Hello, Is it possible to create a certificate that is valid for 2, 3, 5 years? I've been able to create a certificate valid for 1 year, but don't see any options on Makecert or the local CA for extending the time. Any pointer would be appreciated, or if I'm out in left field for wanting to do...more >>

I am working a project for a client where we are required to send a signed XML downstream to their server. I need to sign the XML with a X509 certificate private key and then send a (.cer) version of that certificate downstream with the public key so that the client can validate the signature....more >>

In an environment where all users are just that - not power users nor as limited as guests - how can you provide an play pen where users of the same PC can share information using the resources of just that PC? The issue is that user A can read files created by user B but cannot update them or...more >>

Hi Folks, Hope someone out there can shed some light on this for me. I'm having trouble figuring out how to correctly use security attributes, in particular StrongNameIdentityPermssionAttribute. I apologize upfront for the long winded nature of this post but I am trying to be c...more >>

Ok! I have a .NET (C#) app that I'm having a problem running on a Win 2003 box from a different Win 2003 box. I mean files physically are installed on that second win 2003 server, and I'm trying to start it on this first one. I get security error. I know about that .NET framework wizard that...more >>

In order to prevent Session Fixation attacks I would like to know how it is programatically possible to change the session id? The idea is that after a successful authentication during login a new session id is generated and the previous one is invalidated....more >>

Hi all, I always read example code to sign data with a private key inside a pfx file but how I can set csp to get a user's private key directly from his smartcard? thanks advanced Francesco ...more >>

I'm having a problem using DirectorySecurity.SetOwner int DotNet. I'm using the following very simple code: DirectoryInfo dInfo = new DirectoryInfo(strFolder); DirectorySecurity oDirectorySecurity = dInfo.GetAccessControl(AccessControlSections.Owner); oDirectorySecurity.SetOwner(new NTAccou...more >>

I am in need of some guidance on an application I'm creating. We have a series of nightly jobs that are run by a dedicated machine using the Windows Task Scheduler. These jobs span several projects, and perform a number of different tasks. I've been working on an application that will manag...more >>

I'm building a windows application in csharp and I'd like to know if there is a way to filter the search by the user email address in AD? Thanks!...more >>

Hi, I have a .NET assembly (a dll which has a strong name). It has two classes. This dll is used in more than one application. When the applications are distributed, the dll is also available for anybody. I want to secure the assembly(dll), so that the class in the assembly is inaccesible...more >>

Hi I am developing ASP.Net(Internet) application. I am using Active directory for storing and authenticating users. I want to use Forms Authentication Can I implement Kerberos authentication ? Can I simulate the windows login from ASP.net code? Is this Achievable? Any Ideas???? ...more >>

[it] ....finalmente disponibile l'ultimo sicuro obfuscatore per la piattaforma ..NET - il nuovo progetto tutto italiano che cerca di fermare la decompilazione & reverse-enginnering degli assembly .NET grazie per l'attenzione [en] ....finally available the last secure obfuscator for .NET Pl...more >>

I recently finished a C# program that is based on the .Net 1.1 framework and I am planning to make this program available as a download from the Internet. Since the program is something you can download from the Internet and since most people are afraid of running application from companies...more >>

Hi, I just installed Office 2003 and VSTO 2003. I cannot get *any* Excel project to run at all. Error is: The current .NET security policy does not permit ExcelProject1 to run from the folder .\ExcelProject1_bin\. Do not change the security policy in your computer... I've read every KB ar...more >>

I have been using signcode as follows: signcode -spc myCert.cer -v MyKey.pvk file.cab Now I'm trying to move to using signtool rather than signcode. But signtool doesn't have a command line parameter to provide the private key. You must supply a private key container name. If all I have i...more >>

Hi all, I am developing asp.net application using windows authentication from active directory on a local area network. the domain controller is not on the same machine of the IIS. when trying to get the display name of the logged in user I am getting an error if I try remotly even if user ...more >>

If I distribute my class libraries along with my ASP.NET code -- how secure are my DLLs? Can anyone gain access to them other than the ASP.NET application(s) using them? I was reading the Microsofts .NET security book and they suggest that .NET DLL can easily be decompiled -- if this is co...more >>

Hi, I am having problems using the XmlSerializer from within a signed assembly. I have narrowed down the problem to a compilation error (CS0647) occuring when .NET tries to compile code generated by the XmlSerializer. The JIT compiler gives an error when trying to process the following ...more >>

We applied the new .net security patch to our development machine. It may be entirely coincidental, but now authentication hangs. We use forms authentication and .Net appears to do what it is supposed to do by passing control to the log in form. We can navigate off the form to other, non-s...more >>

Hi, 3rd day is already gone without any solution. My problem is, I have a Windows Server 2003 sp1 machine as my development platform having NTFS filesystem. Other notable components installed are ODP.NET (latest version), WSE 2.0 sp3, offcourse VS.NET 2003 so .NET 1.1. When I enable For...more >>

what exact registry entries does the installing of a .net windows service create? either with installutil or with a deployment project. ...more >>

I have an ASP.NET application that using form-based authentication. I have a logon page, the user can enter his user name and password – which stored on a remote SQL server, after click the Logon button, if both are correct, the application will redirect the user to a welcome page. It’s ve...more >>

Hello I've written a simple .net 1.1 class that uses the cryptography classes to encrypt/decrypt using DES. My client just sent me their key which contains negative numbers for example - byte[] keyBytes = {103, -39, -110, 62, -100, 37, -29, 59}; I know they use Java at their shop which I be...more >>

Hello all, I am using C# Express 2005 that parses a log file then generates a report in another file. When I run the application from a network drive it throws a SecurityException when I attempt to create a StreamWriter instance. It fails at the following line.. sw = new StreamWriter( rep...more >>

I have written an FTP service in VB.NET. Am attempting to add SSL authentication. I believe it is either not doing the handshake correctly, or else it does not like the way I loaded the server certificate. Let me paraphrase the salient portions of code to show what I am doing, and the resulting...more >>

Hi folks I wonder if preJITed code solves some of the security issues. What about: - Protection of intellectual property (Lutz Röder's .NET Reflector)? - Discovering of hardcoded secrets? - Removal of the StrongNameIdentityPermissionAttributes from the files? Thanks for your time Chris...more >>

I recently developed a web based application however each time i run it frmo my web browser and attempt to write a file to my local machine i get the errror: "Request for the permission of type 'System.security.permissions.FileIOPermission, mscorlib, Version = 2.0.0.0...................fail...more >>

What is the "best practice" for connecting to SQL Server when it is on a different server than IIS? Details on implementation (processes and gotchas) would be appreciated too! Thanks, Marc Butenko mbutenko@mt.gov...more >>

I have an ASP.NET (version 1.1) application that needs to read data from a SQL Server 2000 database. Both IIS and the SQL Server are running Windows 2000. My first attempt to get this to work was to create mirrored local ASPNET accounts (same user name and password) on both boxes and giv...more >>

I am trying to load an untrusted assembly within a separate AppDomain so that I can restrict it's permissions. I based my AppDomain setup off some blog entries here: http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx http://blogs.msdn.com/shawnfa/archive/2004/11/08/253971.aspx Th...more >>

Hello. I've already placed a similar request on the server control newsgroup (www.asp.net beta 2 forums) and on the win tech OT list. From there i was redirected to here. I'm facing a weird problem while trying to host a windows forms user control on IE 6. I say weird because the control...more >>

I've got my Forms Authentication setup, but even with a valid login the following code just returns me back to my Login form. My Web.Config <authentication mode="Forms" > <forms name="MyAppName" loginUrl="Secure/Logon.aspx"/> </authentication> Code in my Logon.aspx After the user is vali...more >>

Using RSACryptoServiceProvider - (or any) in .NET - is it possible to encrypt with the private key and decrypt with the public key? From what I understand the encryption is done with the public (default?) and decryption with the private (defaukt?) Any help will do :-) -- Thanks Eric...more >>

I am trying to fix a nasty bug in my CryptoAPI code. The symptoms are that CryptGenKey & CryptImportKey take quite some time (5-10 seconds) to run on some machines, but it works fine on mine and lost of others. After chasing ghosts for a couple of days I ran a packet sniffer (Ethereal) and I fig...more >>

We have an app that runs on a network drive that has a Strong Name assigned it it and all dll's. This app ran flawlessly until a recent windows update was done and it now no longer works. If i copy all the files to the local HD, then it works again. I think it has to do with the Strong Name...more >>

Using the default constructor of RSACryptoServiceProvider - it creates a new pair of keys - public + private. 1) Is there a way to reinstall the private key on another machine? (I know that I can export the private key, but can I force the class to reinstall it using the exported data? ...more >>

The simple version of my question is this: how can you (or can you) set security so that a privileged assembly can only be called by a specific strong named assembly? I got hopeful when I found out about the strong name condition for a code group in cas, but now it seems like all you can do ...more >>

Hi, Can someone clarify the difference between the FullTrust and the Everything permission sets? I know that a FullTrust assembly will not undergo permission checking, but why give an assembly Everything permissions, when you could omit checking altogether with the FullTrust set? Thanks,...more >>

I've developed a small console application that gathers systeminformation about the machine. I can run this from a shared network drive, and it works fine. But when i implement 2 more functions that writes a key to the registry and creates a desktop icon on the machine that runs the app, i get...more >>

Hi there, I am usign System.IO.File.Exists in my ASP.NET code to determine if a file exists in the specified location. The webserver is my local machine, which is a part of the corporate domain. The file the existence of which I am trying to determine is sitting in the shared folder of the ...more >>

I am sure this is simple, but I can't find any documentation on using FORM Authentication and creating an account info recovery page that will not automatically redirect to the login page... In other words. 1. User Can't remember password or user name. 2. They click link on login page ...more >>

I'm working in a IIS5.0 IE5 ASP.NET1.1 enviroment. I need delegarion, I have read that this should be posible using Kerbros. But how can I get Kerbros to work and how can I test it? Currently I've got code that does the following: System.Security.Principal.WindowsIdentity winId = System.Se...more >>

the 'Access is denied' err in Q is referencing a file in: C:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error det...more >>

Hi, I have many questions. 1. I need to create a Hash value of a String. Does anybody has a function? I am havin troubles doing my own function, because i fail converting a Byte() to a String. 2. What is the most security algorithm? MD5, SHA1, SHA512?? 3. What is the difference bettewn...more >>

Hello I have gathered some code for changing a windows users password, but I need a bit more info. I want to change the password on several Winsows 2003 Server machines. None of them are in a domain. It appears that the WinNT directory services provider does not work on Windows 2003 Serv...more >>

Hi all, I have a VC++ v7 Windows C++ application (i.e. not C#) which is accessing a webservice via https. The directory is configured through IIS to require a client certificate. This web reference was added and the SOAP code auto-generated. While I have had no problem creating a C# appli...more >>

We have been using the managed class SHA512 for some time. Now we would like to transfer all of the hash values generated by this algorithm to a non-.NET environment (LDAP). Are there any gottchas that I should be aware of? Thank you. Kevin...more >>

how to detect who redirects traffic to a aspx page? is this info passed along in request object or can sites anonymously redirect traffic to other sites? ...more >>

seems that both provide similar encryption methods, i.e DES£¬RC2,TripleDes my question is that why every .net encryption class has a initial vector,and capicom does not need this parameter. also, data encrypted by capicom cannot decrpyted by .net component under system.security.cryptograph...more >>