I am creating computer accounts from a web interface and need to set the group that has the rights to join the computer to the domain (by default it is Domain Admins). I can create the accounts, and join them as a domain admin. The problem arises when the local administrators who have been ...more >>

I'm working on a project where I have to pass a serialized object to a ASP.NET web service and I recieve an exception because that the object cannot be serialized due to declarative security. The object in question is an Exception class and as such I cannot change the declarative security t...more >>

Hi, I have a "little" problem with authentication from user control (written in ..NET c#) that is displayed in HTML page using Internet Explorer. Its possible using <object classid=....> tag. Lets say i have logged in as user A to my computer. Then i launch my browser (IE) and open website...more >>

Hi all. Where can I find documentation on using windows user controls in web pages? I've been looking for documentation, but haven't found much. Specifically, I'm now having problems with assembly permissions: 1. I have an Aspx page that uses a windows user control 2. The control uses ADO.Net ...more >>

Hello, I'm trying to use C# as a script language for my .NET application. Users able to write a method (say, Foo(Myclass parameter)) Then in run time I'm wrapping this method into namespace code, compile into assembly signed with special key and execute. Here is a problem - I'd like to ...more >>

Is there any way of granting a specific assembly Reflection permission when the web server is set to Medium level trust? The assembly is signed and may be placed in the GAC if necessary Paul ...more >>

I would like to know how i can easily use role based authentication to enable or disable certain controls (e.g. buttons) in a windows .NET application. Anyone suggestions? ...more >>

Hey, From within my security-dll I am able to display the 'CredUIPromptForCredentials' dialog. Because this dialog is popped up from code within my dll I have set the parent window of this dialog to be the Desktop. I am already able to bring this dialog visible (if there are other window'...more >>

I have a set of applications that use a common assembly library. AppA, AppB and AppC all use LibA and LibB These will run on about 25 computers. AppA and LibA need to read registry to determine database connect string to use and other misc config stuff For a while anyway, all code will...more >>

I am trying to use the Impersonation functionality but am getting inconsistent results. Win 2000 w/ Visual Studio 2003 .NET Framework v1.1 in development mode. I have the following set in web.config: <authentication mode="Windows" /> <identity impersonate ="true" /> I also have ch...more >>

As part of one our intranet applications, I have a vb.net winform control that is being hosted in a plain htm for now. I have signed the winform control assembly with a VeriSign Code Signing Digital ID. When the page is accessed from the same machine (machine A) where the control and the htm is ...more >>

Hi Sirs. Sorry for the cross posting but I did not no in what group to put this question :-) Anybody knows if the following setup will work: Use ADAM (win2003 Server) as a policy store for AzMan where users/groups will be assigned from a Windows2003 AD? And another one It seems that "...more >>

I have a program written in MEC++ which creates a 2nd AppDomain that has it's own application base and app.config file. This 2nd application base is NOT a subdirectory of the default domain's application base but it is on the same local disk. The code that is run in this 2nd domain is also w...more >>

I have a web app that runs on windows 2003 server and IIS 6.0. This app runs in a seperate application pool using a separate user called "APP_USER" (not Network Services). Everything works OK except the mail sending part. Not sure where the "APP_USER" should have access to to send the mail ...more >>

I'm trying to impersonate a user using the WindowsIdentity ctor. This is what I'm doing WindowsIdentity id = new WindowsIdentity( "test@dev1.domain-dev.net" ); WindowsImpersonationContext wic = id.Impersonate(); try { DoSome(); } finally { wic.Undo(); } I'm getting this...more >>

Hello, I'm wondering if somebody can help me figure out how to decrypt data. I seem to be able to encrypt data but have not been able to decrypt the very data that I've encrypted. I know it's because I'm just not understanding the whole process but I'm obviously just not getting it. Here's the ...more >>

Hello there IsInrole gives ya the means to check if the current or impersonated user belongs to a specific windows role or group. is there a way to do the same without using ADSI to check if "domain\user" belongs to "domain\group"? the reason is, when getting the "memberof" property of a user...more >>

I work in a law firm and all of the applications built by my team are used solely internally. I have read help on CAS and caspol.exe, but I am unable to answer my own question. Can I assign a trust level to all assemblies signed with a given public (private) key? Thanks. -Jason Kendall ...more >>

We are about to launch our eSite- Customers will be entering their credit card info however transactions take place off line. Verisign wants close to $1000 for a 128 cert, others such as DigiCert and Thawte have $99 specials. Do you have any experience pro or con with either of these guys fo...more >>

Hi, I am in the process of working on ASP.NET web control. Basically the control is just a timer which after a certain timespan posts the page back to server. It is now functionally complete, and as good coding practice i ran FxCop on the assembly. Im a relative newbie in .NET, espacially w...more >>

I'm currently seeking an ecommerce application that I can modify, focusing on those written in DotNet. I'm evaluating an application from one company that has a rather odd design philosophy (IMO) with respect to SSL: basically, once they turn it on, they leave it on. This is from their User's ...more >>

Hello there Is there a way through dotNet to check if a certain user is a member of a specific group? I use ADSI to get the memberships of the user then compare them to the group I want to check, but this way the user has to be a member of this group directly and if he is a member of a group...more >>

I run a web application that allows users to create folders and upload files to the server. Since a while it does not work. I guess it is some kind of securityproblem. Using a host I do not have full access to setting security. Can anyone help me instructing my host of required securityset...more >>

sure! You have to construct a WindowsPrincipal object for that user. What kind of application are we talking about? In Console/WinForms apps you get the current logged on user with WindowsIdentity id = WindowsIdentity.GetCurrent(); and then construct a WindowsPrincipal with: ...more >>

You can iterate through the evidence collection of a loaded assembly which gives you the hash. see the code attached. --- Dominick Baier - DevelopMentor http://www.leastprivilege.com try { Assembly a = Assembly.LoadFrom(args[0]); IEnumerator it = a.Evidence.GetEnumerator...more >>

I've write console application which uses Data Protection API to hide connectionString. I use registry to store crypted data. Reading registry works OK without any security realated code. But writig registry is a nightmare for me. The exception is: System.UnauthorizedAccessException: Cann...more >>

A healthcare company plans to secure calls to webservices using a combination of SSL, XML firewall(between iis aspx server and web services server) and using basic authentication. We plan to migrate our ldap users from our integrated security into the basic authenticatino on the local iis web ...more >>

Hi, I'm not able to find any API to retrieve at runtime the hash of an assembly. 1/ is there any existing API (I might not have looked in the correct namespaces/classes) ? 2/ if not, why is'nt there any ? any security implication ? is it planned to have one in .Net 2.0 ? Note: I know...more >>

HI NG! I've got a problem regarding a secure Connection to an Exchange Server 2003 (selfsigned certificates). I've read some articles about using the ICertificatePolicy ,using a class with the function CheckValidationResult should always return True. I've tried everything but, I'm still ...more >>

what is logon name variable that I can use in my ASP.net to redirect users to different webform or SQL table as they logon? ...more >>

Could someone tell, which hashing algorithm is used in the ..Net's System.String.GetHashCode() call please? -- Rahul Kumar http://dotnetyogi.blogspot.com This message is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within it are my own and do n...more >>

I want to be able to use Visual Studio.net 2003 on a Windows 2000 workstation as a debugger for both classic asp web applications and Visual Basic.net web applications. I also want to use Visual Studio.net 2003 in design and test mode for code written in visual basic.net. I want to be ab...more >>

My application runs in FullTest and needs to give the same trust to an assembly control which gets loaded. I would like to add the FullTrust before I load the form containing the control for the first time and then remove the trust before my app closes. ...more >>

Hi, I am working on the Intranet website & i need to authenticate the Users using Windows Authentication. The Windows authentication works fine with Windows OS machine, but the MAC OS Users are not able to log on the Intranet website. How do i ask the User to login when he is surfing the Int...more >>

This message has also been posted in the ReportingSvcs group. I have created a custom assembly that contains a function that uses System.DirectoryServices to determine the user groups a user belongs to. It works fine in development (preview) but returns the following error on the report ser...more >>

We have our intranet website running on IIS 6.0 using SSL. On our application side, we have some code that goes to the \\Servername\DirectoryName\myFile.pdf and grabs the file for the user. Now the problem is with SSL. Everytime some user click on the link, they get Internet Explorer securit...more >>

Hello: I want to run cacls to assign rights to a file from a vb.net dll I wrote.. Dim app As String = "cacls.exe """ + ICopyTo + """ /E /G """ + ICopyRights + """:R""" Then I want to logon as a network admin to set those rights... Dim si As New StartupInfo() Dim Mylong As Long si.cb = ...more >>

Hi! Situation: Application runs from a CD and needs information from a serialized object. Both the serialized object and the application are on a CD and therefore in an untrusted zone. I did get File.Open to work by manipulation FileIOPermission. But ..deserialize(fs) still throws an secur...more >>

All, I developed an ASP.NET web app on my local machine (W2K) and everything worked fine. I was able to grab all the attributes of the AD schema. I then moved my app to the development server (Win2003) and now 95% of the attributes come up as "System.NotImplementedException: Handling of t...more >>

Hi all, I have a strongly named assembly that is in the GAC. I have given the assembly access at Machine Level to both registry and EventLog. I have [Assembly: System.Security.AllowPartiallyTrustedCallersAttribute()] in the Assembly When the ASP calls the method in the assembly to write to...more >>

Hello: In vb.net I impersonate a domain administrator I confirm this using: WindowsIdentity.GetCurrent().Name)) then I start a process which shells out and uses CACLS to assign a group right to a file and I get an Access Denied error message. Dim impersonatedUser As WindowsImpersonationCont...more >>

Hi, i need to parse an existing pkcs#10 request and show its contents in human readable format. Is this possible in C# with CAPICOM, CryptoAPI ? I tryed the XENROLL control but it seems that it only allow to create a request but doesn't allow to read and parse an existing one. Regards, Ales...more >>

We have the client application making calls to the server using .NET Remoting. The communication is protected by authentication, authorization, and encryption, so nobody can get into the channel. Also the client and the server applications are digitally signed. Now we assume that somebody know...more >>

I need to capture client infor like computer name or current logon user on client machine from IE browser. the web app is running on an intranet. I tried running this code inside c# web.aspx, which is working fine, but it returns the login id on the web server machine: private void Page_Loa...more >>

I have a PKCS#7 signed message, base64 encoded, from which i want to extract the original message in plain text, the signature and the certificate used for signing. Is this possible or am I out of line? I can't find any way to do this with the .NET framework. Does anybody know of any (fr...more >>

I've created an Enterprise Security policy for the framework and am distributing the file via a GPO / MSI package. I have already done this successfully. The problem I have is that Microsoft's documentation states that only security admins or domain admins can modify the enterprise polic...more >>

I installed this update today on my Windows XP SP2, and mmediately could not fire up and debug any web apps in VS.NET 2003. As soon as I hit debug, it immediately pops up a message box that says something to the effect of Cannot debug this application. Then when I compiled and tried to browse ...more >>

I am working on a simple yet large web application that renders static HTML files per user request. I wrote an ASPX front end that accepts a userid and password combination. It acts as a gatekeeper to the application. The user cannot get to the index HTML document from the security check exc...more >>

Have an ASP.NET app that is having trouble accessing a file on a DFS share; getting "access denied" errors. Using impersonation to ensure the access is done under a domain account that has access, but no luck. Any thoughts/tips/gotchas that can be shared, please do. Am thinking that I may be...more >>

I am still having problems with using Windows Authentication for my ASP.NET site on our intranet. Could someone walk me through the steps to using an Active Directory group for users to get to my site? I only want a certain AD group to be able to use my site. The problem I have now is taking t...more >>