Hello, I am new to CAS. I am trying to protect my assemblies so they cannot be called by other assemblies not signed by our company. I create a company key pair using: sn -k myKey.snk I read the public key with: sn -tp myKey.snk I demand ask for StrongNameIdentityPermission before the ...more >>

I use the formsauthentication.signout in my logout button, than redirect the user to the login page. I also clear all session variables. I have just noticed that if you copy the url of one of the pages in the app, and paste it after you are logged out, you will be taken back to that page with...more >>

Hi, My problem is the first request done on Active Directory using DirectoryServices object take 5 seconds. All folowing search are less than 1 second, even i am using a new instance of DirectoryServices.DirectoryEntry. The problem is the same with both methods : - DirectoryServices.Direct...more >>

I've just run into a rather pesky issue. If I use the XmlSerializer class from a strongly named assembly, the generated assembly makes a demand for full trust if the strongly named assembly doesn't have the AllowPartiallyTrustedCallers attribute. Some of my customers have IS policies where they ...more >>

Hi everyone! Sorry for my English( I'm not good at English) I have a question : To connect to SQLServer I must add connection string in webconfig,may be like this: .... UserID=sa;PWD=mypwd.... If someone open this file, he can see this password, how can I hidden connection string in webc...more >>

Hi. I am following some Microsoft guidelines to build a more secure web server, in order to run an asp.net application. I created a custom account for asp.net and disabled the built-in IUSR_MachineName. The problem is that when I run my application I receive an error: Service Unavailable. A...more >>

Please forgive my ignorance. I am new to all of this and volunteered to be the webmaster of a site because nobody else would step up. When trying to delete or upload pictures, users are getting this error: Server Error in '/jeep' Application. Security Exception Description: The applicatio...more >>

I have created an encryption class whose main encryption method encrypts small amounts of bytes (in this case the Key & IV for Rijndael encryption of main data) using .NET's RSA methods. This had all been working fine until I tried using the class within a "Windows Service" application. The...more >>

All, I'm running an application on the .Net 1.0 framework that seems to be having trouble running for anyone who is not a member of the local admins group on the Windows 2000/2003 server. If I run the app (my account is in the local admin group) no problems. But if another user attempts t...more >>

All, ...more >>

I'm using IsInRole to determine a user's authority to use various features of a winforms application. Everything works fine while the client machine is connected to the network. However, when the application is disconnected, the authentication works with the cached credentials, but any attempt ...more >>

Hello, I'm using the Crypto API RC2 encryption under Visual Studio 6 C++. I've written some code and got encryption and decryption working fine. The problem is when data is encrypted, the data is padded to accommodate for block size. So I have the data encrypted with these additional charac...more >>

According to my research, it looks like I can use the Windows Security Principal to verify that a user is authenticated or to see if they belong to a certain group etc. The thing that bothers me is that this object resides in the client computer memory and everybody knows that this makes th...more >>

I have must set Protection to a folder and remove other exists protection. I use for set protection Api AddAccessAllowedAce but this api set MyUser and not remove other users.. This is a better way in VB Dotnet ? ...more >>

Dear, Microsoft Corporation Would the Permissions architecture be considered to operate at the Session Layer of the OSI model? The reason I state this is due in part to the fact that it has DNS incorporated within its confines. Regards, ...more >>

Hi, I'm using the authorization application block, with an active directory authorization store. In my app.config file, i've specified my store location as following: <storeLocation>MSLDAP://CN=SS1,CN=Program Data,DC=MyDomain</storeLocation> This store is created on the server 2003 Author...more >>

I have an ASP.NET application which is set to use Windows authentication - relevant section of web.config below:- <authentication mode="Windows"/> <authorization> <deny users="?"/> <!--Deny anonymous users --> <allow roles="uksvphpcs053\aristoweb users,uksvphpcs053\...more >>

Hello, I want to save a message in a xml-file. I want to save attachments in a special tag. But if the attachment has a virus and if I open the file in my ..NET program, is the virus activ? I think so beacause I saw the jpg-problem from the internet explorer. I hope you understand my englis...more >>

My control uses several other controls - MagicLibrary being one of them. If I change my Internet security to Full Trust everything work fine but when I just have full trust for my control I get this error. These are the permissions I'm requesting I get: [assembly: FileIOPermission(SecurityActi...more >>

I create a key pair using sn -k mykeys.snk. When I try to view the keys using sn -tp mykeys.snk I get an error: Failed to convert key to token -- Bad Version of provider. Any ideas? I can't strong name an asembly with the generated file. ...more >>

Hi, I have a piece of .net code I am trying to understand. It creates a MD5 hash then requests 256 bits from the hash, where MD5 only generates 128 bits. I've looked at the hash with another non-.net piece of code and the first 128 bits match up correctly. How is Microsoft creating the second...more >>

Hello I try to use the object RSACryptoServiceProvider to verify a signature. I provide the public key in the code but it seems that the RSACryptoServiceProvider constructor try first to create random keys in the directory RSA\MachineKeys. I always receive an exception with the message: ...more >>

Is it possible for a hacker to run the strong name utility on a client computer with the -Vr parameter to skip verification of *signed* assemblies installed in the client computer rendering my whole strong name security scenario useless? Since most people are usually logged as Administrator...more >>

I'm writing a webpart which is supposed to connect to a Webserice in our interanet.I am using "RSService.Credentials = System.Net.CredentialCache.DefaultCredentials;"to Authenticate to the webservice.but it dosn't work.why? I think SharePoint which hosts my webpart authenticate the user requ...more >>

Is there a utility to test an assembly for security issues? I have a Winforms user control which I'm hosting in an ASP.NET application. On some machines the assembly doesn't load when I override the CreateParams method. Also, if I add a chart control to this control it doesn't load. There's no...more >>

Hello and thanks in advance for your help. I am trying to implement an ASP.NET application with <authentication mode="windows"> in the web.config file. My question is, if the app is located in an https server, how is encrypted the authentication information (login, password, and domain) th...more >>

well - you could take the developmentor essential .net security class where we build such an installer in the lab .. or get some inspiration here : http://staff.newtelligence.net/michaelw/default.aspx?date=2004-10-14 :) --- Dominick Baier - DevelopMentor http://www.leastprivilege.com ...more >>

I understand that I can "install" a strong name key pair into the CSP. What I would really like to know is where does the key goes? Is this "installation" saving the key into the registry or some special hidden folder? Is there a way to browse for this information? Thanks. ...more >>

just be aware that this msi package overwrites all changes you have done before to the policy - especially important if you plan to distribute further policy changes in the future. a more stable way is to write a little installer to adjust policy programmatically and distribute that via GPO ...more >>

New to Windows Server 2003 and developing a speech application. When I try to login to SQL server either local or on network I get the following error- Login failed for user 'NT Authority\Network Service' . When I use Server Explorer to find and logon the server from Visual Studio I have no p...more >>

Hey In designing a website, I would like to be able to make pages require certain permissions in order to "view/execute" them. So far I've only been able to find out how to use role-based access control, but this is not what I intended.. An example to make it more clear: User Alice ca...more >>

Hi all, I'm running into a problem that's driving me nuts when decoding a file. In an app, I've managed to generate binary files wich 128 first chars are a RC2 key encrypted in RSA, and the rest of the info corresponds to my origin file encrypted with said RC2 key. So now I'm working in a sep...more >>

I have a .NET control embedded in Internet Explorer. Right now I am loading the control in a Local Intranet Zone, meaning that http://localhost/MyWebPage.htm has the embedded control. I have: 1) Strong Named my control 2) added [assembly: System.Security.AllowPartiallyTrustedCallers] at...more >>

We have a vendor that is requiring an elevated .NET security level for their application. I am looking into ways to do this. Is there a Group Policy to do this or a registry change? How would one go about changing this setting? Thanks Rob McShinsky ...more >>

I need to take a string and generate a MAC (Message Authentication Code) using TrippleDES and get the following result: In this sample the input string is "A9993E364706816ABA3E25717850C26C9CD0D89D" Break into blocks: Block 1 = "A9993E364706816A" Block 2 = "BA3E25717850C26C" Block 3 = ...more >>

I have 2 webservers, one running a web application and the other a web service. The web application calls a web method of the web service internally to get some data. This web application is a passport enabled site, hence when the user logs on, it requests the user to log in with passport. ...more >>

your ASP.NET applications seems to run in partial trust. this is configured through the <trust level="xxx" /> setting in web.config or machine.config. change the "xxx" to medium. Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.d...more >>

I am trying to compile a license file with lc.exe. I get this error ' LC0003 unable to resolve type'. The text file conytaining the license information appears to be incorrect but I cannot find an example that gives any useful information. License Compile(Lc.exe) in Visual studio help is ab...more >>

I have a .Net application that uses windows authentication. It is a contacts database. It picks up your username and compares it to a database. If you are the user whose record is showing then you get rights to amend it, if you are not then it is display only. With windows 2000 as the clien...more >>

Hi, I've been trying to figure out how the .NET Licensing is working, but I can't seem to understand it. I create a Licensed control using the standard LicFileLicenseProvider like this: [LicenseProvider(typeof(LicFileLicenseProvider))] public class LicensedLabel : Label { private Licen...more >>

i have a asp.net application which uploads a file. i want to save the uploaded file on a remote server on the domain. this is the script: Dim plc As Integer plc = textbox1.PostedFile.FileName.LastIndexOf("\") plc = Len(clientFile.PostedFile.FileName) - plc - 1 ...more >>

Hello I am currently trying to retrieve all security groups from active directory for the logged in user on an ASP.Net page using C#. I am using refection to do this. The following code will return some of the security groups but not all: MethodInfo getroles = typeof(WindowsIdentity).GetM...more >>

I'm trying to send mail as part of a VB.NET app. I'm using System.Web.Mail to do so, but when I perform the .Send() method, I get the following error... "Request for the permission of type System.Web.AspNetHostingPermission ........ failed". I'm new to .NET, but not to VB, and I've tried ev...more >>

Hi All, I don't know if this is the right place to ask my question but here goes. Does anybody know if there are .net components that implement PGP (Pretty Good Privacy)? If not, any articles or source code samples that used PGP API's (freeware / commercial) in .NET code? Any info is v...more >>

When we follow the Form Authentication, how can we force to the login page if an intruder types the querystring on the browser address bar directly? ...more >>

Hi, I posted this in dotnet.xml, but got no response. Does anyone here have any ideas? ------------------- I am creating a digital signature (enveloped) using the SignedXml class. The Reference Uri is set to "". Everything seems fine when saved to file, and the signature verifies OK if ...more >>

Hi, I used the following code to copy file from local machine to remote machine. Z: is mapped drive. It can work well with Windows Application, but It can not work with ASP.NET. If I change mapped drive to local drive, it also work with ASP.NET. I have set impersonate in web.config. I think t...more >>

Hi there, Have you guys watched the Smart Client 3: Developing Secure Smart Client Applications by a presenter called Jeff Levinson (http://msdn.microsoft.com/events/devdays/sessions/). I have got a really really quick question regarding the security hole he found on the demo... (you n...more >>

I need to copy a file to share but, when doing it manually, I have to enter the username and password; I need to be able to do this programatically. I assume it has something to do with creating a WindowsPrincipal object to impersonate the user that I'm going to use to log onto the box and then...more >>

Hi, Is it possible to determine Type's *PermissionAttributes through Reflection? For example, [SecurityPermission(SecurityAction.InheritanceDemand, UnmanagedCode=true)] class Class1{} How can I find out that SecurityPermission was applied to this type using Reflection? Not possible? ...more >>