Hi, When I trying to pass System.Net.CredentialCache.DefaultCredentials to a web service object, such as: ReportingService rs = new ReportingService(); rs.Credentials = System.Net.CredentialCache.DefaultCredentials; rs.Url = sWebServiceURL; It would always uses the anonymous user from ...more >>

I have a web app that currently gets the userID from a 509 client cert. Works great. A new client wants to interface our web app in a WebSphere Portal with a single signon for their clients so they want to call our default page via a post and pass the userID in an encrypted query string. ...more >>

Hi, When running caspol with the following options: caspol -addgroup All_Code -pub -hex <MY_CERT_IN_HEX> FullTrust -name MyCodeGroup the following error shows up: ERROR: Runtime error: Input data cannot be coded as a valid certificate. The certificate is valid - it works when adding...more >>

I am referencing the NUnit libraries in an assembly that is hosted by a COM+ application. Within NUnit it creates a "runner" app domain and then calls CreateInstanceAndUnwrap to create an instance of a class within a unit test assembly. I get a SecurityException on this method when it is exe...more >>

in C# how do i get to total number of kilobytes of memroy total and available for the current machine? ...more >>

Hi, I have a fully trusted .Net Control hosted by the Internet Explorer. The actual user is authenticated against domain x and the control comes from a website within domain y. Assume that the user authenticated itself by using any type of authentication, except Windows (NTLM) using credent...more >>

i created WINDOW user control (not web user control), that connect via socket to server. this WINDOW user control will be host in the IE . when the page is run, the WINDOW user control is load, and show itself , but when i click on the button in it and attempt to connect via a socket, IE l...more >>

The code with this call works fine when hosted in a Console application, but throws error Trust Failure - The underlying connection was closed: could not establish trust relationship with remote server when run in a windows service. I have spent almost the whole day reading about security, at...more >>

hi. i want to build USER CONTROL that will be used in WEB PAGE. to build user control and use in web page,I KNOW . i did user control with textbox and lable for example and it works. the problem is after i had the IRC client functionality and Windows sockets it DID NOT work. now, i gu...more >>

Is there a .NET equivalent to the win32 call AdjustTokenPriveleges()? I need to enable SE_SHUTDOWN_NAME so that I can call ExitWindowsEx() Win32 function through a .NET wrapper class. -- ----------------------------------- Ken Varn Senior Software Engineer Diebold Inc. EmailID = varnk ...more >>

I've seen some code which makes perfect sense, but what namespace is the encryption class. Furthermore, when I create my key pair how the distribute the public key. Dim asym As New Encryption.Asymmetric() Dim pubkey As New Encryption.Asymmetric.PublicKey() Dim privkey As New Encryption.Asymm...more >>

We all know storing a password straight up in the database is not good. Anyone who gets access to the table can get the passwords there right? So we encrypt the passwords and now they can't. But they can have a list of encrypted passwords and do a dictionary search, like if they know 'Banana' tr...more >>

Hi All, I have an ASP.NET application to which I have implemented forms authentication to handle security. It is a relatively straight forward solution with all aspx pages residing in the root folder. The issue I am experiencing is that when the authentication time out is activated and ...more >>

Hi, I'm currently using LogonUser to impersonate a user whilst connecting to a database. When I use a valid account (i.e. mine for testing purposes), it impersonates ok (no errors). But as soon as I try to access a resource, in this case Open a connection to the database an Impersonation Fail...more >>

Hi, I have to get some user information based on his SID. I have tried the code below, and it somewhat works. The adUser contains some information but most of it returns a COMException. I am mostly interested in the Name property, and in this case it returns "<SID=010500000000...more >>

I have successfully created an application in c# using the RSACryptoServiceProvider to encrypt on one machine and decypt on another. I am storing my private key in a key container. I have a situation where I need to use this private key on load balanced servers to decrypt messages from a sin...more >>

Hi people: I must load a RSA object from a .PEM file. It seems not to be trivial. I suppose I must obtain the RSAParameters from the file but I really don't know how. Mauricio Grimberg ...more >>

I am not sure why one should use the Demand() method? Wouldn't the attempt to access the resource thrown the same security exception? For example does the below Demand() actually help in any way? SocketPermission socketPermission = new SocketPermission(System.Net.NetworkAccess.Connect,Syst...more >>

I have a case where I need to get a WindowsIdentity for an account that has not been authenticated. Is this possible? It looks like the only way to do it so far has been to get a token from LogonUser first, but I want to get the identity without logging on. ...more >>

I tried to implement cryptographic using memorystream instead of other stream like file stream etc. Encryption is ok but could not get original data on decryption. Same logic works if i use filestream for cryptostream! ...more >>

Which path I need to sign in the attribute assemblykeyfile if I develop with c#. If you can give me example this help me because I find material but I am not successful to run the application this fail about cryptographic failure ...error reading Thanks. ...more >>

Hi All I tried many times to convert the ff code to .NET but I fail to have it converted. How To Validate User Credentials from Visual Basic by Using SSPI http://support.microsoft.com/default.aspx?scid=kb;en-us;279815 I would like to use the above link to authenticate the current user o...more >>

I experienced the following strange behavior when trying to write to a custom event log in an ASP.NET application (although the problem would occur with any non-priviledged account) I created a custom event log named "MyCustomLog" and created a source within it called "MyCustomLogSource" fo...more >>

I have a win2003 server that needs to do IsInRole queries aganist users ("targets") other than the thread-executing user (the "operator"). The class I'm building will be used by ASP.NET apps and also by Windows Services. I know about using protocol transition to get an unauthenticated Wind...more >>

I am a developer looking at using the new Membership system in .NET 2.0 and have a question. Many organizations have a hierarchy associated with their security roles. For example, a manager at store #123 may have access to do certain tasks in a payroll application, but only for 123. His manag...more >>

I'm developing a WebService using C#. I've got a client app that is non-dot-net and thus will be invoking the Windows CryptoAPI directly. While tons of documentation states that .NET Cryptography is based on the CryptoAPI, I can't find anything showing any correspondence between the .NET r...more >>

Is there any way to do this directly (e.g. simply get a refence to the foreign domain user and list the groups it belongs to in the local domain)? I haven't come across any examples of this being done and I can't think of any way other than to check for the foreign domain users' SDDLs in eac...more >>

Hello, I have the following in my web.config file: <identity impersonate="false" userName="domain\userid" password="xxxxxx"/> WhenI try to debug ny vb.net application, i get the following error: --------------------------- Microsoft Development Environment --------------------------- Error ...more >>

I am working on win32 internet based App. with remoting but i want to provide security through IIS in this Application Please give me some updates on it. Thanks Naveen Katara...more >>

Hi, I am trying to use .NET to import an exchange public key and generate a random session key. It goes like Client/C++ exports its exchange public key ClientPubA to server/C# Server/C# imports client/C++'s public key ClientPubA Server/C# creates a random session key (SymB) and exports it u...more >>

Hi, I am developing VB.Net console application. This console application will be invoke by the scheduler. The id under which this console application will NOT have access to SQL DB and windows 2000 file share. I would like to impersonate using proper widnows domain id programmatically to acces ...more >>

Hey, I am trying to get the users from a specific OU, however it doesnt work properly. So far I have this code: Dim entry As DirectoryEntry = New DirectoryEntry("LDAP://MYDOMAIN", "MYDOMAIN\username", "pwd") Dim searcher As DirectorySearcher = New DirectorySearcher(entry) Dim searc...more >>

Hi, i'm always auditing ASPNET's account accesses on my webserver, a WIN2K_SP4 + IIS5 + SQLServer2K_SP3a machine. Nearly all the applications work correctly, but i constantly find a message in the event viewer under the protection log, that says: --------------------------------------- Ape...more >>

I have to impliment a small communications gateway that uses DES as its autentication scheme. I have everthing else working but authentication. It is suppose to work like this, Step one: Send 8 byte random Challenge string to Server Step two: Server returns Callange string encrypted with a 8 b...more >>

Hi, I have a SignedData object (RFC3369 - Cryptographic Message Syntax, CMS) and want to verify that the digital signature is valid. This is the structure of the SidnedData: SignedData -version -digestAlgorithms --algorithms --parameters -encapContentInfo --eContentType --eContent ...more >>

Hi All I have installed SSL Certificate in my IIS and when I redirect to Https IE shows a Security Alert Dialog. Is there anybody who knows how to disable or block that Security Alert so that when any user access my Secured Page he will not get Security Alert Dialog. Any help will be appreci...more >>

Dear all! I develop VB.NET for about a year, and always heard about how easy is to "reverse-engineer" .NET applications, due to the MSIL and so... I decided to check it buy opening .exe file I created with VB .NET in software called "Lutz Roeder's .NET Reflector" (you properly know that, an...more >>

I was working on an Avalon sample using a PasswordBox, this control uses SecureString as its password storage media. The principle is very interesting except for what i consider a simple flaw in SecureString. You can see the details in my suggestion on Feedback Center. I would appreciate if...more >>

I have windows application that execute a logon script in the client from the server under shere network(in the netlogon directory or in GPO /windows setting/logon) when the users enter the LAN. my application get attribute from the ACTIVE DIRECTORY to present for the user his name and depart...more >>

We wrote a windows service using remoting that runs fine when running as a domain account that has local admin priviledges on the local machine. When we change the service user to no longer be part of the local administrators the service doesn't start. The user has Log on as service rights i...more >>

I am building an application in C# that uses the MODI COM object to OCR a series of scanned images in a specific folder. I have been requested to make the application impersonate a specific user when it attempts to access the folder and the files within. I have had some limited sucess callin...more >>

Hi, I'm just into my first week coding in .Net and I would really appreciate any advice on the issue below. I've done up a simple Web Application using ASP.Net and in the application I included a hyperlink to call up an external Windows Application Form (developed in VB.Net). The externa...more >>

I have been instructed that I have a need to configure the framework to prevent execution of unauthorized mobile code? I have checked into the .NET configuration tools, but do not see a way to disallow execution for mobile apps? Any help on where to look would be appreciated....more >>

Hello, I'm getting an error trying to write to the registry using .NET 1.1, WinXP sp1. There error is "Requested registry access is not allowed." The line of code is: Dim key As RegistryKey = rhKey.OpenSubKey(subKey, True) The subKey is HKeyLocalMachine. I don't get this error when I'm l...more >>

Am I totally wrong if I state that the .NET configuration from a default = install - totally disregards CAS? The Codegroup called "My_Computer_Zone" gives full thrust (i.e. do NOT = use CAS) to everything matching the zone "My Computer"? I mean - everything on my C-drive is valid for "My Compu...more >>

Hi I've been banging my head against a wall on this one for the last few weeks..... Basically we have an exe and about 12 dlls on the web server. We want to run them using ClickOnce smart client technology. I created a code group, (whose parent is 'Internet') at the machine policy level wh...more >>

Is there an easy way to restrict a web service so it can only called from asp.net pages on another machine on the network? Ideally I'd like to base it on IP address. ...more >>

Hi, I have created a web service using C# that needs to check whether some XML files are updated, if they are, it downloads them (saves them to disk) and processes them by updating data in a back-end MS SQL database. The client has a proxy server installed on their network and they request...more >>

Hi all, What is the recommended way to determine whether the user is authenticated against a Domain or AD? Simply checking WindowsIdentity.IsAuthenticated and WindowsIdentity.AuthenticationType does not distinguish between a user that is logged into a domain account and a user that is logge...more >>

Hello, a system requires the ASPNET account to be granted "Act as part of the operating system" priv to execute LogonUser. Its not actually my system, so I don't know much detail but so far as I can tell this is quite a bad idea. Its certainly contradictory to MS recommendations. Thing is, I...more >>