I am having a strange problem; I am hoping someone can help me. I am sending email through my vb.net program using the cdo model with this code: Dim objMail As New CDO.Message ' Send the mail With objMail .Subject = pSubject ...more >>

We are working on a distributed VB.Net application which will access a SQL database located on a known server. Each client will run on the user's local machine. To implement this, we are trying to use remoting for our access to the SQL server, with the remoting being via IIS. Since all of o...more >>

I am attempting for find the groups that a user is associated with but all the examples I come across don't work. I'm unsure as to whether it is due to permissions on our network or if I'm constructing the path to use incorrectly. Below is C# code I found that should list the groups for a gi...more >>

I have an application we are building that will be used by a number of different users on shared PCs. I want to be able to store a number of user settings in a location that is unique for each user, so that one user's settings do not affect another. Is there a "standard" location to store ...more >>

Hello, I have got the following problem: My application references an assembly of a third party library. A class implemented in this assembly stores a file in the Isolated Storage. Unfortunately this class does not implement a method to delete this file. But this is very important for me. ...more >>

Have Web Service: bool Login( byte[] A, byte[] B ); If I just send a couple of simple strings, it works fine ... as in: byte[] A = Encoding.Default.GetBytes("First"); byte[] B = Encoding.Default.GetBytes("Last"); but changing A to a 100+ byte encypted sequence of bytes, causes an e...more >>

as mentioned in the documents supplied with the VS.NET that the user need to be part of the (vs developers) group to develope and test web app. and (debbuger) group in order to debbug the app, and that no need to b part of the admin group well , i tried this out but it didn't work so far , wh...more >>

We get inconsistent application behavior on Authorization based on NTFS ACL Permissions. We implemented an ASP.NET 1.1 web application using NTFS ACL Authorization, and implemented a security audit logging call in the Application_AuthorizeRequest event of the Global.asax: protected void A...more >>

Hello, Could you help me ? I am developing a web application that needs to create a signature. To do this I am using CAPICOM but I have a problem: When I try to obtain the certificate from a certificate store but I get a exception which says that the Certificate store is empty (this is not tr...more >>

hello I'm creating an internet application in vb.net to. Whithout Visual studio and with the Framework 1.1 I have a lot of file, .aspx, .aspx.vb, .ascx... What is the best way to protect the source and to crypt them ? I don't know how to do that ? Do you hnow diffrents turoials ? Compila...more >>

What is the Windows registry hive HKEY_USERS for? ...more >>

Hi, all: I have a question about security in ASP.NET applications. We´ve to develop several applications. All of them with Windows integrated security in IIS. Each application must run under one domain account (each application has its own account), so we´ve to use impersonation. How can I ...more >>

Using net 2.0 I try creating a sslStream from a regular networkstream as folows Socket clientSocket = serverSocket.EndAccept(result); clientSocket.Blocking = true; Stream clientStream = new NetworkStream(clientSocket); SslStream sslStream = new SslStream(clientStream); X509Certificate cert...more >>

Hi, How does the DPAPI work when using machinestore? Does all users on the machine have access to the encrypted data? Or is it possible to set an access list? Johan...more >>

Hi I am attempting to implement impersonation from a windows application to a SQL Server database via a remoting middleware application(hosted in IIS 6 on W2003 Server). I have configured the host virtual directory in IIS to require windows authentication, and anyonymous access is off. W...more >>

i can't get into hotmail because of the .NET passport itmakes me write the characters i see and then asks me to sign in and them continues to ask me to write what i see and sign in. I HAVE 89 UNREAD MAIL MESSAGES I NEED TO SEE ONE OF THEM WHICH IS VERY IMPORTANT AND I CANNOT get to them...more >>

Hello. I am developing an application with multiple assemblies. I have all the projects contained in one solution just to make code management a little easier. However, is it recommended to have one key for strong naming for all the assemblies (projects) or should if assembly be strong name...more >>

I use a free third component in my solution. and considering of security, I generate a Key.snk and using in this project. when i now generate this solution, the compiler told me this info: generate assembly failure -- referenced assembly "XPCommonControls(a free third party component)" has no st...more >>

I've registered a non MSN email address for a .NET passport, but cannot change the display name in any client (msn messenger, kopete, amsn) . It is a Gmail address, haven't seen or heard of this problem before. I'm a Linux user primary (Mandrake 10.1) but have tried changing the display name o...more >>

Local C# network application developed using VS .Net 1. While do some local network users able to Trust The Assembly via the Control Panel .Net Framework wizard while others can not because of “security policy”. Why? 2. Why do I receive the following error message when I try to op...more >>

Hello - I have existing users in a CSK-schema who each have passwords. I need to migrate these users to the asp.net tables in .net 2, but I haven't found any way to set the new passwords, password salt and password question properly. Is it possible to use t-sql to migrate these records or ...more >>

Hi, I have written an application in C# which works well in a local machine. However, it gives me a security exception when I copy the .exe file to a Windows 2003 server computer in the same network and try to run it from there. The exception message that it gives me is: An unhandled exc...more >>

We've been writing various apps in .NET for a while now without thinking much about code access security. Now, having looked some into CAS pertaining to smart client apps and reporting services, I'm wondering why CAS doesn't stop some of the things we do. One thing we routinely do is dip i...more >>

My team is developing a new software system that is replacing several existing applications. The applications being replaced focus on billing and customer relationship management. Our company is an international corporation that serves a large number of customers (hundreds of thousands) sp...more >>

I am implementing a mix of windows and forms authentication to allow users on the domain account to bypass the login form, however I want to check role authorization for both internal and external users from a database. The only way I see of doing this is to create domain user accounts in the...more >>

Hi, all: I have a problem when trying to execute a DLL. I explain you: I have two machines, in two different domains. In one machine I´ve created a folder that contais a .net windows application. This application is only a form that calls a DLL. I´m trying to call this applicaction from the o...more >>

Hi, I've got a collection of classes that encapsulate data records. Each of these classes, through a common base class, can copy itself (This is not a straightforward memberwise clone, but rather the ability for object A to copy itself to an existing object B in a specific manner). This funct...more >>

I am developing a winforms control which is strong-named and digitally signed . My customers complain that the control connects to the Internet when it is loaded, but I am sure my code doesn't do that. So my question is whether the .NET runtime does that, probably to check whether the digital ...more >>

Computer A is running an application that needs to find a certain file in an FTP site folder that is also on computer A. The user that is logged on to computer A is the domain administrator (the computer runs 24-7 without user interaction) The FTP site folder the program looks at is restricted a...more >>

How do I turn this flag on from C#? I need to ensure files created in the directory inherit that directory's ACL. I am currently setting permissions like this: ActiveDs.SecurityDescriptor sd = null; ActiveDs.AccessControlEntryClass ace = null; ADsSecurityUtilityClass asu = new ADsSecurity...more >>

Hi All, I would like to know if it´s possible to grant to my assembly just an execution permission using this: [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution=true)], and then on my method which requires FileIOPermssion i use something like this, [FileIOPermission...more >>

Hi EveryBody: I made directory by using VB.Net by the following method: Directory.Directorycreat("C:\Husam") first I was thinking to make this directory invisable so I used Fileattributes to make it hide. But as you know any user can find this directory by going to tools and Folder opt...more >>

I have spent the better part of the morning researching this phenonenom and found numerous entries. Much discussion about setting the timeout values on the authentication as well as slidingexpiration. I have not seen any one verifying that any of these steps were successful, and more stating t...more >>

Hi, after attaching a principal to an AppDomain with SetThreadPrincipal, is it possible to undo this setting in order to set another principal ? The method AppDomain.SetThreadPrincipal doesn't accept NULL as an argument, so what ? Oriane ...more >>

Hi I have an application which i can't understand why CAS refuses it permission to run. Is there a way or a tool to pinpoint what's going wrong with this exe file ? I really can't figure out what's missing. Thanks John ...more >>

I am experiencing a permissions error in a .NET web application trying to find if the user exists in a Domain Group. I am using C#. The web site is configured to use windows Authentication. web.config: <identity impersonate="true"/> <authentication mode="Windows" /> and <aut...more >>

I'm trying to run our .NET 1.1 code on the beta version of .NET 2.0. Almost everything runs fine, however there's one small issue: The following code is used to encrypt some data, the Key and IV are derived with PasswordDeriveBytes. 'salt' is a byte array with length 256 (identical in both CLR...more >>

Hi, I've run into a problem that may be security related that I haven't been able to find a whole lot of information on and I'm hoping someone might recognize it enough to give me some pointers. I've got the following code: XslTransform myTransform = new XslTransform(); myTransfor...more >>

Public Private Key Pairs - How do they work? ----------------------------------------------- I was looking at a presentation recently in which it was suggested that - User 1 Encrypts a message using User 2's Public Key. User 2 Decrypts the transmission using his Private Key to get the origna...more >>

Hi All, This is all about protecting my data in Executable file. I have developed a program in Visual Basic .NET 2002. I have many questions in mind... please help me to complete my project. 1. I have very much data to be incorporated into the executable file. I have to add much ...more >>

I have built an Windows Service, and I am getting an [Access Denied] error when I execute the following line. Dim AcApp As Access.Application = New Access.Application() The Service is Logged on as a Domain.User. If I give this user Local Administrator rights, then it works. However, I do not w...more >>

I am trying to preclude web clients from reading each others folders and files on a pulic web hosting server running W2k server. They can read each others files/folders by using simple .Net script and System.IO FileInfo and DirectoryInfo classes. The best I was able to do was to 1. Create s...more >>

I have a page that users upload files. Is there a way to restrict the file types that they can upload? thanks, -- Chuck Foster Programmer Analyst Eclipsys Corporation - St. Vincent Health System ...more >>

I need to check if the user of the app has IO and Registy rights. How do I "Assert" that the current user of a WinForm app has these rights? Thanks, John...more >>

Hi, I have the following Impersonation code. This code is in C# and I want to retrieve the data from the SQL server database using the Specified windows username and password. public bool ImpersonateUser(string sUsername, string sDomain, string sPassword) { bool bImpersonated = fal...more >>

I am developing an ASP.NET site where an site administrator can upload files via ASP.NET into a Documents folder. These documents are then viewed by site users. I used the MS KB article http://support.microsoft.com/default.aspx?scid=kb;en-us;323245 to learn how to do this. Is there a securi...more >>

Im trying to find out if a user belongs to a certain group in our domain. I used it before and it works fine. Now i want to do the same but with a groupname that has a white space in the middle of it. for example: DOMAIN\GRP APP. When i call the IsInRole with this groupname it fails and alway...more >>

I've got an ASP.NET application which is impersonating the client and does some role-based acess control internally. The application doesn't see changes in role membership made through the Windows Local Users/Group editor until IIS is reset. WindowsIdentity is apparently caching role membership,...more >>

Do I have to do something special in order to suppress the stack walks by my PInvoke or IJW calls? I plan to operate the .dlls only in a fully trusted environment. My first guess is to apply the [SuppressUmanagedCodeSecurity] attributes to: 1) my C# wrapper class since they can make PInvokes ...more >>

Hi, I have a question about authorizing access to web service. Is it possible to restrict access to certain web service based on domain name of a server requesting that web service. For example, I have a customers of my web service that have a domain name domainA.com. I would like to allow o...more >>