Whenever I start Visual Studio 2003 and open a project that is on a non-local disk (i.e., on a server), I get a message box about "The project location is not fully trusted." HOWEVER, I've already set Local Intranet to FullTrust. This is in a roaming user profile situation, and the problem...more >>

I've been looking at google for a method of adding a certificate to the cert-store from C#. I would prefer something that doesn't popup dialog-boxes -- but I'll accept just about anything. I looked at certmgr.exe, but it would be rather sad to have to start that in a seperate process -- and it...more >>

We developed a COM Wrapper DLL around some code that accesses a Structured Storage file (starting with a call to StgOpenStorage). The COM Wrapper DLL is accessed from an ASP.NET application written in C#. With our ASP.NET application running on Windows 2000 Server and Windows XP, the call ...more >>

I have a WinForm app that will run on XP boxes in a Win2003 AD domain named "GTI.int". I have several Universal security groups named "ILF_x", one of which is "ILF_Installer" and I have made myself a member of that group for development. There are arrays of security group names associated wi...more >>

I need to get an array of security groups the current user is a member of. I don't care about the builtin groups. I use an array of windows security groups the application relies on for internal security to enable menu items, allow actions, etc. within the application, so I need to get an ar...more >>

is there any way to clear the buffer of a System.IO.StreamWriter so that it does not do a flush when it is closed in the finaly block? ...more >>

I can't seem to understand what a linkdemand for a principalpermission means? If linkdemands are satisfied at JIT phase, how can it figure out the current principal before running the code? For example, if I was going to use windowsprincipals to make RBS decisions, and I decorate a method ...more >>

Hi All, Sorry to crosspost but it's a security and an ASP.NET problem I have. We run each website site under it's own I_<user> account and ASP.NET is configured to impersonate so requests run under the identity of the I_<user> account. In windows 2000 server how do I prevent a user from c...more >>

Hello group! We're planning to use strong naming for our app and this does indeed work fine *if* the app has been registered for fulltrust (w/ caspol). Trouble is if it's not *yet* fully trusted. Then, if the app starts it bombs immediately with an *ugly* message which the average end-user ...more >>

Is there a way for an assembly to enumerate all the permissions granted to it by the runtime? For some reason I remember reading somewhere in the past that you can't do this, but I wasn't sure. ...more >>

Hi everyone Has anyone got the least experience in integrating the Digital Signature with an ASP.NET[C#] Web Application? Here in Denmark, as I supose in many other countries, they're promoting the digital signature. A lot of people already has one, to do their taxes, and much more. I hav...more >>

how can protect my source code from decompiler?...more >>

Hi everyone, I've got the following error: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. In my webconfig file I use: <authentication mode="Windows"/> <identity impersonate="true"/> My connectionstring is: data source=SAN-SRV4; initial cat...more >>

Hi guys, I am writing a simple client-server app and the client sends requests to the server. The client and server communicate using sockets. I want to encrypt the client request using servers public key. This is what I am currently doing...In the setup program, I created an object of...more >>

Is there any security engineering section for windows form in .NET. There is a security engineering section for web application in msdn http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwawalkthrough.asp Can the above section be used for windows form as well. Any ...more >>

my ASP .Net application works fine until I have it run under SSL. When a remote user wants to write a file or create a folder, the app will throw a permission error although permission is already given (again, it works with under regular HTTP protocol). Does anybody have an idea what the pro...more >>

I'm experiencing something that I am not certain is normal or a problem. I have a byte array that, once run through a method that encrypts using Triple DES, the array now "appears" to be truncated. By this I mean that the final three bytes are now showing 0 (zero) in the debugger. When I de...more >>

Hi, i need a simple way ( no app blicks ) to encrypt and decrypt data what is the object/method i should use? TIA. ...more >>

Why do code signing authorities refuse to issue certificates to individuals or open-source projects? Are they seriously saying that organisations like Enron, Worldcom, etc are more trustworthy than the people who contribute to GotDotNet? Why do they cost so much? Code Signing is a great ide...more >>

I'm trying to use the LogonUser function from "advapi32.dll" as described in the KB article "How to validate Windows user rights in a Visual Basic .NET application" but the function returns the error message "A required privilege is not held by the client.". Please can you explain what this me...more >>

Multiple sessions is pretty feature of XP. In domain environment its not working by default. How can i use this feature in domain environment? May be Vista can help me?...more >>

how to get the number of milliseconds between two System.DateTime objects ...more >>

I am getting an error stating "...data to be encrypted exceeds the maximum for this modulus of 256 bytes". I am at a loss as to how this could be, as I'm only attempting to encrypt less than 30 characters. Does anyone have any ideas as to what could cause this error? I'm creating my keys in...more >>

Hi, I've already posted this in a different group, but I've received no reponses... ------- I have some load balanced IIS servers, which get content and .NET applications from clustered file servers using UNC shares. The content within the shares are secured using NTFS file permissions. ...more >>

This is regarding passing WindowsPrincipal from my client to the server; I’m developing a Windows based application in c#. When ever I try to pass WindowsPrincipal object from the client to server it says “Exception ha been throw at target invocation…” I’m using call context (tha...more >>

Hello I'm using xml based AzMan (I'm on Win XP) and Active Directory users. I want to be able to know if a user belongs to a certain role from an app. If I'm doing like in the code below, I'm not capable to see in the windows principal the roles defined in the .xml AzMan file. IAzApplicat...more >>

when i try to run a C++ .net executable from a network drive hooked to server it throws the following execption SYSTEM.SECUTRITY.POLICY.POLICYEXECPTION. i have tried copying the project in to the network drive and running it from there but it shows the same error...any suggestions!!! your hel...more >>

I might be going out of my mind but I have been looking at this for hours, and after a lot of smoking and banging my head I think I have solved the problem, and thought someone might be interested. I have an ASP.NET website which I needed to log errors to a custom log. I create the custom log ...more >>

Hello, I have one question regarding the importance of salt in encryption. As I understand, the salt is used to prevent dictionary attacks. Also, it is recommended that the salt isn't always the same, and that it should be randomly generated for each message. This random salt should then be...more >>

Hello, I've got a really strange problem; this is the case. I've got a web application that uses windows authentication, other users are not welcome. In IIS I've checked Windows Authenticity and unchecked anonymous acces. When users want to enter the site, the windows dialog popsup as expec...more >>

Hi, I am trying to convert this Java code into C#: JAVA: SecretKeySpec systemKey = new SecretKeySpec("TEST KEYTEST KEYTEST KEY".getBytes(), "TripleDES"); Cipher cipher = Cipher.getInstance(DESEDE_ECB_NONE); cipher.init(Cipher.ENCRYPT_MODE, systemKey); byte[] eac = cipher.doFinal(cardRand...more >>

I'm writing a .NET 2.0 app I want to deploy it in the net. Apparently (due to an "unknow publisher warning" while downloading in the browser) I have to give a strong name to my installer & my components. My (.NET 2.0 beta2) project is a mix of C# & MC++. - To authenticafe my MSI I need a .sp...more >>

please help! I am trying to use ADAM with ASP.NET 2.0 beta to store users and roles. I keep getting "The system cannot open the device or file specified. (Exception from HRESULT: 0x8007006E)" Any ideas on what this can mean? This exception pops up whenever I try to CreateRole("testrole"). ...more >>

According to this article it is very easy to break strong names http://www.codeproject.com/dotnet/NeCoder03.asp Is there a way other than strong names to secure .Net assemblies Any help is appreciated. Thanks, Vishal...more >>

Hi, I am using "Forms" based authentication for allowing users to enter "webapplication". is there anyway that I can make "Windows" authentication only? If I go to IIS/defaultwebsite/"webapp" and change directory security properties to Integrated Windows Authentication only, would that work...more >>

Hello, I have a web app that uploads files to a file server (different box than the web server). The application uses NT integrated authentication, but no users should have permissions to the file server. How can I use a fixed domain account to upload the files to the file server while ...more >>

Hi! I'm trying to put together a demo for signing/verifying/encrypting/decrypting documents via pkcs #7 in VS2005, as per instructions in http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx The problem I'm getting is that when I call envelopedCms.Decrypt(), the operation f...more >>

I have hashed the passwords of a web application for storage and validation in a SQL Server table. The application is being migrated to a new web server environment. Is there a key that I can transfer so that validation will still be successful in the new environment? The logic I curren...more >>

Hi! I'm trying to put together a demo for signing/verifying/encrypting/decrypting documents via pkcs #7 in VS2005, as per instructions in http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx The problem I'm getting is that when I call envelopedCms.Decrypt(), the operation ...more >>

Although I already have an own implementation for pinging remote hosts, I encountered problems which I hoped others may have already solved. The thing is, that all sources I found (including my own) use raw sockets to send ICMP echo requests. A user without administrative privileges does not ...more >>

I need to create and store a public/private key pair in a container. I'm using RSACryptoServiceProvider to create the keys, store them in the container and retrieve them. My problem is this: I need to get the actual public key value, not the components used to create the key. Whenever I ...more >>

I followed the example at http://support.microsoft.com/kb/899553/EN-US/ and it works great but it gives Full Control. I figured out how to give read write also. But how can I set the permission to Modify?...more >>

Hi guys, I'm trying to write a library that will allow me to add a custom permission for my applications (let's call it ApplicationPermission for now), and a custom security attribute to support declarative syntax. I've gone about this, creating my ApplicationPermission class, derived from ...more >>

Hi all, I have a few questions about restricting who may call an assembly i'm building. First, I have a business assembly on a web server, with Serializable objects that use remoting to move themselves to a data server (which also has a copy of the business layer, and a data layer assembly ...more >>

I'm curious to know if sensitive data I store in, for example, the HttpApplicationState, is safe from being obtained by non-authorised users? If it is not safe, how does one go about accessing the information? Mini-dump to examine stacks and heaps etc? Basically I use the registry to stor...more >>

Hi I have created a component in .NET to use in a classic ASP application on an intranet. It should use the Windows authentication and WindowsPrincipal.IsInRole() method to check which groups the user belongs to: .... AppDomain ad = Thread.GetDomain(); ad.SetPrincipalPolicy(PrincipalPolic...more >>

Hi, I need some info after strange behavior from .Net Framework security update... I developed an activeX in C# (ie: a dll) and I need now to allow this activeX to run on the client computers without any manual action (such as configure the .Net framework policy). I create an exe file whic...more >>

I've got a few posts that are all related but I've gotten a little farther and figured I should make a new post. I am writting a VB dotNet program that has to restart the PC halfway through. In order to ensure it restarts with the same userid and password I have to setup the following re...more >>

Kikoo, Je cherche un exemple de code de service windows qui utilise un Certificat X509, sans avoir besoin de se logger dans windows. Je me galère avec l'API Crypt32. Merci. Hello, I'm looking for a code sample in for a windows service which use a X509 Certificate without login on ...more >>

Hi I'm testing a vb.net console application that's kicked off by a scheduled basis on hourly basis. I'm using Enterprise Library mainly for Data access & logging. I have recompiled the source code leaving out instrumentation functionality as it's creating quite a few security violations. T...more >>