Hi all, I need to know the user privileges (does user have administrator privileges) .. Which c# api's should i use? Thanks a lot ...more >>

I have no clue what's happened. About a month or so ago I developed a VSTO app that used WSE 2.0 SP2. I created a setup project that correctly installed the app and set the policy correctly. All deployed and ran properly. Now, I've installed SP3, and I keep getting security error (Execute P...more >>

Hi all! I need to set folder security to full control to everyone is it possible from code (without calling any external applications and sripts) ? example would be nice. Thanx ...more >>

I am writing a web app that uses windows authentication. I have a logout button in the app that abandons session and returns the user to the main page of the application. I would like to force the user to provide their windows credentials again if they choose to reenter the application. Is ...more >>

Hi everybody I've installed my web application on a IIS6 (Windows 2003) but I've difficulty to share caching in Application and Session scope between .NET and ASP. It works on a II5... I'm sure it's something about security - but what? Scenario: - same web site - same application pool ...more >>

Hi, I have an application that sends a .NET (C#) web service an base64 encoded string. This string sometimes includes extended ascii, e.g. é ù ô and when I try to decode this string in the webservice using: string decodedString = Encoding.UTF8.GetString( Convert.FromBase64String( base64S...more >>

Does anyone can point me out to good articles or documents which clearly explain the security under .Net framework I try to follow something but I am really getting lost indeed, a lot confuse with the code security and security of the operating system also how they are interact together. H...more >>

Hi We have windows application and have created our own custom principle & identity objects that implement IPrinciple and IIdentity. When a user logs into our system we set the threads principle to our custom principle object by calling Thread.CurrentPrinciple = blah. This all works great for ...more >>

Hello, I want to encypt a small ( I'm aware that max 117 bytes may be encryptes with RSA ) portion of data with private key and later to decrypt it with a public key which will be embeded in my code. The problem I am expieriencing is that I _cannot_ decrypt anything with public key - no mat...more >>

I have created a web app and now I want to make sure that it only has execute rights to run. Below is what I put in the assembly file. Is this correct? 'Allow this web app to execute <Assembly: Web.AspNetHostingPermission(SecurityAction.RequestMinimum, level:=Web.AspNetHostingPermissionL...more >>

We retrieve data from a company called XYZ through httpwebrequest. The program is coded using VB.NET They have given a certificate to install. This certificate is included with the request object.I use httpwebrequest to retrieve data. The certificate is added to the client certificates col...more >>

Hi. Under the Microsoft .Net 1.1 Wizards there are 3 wizards: 1) Adjust .Net Security 2) Trust an Assembly 3) Fix an application. I want to use the Trust an Assembly wizard to trust several assemblies (from a network share). However, it seems to insist that I only select one assembly at ...more >>

I have seen a number of postings with problems similar to this: W2k Pro sp4 fully patched IIS 5 web service: ssl enabled; requiring client certificates Running on same machine as client Client .NET 1.1 console application in C#: (certfile is also a valid certificate in CU MY store .. wit...more >>

Hi. We are creating an intranet here in ASP.NET and we decided that we are going to use a kind of Forms Authentication but using the users in our windows domain. So, we are creating a default login form, but the user will use the name and password he uses to login to his computer. I w...more >>

I'm trying to use TripleDESCryptoServiceProvider to encrypt some data to authenticate with a DESFire card, however, the default key is 16 zeros which causes a CryptographicExecption to be thrown; it complains about weak keys. The card also supports Key1 = Key2, which gives DES support; This also ...more >>

How can I, through VB.NET, find out if somebody has access to a specified directory? The directory will be on an 2000 Server. TIA. Jeffrey. ...more >>

I have been using AzMan for a security proof of concept and really like what it has to offer. Our company has over 3500 XP user workstations. The new version of software that we are building and preparing to roll out needs some interesting security in regards to the user interface. Buttons ...more >>

What is the difference between Full Trust and Everything in .NET security configuration? I know there is a difference, because if I take the following steps, I can't even get a simple winform app to run: 1. Create a code group for the My Computer Zone 2. Set the new code group to use th...more >>

Hi, there: This might be a newbie question. I want my web service to require a certificate to access, so I go to IIS my virtual directory property and Directory Security page. I found the "secure communication" secion including "Server certificate" button are both greyed out. I wonder why t...more >>

Is there a way in .Net to specify that an embedded resource can only be accessed from within the assembly? Or, in general, what is the best/most secure way of storing a client-side cert without having to have a user profile? Thanks, Todd...more >>

We have a COM+ application written in C# (a serviced component) thats get accessed by remote hosts on the network. How do I obtain the WindowsIdentity of the caller of my serviced-component? Regards Morten ...more >>

You mean the name of the caller?? That's in SecurityCallContext.CurrentCall.DirectCaller.AccountName --- Dominick Baier - DevelopMentor http://www.leastprivilege.com nntp://news.microsoft.com/microsoft.public.dotnet.security/<#ttsf3hLFHA.1884@TK2MSFTNGP15.phx.gbl> We have a CO...more >>

hi, i use compact frameword and c# to program on pocket pc is there a way to prevent user to examine constant in a .exe using ildasm ? thanks in advance ...more >>

I've written a license file generator in C# that generates a signed XML file for use in another program. I need to give this generator to a third party (ShareIt.com) so they can generate license files when a purchase is made. I can to do this with a keys stored in a container, but on their syste...more >>

I noticed these intriguing classes have been introduced recently into the .NET Framework 2.0. However, documentation for them seems to be lacking, and google search turns up nothing. I was wondering if someone could be generous and comment on the usage of these attributes? In order to expose a...more >>

March 18, 2005 I am trying to encrypt messages typed in a textbox by encrypting them using RSACryptoServiceProvider. If the text is shorter than about 1/2 a sentence, then it works fine. If it is longer, say: "This is my message. It is not very long, however.", then RSA.Encrypt(M...more >>

Hi all, I am creating a web page (asp.net) with AD authentication (LDAP), I have few set of roles created for this project. I have roles1, roles2, roles3, roles4 Based on the above roles, i have to pull the data from a database for that user. Here are the steps, i plan to perform 1. Searc...more >>

I just applied 1.1 SP1 and I am seeing some changes in behavior wrt. security If I set my security level to no trust, my .NET application will now actualy execute until Application.Run (previously, it wouldn't even start up without execute permission) So great I thought - I can put up a fr...more >>

Hello, We have a web application developed in ASP.NET and MySQL database. The code works fine if trust level of web server is kept high for ASP.NET. It seems all service providers keep trust level Medium by default. If database read, write is commented, it works fine with Medium trust le...more >>

I have developed an application which all works fine, and runs under a normal non secure connection, e.g. http://shop.domainname.co.uk . I now want to run just a single page, that already exists in the application, that asks user to enter credit card information, in a secure environment usi...more >>

...more >>

Hi, I'm writing an application using forms authentication, and have implemented roles-based authorization using custom Principal and Identity classes. This is all working fine, but now the client wants to bypass the forms authetication when an intranet user is accessing the system from the inte...more >>

I have several certificates in my user store. When I inspect them with MMC snap-in, I can see that I have the private keys. When I try to export them, it doesn't let me export private keys. I am pretty sure that private keys are marked exportable when I first got these certificates. I wrote a ...more >>

Hajo, I need to exchange encypted data between ..NET and Java environments. The first problem I encountered is that symmetric ciphers in .NET needs initialization vector and Java counterparts don't. Can some one point me out the place where I can find any practise and patterns for encrypte...more >>

My point is that you run in even bigger trouble when you only copy the IPrincipal to Thread.CurrentPrincipal - a common mistake i have seen. Do you have a practical example of code that demands PrincipalPermission before HttpApplication.SetPrincipalOnThread is run (besides code you've written ...more >>

This is my first attempt at cryptography, and I'm a bit stumped. The following code is meant to encrypt an image on a client, then decrypt the image on a server. When the client and server are both running on the same machine running Windows XP SP2 w/ .NET 1.1 the code below works. However,...more >>

Hi, I'm having trouble getting declarative checks (using PrinciplePermissionAttribute) to work with my custom IPrincipal implementation in a web scenario. I created a custom principal class (MyPrincipal), implementing the IPrincipal interface I added code to the global.asax Application_...more >>

hey gang, i am a developing webapp that requires a client-side certificate in order to consume our partner's webservice. i have finished this app and, on Windows XP, i can install their cert via MMC and everything is honky dory. but on a Windows 2000 Server (W2K), things are not. While usin...more >>

How can I set Code Access Security, User Policy Level, policy for a certain user on a machine? regards Kjetil Kristoffer Solberg ...more >>

I am designing a document store. I want user to login and then be able to download files presented to them in the form of a list of links. Obviously I don't want nonlogged user to be able to see the files over http. I have tried to secure the diectory by mapping the the pdf extension to the aspne...more >>

I'm trying to instantiate an RSACryptoServiceProvider in a web service, which works fine on my local machine. But when I move the web service out to my production server, it blows up with the following error: System.Security.Cryptography.CryptographicException: CryptoAPI cryptographic s...more >>

I have a general question where is the best practice to store and how to pass in the key for symmetric encryption to an app. I have created a helper dll to aid with the encrypting\decrypting sensitive scripts that we have. How should I interact with this DLL by passing in the key for the e...more >>

I am attempting to construct a custom implementation of IMembershipCondition (which actually does a bit of work and then delegates to a UrlMembershipCondition object). I hjave given it a trong name and successfully installed it in the GAC, but an attempt to add it to the policy assemblies i...more >>

I wrote a program and installed it xcopy logged onto User A. Everything works OK. When User B logs on and attempts to run a part of the program which writes to a log file, the following error comes up. I don't know where to begin. The program runs on XP in a peer-to-peer network. TIA Lars ...more >>

I have a Win98 laptop which is connected to our local network. I want to run a .NET program which is located on a server, but I am not allowed to by the laptop. If I copy the exe to the harddisc, it will run ok. I guess its something about security settings in Win98, but I cannot find any...more >>

I'm looking for a way to get a remote HTTPS server's public certificate. I want to use this to encrypt data that will eventually be sent to that server via HTTPS, but I don't want the data to be readable on the computer's hard disk. The only way that I can see to do this is to create my own...more >>

Hi, I'm in process to develop thin control, that will be used in our web pages and IE. Control itself uses tag <object> and compiled in one assembly, that referenced another 2 assemblies, generated by VS as wrappers around COM object (Ax & regular version). Assembly for control is signed b...more >>

Hello, I would like to make sure that my web service only can be called from my strong name assembly. But I get a SoapException when I try to call a web method with the StrongNameIdentityPermissionAttribute set. So I guess that that there are problems using this attribute when I am calling ...more >>

Hi, I'm using the following code to check signed xml files: SignedXml signedXml = new SignedXml(); // http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 CspParameters cspParams = new CspParameters(); cspParams.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvid...more >>

IIS Authentication Problem? Since '95 I have been a contractor develoing applications using Borland Delphi (Object Pascal) creating win32 C/S stuff. Having recently completed amy last contract I decided to try my hand at dotNet stuff. I downloaded the trial version of Visual Studio 2003. So...more >>