my situation. If I'm developing a broad distributed environment, where authentication is a necessary facet of the environment. Using ...more >>

Hi, I managed to get the login control working with users and roles by using the website configuration tool. My questions is: this seems to be creating a database in my SQL server....but how do I get it to add whatever it needs to my existing database? I want to maintain one database t...more >>

I am new to this concept after having written my own authentication code in the past. I'm now trying to get my brain around forms authentication in .net 2.0. So far I'm finding it extreemly restrictive and difficult to implement. I've gone through a VWD2005 walkthrough of creating a super s...more >>

I want to restrict access to my web service to only approved client applications. This has to be done from inside the web service, so Windows Authentication is not an option. I would like to allow the possibility of non windows clients, so I am not sure if any of WS Security is an option. I...more >>

Sorry if this is a bit of crosspost. I'm using VS2005 and VB.net. I have a DC W2K that has a user group I created, MyUsers, I put existing User Bob in that group. I need in my VB app to determine if the currently logged on user is a member of that group. I tried using my.user.isinrole("My...more >>

I want to get the details of SSL/TLS security and the certificate details which are implemented on a perticular domain, just by passing domain name (like hotmail.com) with asp .Net code. is it possible? if it is, how? Thanks!...more >>

Hello, I need to write a .NET component that will decrypt the data using the 3DES algorithm. The funny thing is that the original encrypted data is encrypted using the CAPICOM dll w/ 3DES. I know the .NET 3DES service provider class needs a 128 bit key for both encryption and decryption. Bu...more >>

I'm using windows Authentication on an intranet to identify users to the application. I'm having the following problems: 1. When someone accesses the web site, a logon dialog box shows up. I thought if the user is already logged on, this shouldn't happen. But once I'm logged onto the site...more >>

I am trying to understand how I can programmatically determine whether I am allowed to create files in a given directory. DirectoryInfo.GetAccessControl() returns a DirectorySecurity object: DirectoryInfo di = new DirectoryInfo(@"c:\MyDir"); DirectorySecurity ds = di.GetAccessControl(); ...more >>

We need to do an integrity test at startup for our application (take .exe and compute signature and check against the know signature). Does anyone have info/sample on doing this? I assume we have to have a public key and somehow append that on the end of the application too? Thank you! ...more >>

I folks, anyone know how is possible to read a certificate stored in a smart card with framework 2.0 ? Thanks for any help an idea Lorenzo Soncini Technoservice - Italy ...more >>

I use the RSA to encrypt file,i get the X.509 certificate public key ,and encrypt the file success.Now i decrypt the file,i need use the x.509 certificate private key to decrypt the file,but i cant get the private key.So how can i do this,thanks ...more >>

I'm using MQ to interop with a Java app, and I want to pass the authenticated user's KERBEROS ticket in the message headers to allow for single sign-on. How do I extract the user's KERBEROS ticket in .Net? Thanks!...more >>

Ok, Anyone got any reference implementations of how one might store cc's securely? I was looking at AES encryption of the everything but the last 4 digits, and then storing private key via DPAPI. I am looking for any sort of information I can get. C# examples or source or anything wou...more >>

Hi all, How to secure the DB username and password that are kept in the settings part of the Web.config? Thanks for help! A ...more >>

The defaultCredentialsCache seems to be populated when launching an application. My problem is: when impersonating (WindowsIdentity(upnname).Impersonate()), my credentialscache is not re-populated with the new logon? Please, any insight into this mistory of networkcredentials would be grea...more >>

Hi all, does anyone know where I can find an example on how to use the following classes to encrypt/decrypt some text: AES AES128 AES128EncryptionFormatter AES128KeyExchangeFormatter ...more >>

Hi The Permission Viewer (Permview.exe) in 1.1 seems to be removed in 2.0? The PermCalc.exe (introduced in .NET 2.0) is not the same functionality. Or is it moved somewhere else but \SDK\Bin\* /Claus ...more >>

I have installed .Net 2.0 on a Win2K PC. I keep getting security exceptions. I realize that I need to adjust the security policy. But every place I look says to use the "Microsoft .Net Framework Configuration Tool" which is located in the Administrative Tools. But in fact there is no "Micros...more >>

My concern on about decompilers. I am newly educated about obfuscation but I am curious how common place .Net decompilers are. Given that one product I looked as was both I would assume fairly common. Just trying to secure my dll files without spending a ton of money. Thanks...more >>

Hi, in the online help I found code to encrypt/decrypt XML files. It uses the namespace Imports System.Security.Cryptography.Xml This namespace does not exist, if I paste it into my IDE (2005, 2.0 Framework, all updates...) Any idea where I could find it? Thanks a lot, Kurt ...more >>

I need to access the scheduler service on a network computer in order to = manipulate it remotely from .NET; I have all of the necessary code to = perform the manipulation and it works - great - but I am having problems = with authentication. I have tried using LogonUser and this works fine wi...more >>

I have a simple window form application. It runs fine when the executable is saved on a the harddisk. I uploaded the executable on my website and then used internet explorer to download it; at the prompt I chose "run" instead of "save" and the executable threw System.Security.Securityexception...more >>

I have a domain in a hosted environment and access to the root directory is read-only. To retrieve connection strings I use the following: WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString Which works fine. To try and retrieve the SMTP settings, I've tried t...more >>

Ok I'm trying to host a small windows forms control in an asp.net page. The control grabs an image from the clipboard with the click of a button displays it on the page and then allows the user to upload it via a websevice. This works fine on my pc and I have never adjusted any settings. I...more >>

Hi, I can't believe this, now I have to write the whole RSA library by myself, just because someone at Mircosoft thinks, it is unsecure, to do my own padding. Why? Take a look at HBCI, the german standard für banking transactions. The RDH specification requires a padding of the session k...more >>

HI all, I have a windows forms application which i am using .Net's role based security in. I tagged all the form classes with [PrincipalPermission( SecurityAction.Demand, Authenticated = true, Role = @"MyRole" )] class myForm : Form { // code here } The code correctly pr...more >>

Hi all, I am trying to set a registry key value on a remote machine. I can open the key and read the current value without problems. I can also use Regedit (on my local box) to update the remote key value without problems. However, when I issue the following statement, I get an Unautho...more >>

Hi I start my application from my client by pointing out the path to the application on a server. To get pemission to run it do I set FullTrust for Local Intranet on the client. (I know that I should only do this for the actual assembly, but that will be fixed in later version.) I repeat this p...more >>

I am trying to creat a form base authenication and when i run the default.aspx i get this error: "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an applic...more >>

Hi, Does any one know where i can find documentation on which cyphersuites are supported by SSLStream (.NET 2.0)? I'd like to know if TLS_RSA_WITH_NULL_SHA is supported. Thanks, Yvan ...more >>

Hello, I have an asp.net applicaition which opens an uploaded word document, then parses the document to extract some values. The upload process works but the code is dying on the following line: private Word.Application wordApp = new Word.Application(); I am using digest authenticatio...more >>

Hi all, I have a no-touch deployed c# application that has full trust on the client PC. When this client application is launched, the application posts an HttpWebRequest to the web server that hosted the application. The web server redirects the URL (as expected), however the client get...more >>

I am using the CreateUserWizard control in my asp.net2.0 app. For my needs the enforced password strenght is to strong; I want to allow users to be able to create passwords with only text and not force them to use a non-alfanumeric character as well as a digit. Setting the EmailRegularExpress...more >>

Hi All, I want to fetch informations of all users exist in Active Directory(around more than 11000) but it always returns first 1000 users. I tried both way (using SQl Server and DirectorySeacher class (C#.net)) to get all users but both returns the same results. This limit(1000) is imposed by ...more >>

Hi, i want to use a X509 Cert to sign a plain text file, but when i was looking for info in MSDN i found references to PublicKey, and nothing about the Private or any method that allow me to sign anything. My question is, how i can use the cert to sign the text? Thanks for any help. R...more >>

I am using declarative syntax to demand a certain principal permission within my code which is written in .net v1.1. I am using WindowsPrincipal as the underlying scheme for users. The strange behavior (or maybe I just expected it to act differently) arises when I use impersonation plus dema...more >>

I want to: - encrypt a string - save it to an xml file - read it back - decrypt the string (using the crypto api functions of the MSDN SignatureCapture sample) If I use: MyValByte1 = Convert.FromBase64String(txtName.Text) MyValByte1 = MyCrypto.Encrypt("MyPPhrase", MyValByte1) save it...more >>

Hi all, I am new to .NET but I am trying to develop a C#.NET WEB Service. I can do this on my laptop without any problems but when I try it on my desktop I get an error "The Web server reported the following error when attempting to create or open the Web project located at the follow...more >>

Hi all, Situation: - ASP.net application, written in VB.net - Excel 2002 installed on server Problem: The application I wrote is an ASP.net webpage that uses Excel to generate some pages. This works already more than 1,5 years on a Windows 2000 server with IIS 5 and the .NET Framework 1.1...more >>

Hi, We're intrigued to find out more about the new capabilities of the TCP remoting channel in .Net 2.0. Specifically, how can we sign the channel between client and server to ensure that only our components can talk to each other, and no-one else will get a look in. I've read some scan...more >>

Hi, We had a Runtime Security Policy Code Group created in .NET 1.1 Configuration to give Full Access to a folder on a network share. When we installed .NET Framework 2.0, the policy quit working and our application could no longer initialize the .NET Framework. I have the following ques...more >>

Hi, I have built a Windows Form Control which is hosted in IE (for our Intranet). The form logs into a Web Service and retrieves information for display. However, because the web service is on a different internal server, we get the error message: "Error in document service. "Request for th...more >>

The action that failed was: Demand The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: Intranet i recieve the above error meesage when ever i attempt to use this : System.Security.Principal.WindowsI...more >>

Anybody ever seen this before? The two methods below are identical with the exception of the EventLog.Source value. Method #1 is successful. Method#2 fails. Writing to the event log causes a Win32Exception when the EventLog.Source = “VB.Net Application”. O/S: Windows 2003 Server (...more >>

I'd like to run a VP .net application from a network share. It was done in VB. net. and has no special requirements. When I copy it to the network share on a win 2003 server and run it (the .exe file) I get an error. If I run the same file locally off the local C drive it works fine. If I ...more >>

hello, my dll (assembly) is secured (so it can't be used by third party) using the 'StrongNameIdentityPermission' attribute, it seems that the code is not secured, becuase it's always worked even if the key is invalid!! the same code exactlly worked just fine under VS 1.1! is there any chan...more >>

I'm trying to develop a license model for an application and need suggestions for futher securing the licensing system. I'd rather not require a network connection to a server to validate licenses so all the code will reside on the client machine. Licenses will be generated on a controled ...more >>