Hello, On Wednesday, Feb 1 at 2pm PST Microsoft will be hosting a webcast for Microsoft ISV Partners, or those considering becoming an ISV Partner. The webcast will be presented by the Microsoft ISV Advisory Services team who will discuss the great value and benefits available for Microsoft...more >>

Hi, Im setting up a win32 based client/server aplication in C#. (Not a webservice) The server (a pc) must perfrom an action when the client (pc or pocket pc device) sends it a message via TCP/IP communication. Because of company policy I can not use IIS. So I must do my own user authenti...more >>

Hi, I am deploying my security policy (.NET 2.0) via an .msi. Problem is it seems I have to run it twice to get the policy changes to take effect. I have tried giving it several minutes to run and I have tried rebooting, but the first time through never does the trick. For my test, after I g...more >>

This is absolutely driving me nuts. Any hints would be GREATLY appreciated. I am trying to negotiate a clear channel socket to SSL. Thing is it works great on two development computers, but falls flat on its face when I go to deploy to a server. I have written both CLIENT and SERVER for FT...more >>

Hi, I'm running a ASP.NET application using the anonimous user. (ASPNET) I don't want the user to log in and I don't want to give any more rights to the ASPNET user either. So I thought of impersonating a local user just for the duration of a single method. That user will access the local S...more >>

I have the following scenario: 2 win2k3 servers with MCMS2002, load balanced 3 win2k3 SPS2003 servers in medium server farm configuration 1 SQL2k/2k5 environment (probably a cluster) All users are external and log on with credentials in active directory on the same domain as the servers above...more >>

Hello, I am building a web application with the following components: 2 Web Servers - Windows Server 2003 - IIS 6 - .Net Framework version 2.0 - Reside in Domain A 2 Clustered Database Servers - Windows Server 2003 - SQL Server 2000 - Reside in Domain B I am also setting up a...more >>

How can I prevent someone from dynamically loading an internal type from my assembly? Kindest Regards, Michael Primeaux ...more >>

I would like to create a class similar to RSA and MD5 CryptoServiceProvider. I need to call CryptAcquireContext in the .ctor and call CryptCreateHash, CryptHashData, CryptDeriveKey, CryptDecrypt, CryptEncrypt etc In the .ctor RSA and MD5 CryptoServiceProvider and other classes calls somehow ...more >>

Hi there, Im trying to use SMO to impersonate a typed (not logged) user, using Windows Auth to connect SQL Server! Even though, I'm having many problems while trying to trace the exception I got! If you manage to perform a Windows Auth connection to SQL Server using an inputte...more >>

I am trying to connect & exchange data with IMAP server using SSL. IMAP has command for logging in. Ex: A100 LOGIN "abc" "agc" I am using following code to do this... m_pSocket.Connect( m_pobjIMapServerIPAddress, 993); m_pNetworkStream = new System.Net.Sockets.NetworkStream( m_pSocket...more >>

Hi, Here is the scenario - I have priavte key stored on a Smart Card device on the client end. On the server end the corresponding certificate is stored in the AD. How do I retrive the relevant public Key from the certificate stored in AD? I am able to extract the certificate from AD (...more >>

hello i am using the enterprise library, and trying to resolve this issue on building: Error 3 Assembly generation failed -- Referenced assembly 'Microsoft.Practices.EnterpriseLibrary.Security.Cryptography' does not have a strong name PowerJobsDll My assemblies i sign using the visula st...more >>

How secure is it to use System.Environment.UserName for login purposes. We have an Active Directory so I was thinking to just use UserName instead of prompting for a username and password and having to authenticate myself. There isn't a high need for water tight security, so this seems ...more >>

Hi, I am trying to find out that how do I get the class X509Certificate2? I have .net framework 1.1 with me. When I look at System.Security.Cryptography the only class available to me for Certificates is X509Certificate. Thanks -- Rajesh Thareja...more >>

hi, i need to implement some data encription in my app. the trick is that i need the app to be able to decrypt but not encrypt that data. this is needed to make sure that data the app needs, comes from the trusted source. the app cannot be able to reproduce encription. can someone point me ...more >>

Hai, I've paste the shortcut of the exe in another computer which that connected with my computer via LAN. But when I tried to execute the shortcut of the exe it pop up Just- In-Time debugging where the error message is " An exception System.Security.SecurityExcept=ADion" has occured in MyProg...more >>

I am looking into deploying a ClickOnce application and am reading all these things about how you need a certificate to make ClickOnce work. After looking around, I found that I can use a utility called MakeCert.exe to make my own certificate but then the documentation says that the certifi...more >>

Hello! I have implemented a application, which encrypts and signs XML documents. Each time when the application runs, a XML document will be signed or encrypted, and a secret key will be created, which can used to verify or to decrypt the XML document. My question is: is there a possibil...more >>

I'm developing a secure app. So I have a connectionstring in my web.config. That string is encrypted. So it must be decrypted when I want to use it. The question is, do I have to call the decrypt procedure every time (which is a LOT of times), or can I do it once, and then have the unencrypte...more >>

Hello. I'm building a user control with visual basic .net 2005. I want to set the AllowPartiallyTrustedCallersAttribute attribute using: <assembly:AllowPartiallyTrustedCallersAttribute()> at the assembly level, but it doesn't work. the compiler says: Type 'AllowPartiallyTrustedCallers...more >>

HI, I am subscriber of these group and i need immediate help for my problem My problem as under I am using Asp.net "aspx" and Database is oracle 10g I am storing a "jpeg","jpg","img" all image file in to database using asp.net application and also read it from database and view in the ...more >>

Would someone from Microsoft please explain what scenario required the IdentityReference class in .NET 2.0 to be declared with an internal constructor. I have serveral use cases that would benefit extensively from a custom identity reference. However, that's not currently possible as the I...more >>

I have a client/server scenario where I need the client to impersonate a specific account, depending on rules established on the server. Essentially this a call back event that happens occasionally where the server needs to temporarily elevate the clients permissions to do some work. I really...more >>

I have a windows control dll in my root folder and embedded it on a webpage which works fine. I then tried to make a reference to a COM object in the control which needs to run on the client machine. I copied the dll for this object into the root as well. When I run the web application on...more >>

Hi I Have following program. When I run this program and try to encrypt the file using the "Encrypt" button, the file gets encrypted. But every time i do encrypt, I get a different output. As per my knowledge of the cryptography, every time I encrypt same data using the same key, I shoul...more >>

Hello All. Can anybody describe me why this code: string assemblyPath = "myassembly.dll"; X509Certificate cert = X509Certificate.CreateFromSignedFile(assemblyPath); Evidence evidence = new Evidence(); evidence.AddHost(new Publisher(cert)); AssemblyName asmName = AssemblyName.GetAssem...more >>

Hi, My windows service application contains an IpcChannel which listens msg from client. If I install it with MyServiceProcessInstaller.Account="LocalSystem" or "LocalService", or "NetworkService". Then I got an exception "System.Runtime.Remoting.RemotingException: Failed to connect to an IPC ...more >>

Hi, What is the most secure option for web service security that is also easily interoperable between .NET and java, or other technologies? Suppose you are developing a .NET WS, and plan to have many callers using many different technologies, which mechanism would you choose for authenticatio...more >>

Hi, If CAS policy is setup to deny an assembly ANC the permission FileIOPermission, then if the assembly attempts to do File IO, the .NET FW assembly that handles file IO should catch it, right? It shouldn't be necesarry to put a check for FileIOPermission in the assembly itself, and would se...more >>

I'd like my application to encrypt certian secitons of the config file. I'd like to use the System.Configuration.SectionInformation.ProtectSection API. However, I'd like the application to be able to decrypt the file no matter what user is using it or what machine they are running on. So I can...more >>

Hello all. I'm working on a project for a community college which allows the Alumni to update their contact information over the web. We would like to mail the Alumni a physical letter which has the link to the web form that collects the data. The Alumni then will enter in their ID number which ...more >>

One of the constructors for a WindowsIdentity allows you to pass the UPN of a user and have an identity created for that user. If your permissions are setup correctly then the system is supposed to return you a delegatable token that you can use for impersonation. I have been attempting just this...more >>

Hello, I have a problem with security-settings in a .NET Application. The application has a strong name and is full trusted ("Trust an assembly" - Full Trust), ..NET Security is set "Local Intranet - medium trust". The application ist installed on a network-drive. Working-Directory an...more >>

We currently have an application running on .NET 1.1. It hashes certain data using System.Security.Cryptography.SHA1Managed class. It has worked out fine until we upgraded the app to .NET 2.0. SHA1Managed in 2.0 hashes to a different stirng output when the input is exactly the same. Why wo...more >>

I am reading the Event Log from application , its working fine when connects to local coputers event log but giving the following message instead of the actual error message when connecting to remote server's event log ------------------------- "The description for Event ID in Source cannot be...more >>

Which certificate store does IIS look at when someone tries to send something through SSL to your website. Thanks, paul...more >>

I have a .Net app running on a Win2K3 server, with .Net framework 1.1.4322. On a separate Win2K3 server, were are running SQL 2000, with no service packs (don't tell me about it - its a customer requirement). The .Net app connects using a SQL login account, which has been granted all the necessa...more >>

Hi, I need to check the current principal's read-, write- and full control access to a given directory without using try-catch. Any suggestions will be highly appreciated. Best regards Birger Niss ...more >>

I have a machine that is running the 2.0 version of the .NET Framework. I have installed a VB .NET application (dll A) on this machine although instead of installing the files to my local drive I am installing them to a shared network location. I have another application that calls dll A. When I ...more >>

Im developing a c# application and i want to access properties like the name of the person. example: DOMAIN\jsmith - I want to Access "John Smith" the same way Share Point does for the its users. Please help me. Thanks...more >>

I have a client/server application that uses TCP socket based communication, and right now I'm using my own ID/password scheme. Clients send an ID and password to the server, which authenticates them against a table in a local SQL database. This requires users to keep track of multiple logins/p...more >>

I have previosly developed some small apps in Visual Studio .NET 2003 and MS SQL server. Am now about to develop a secure webapp in .NET to be used on our intranet, and I'd appreciate some input. We are using Active Directory (AD), and MS SQL-server. I need some SSL in the mix also. The word ...more >>

Hi all, The following are my need: 1. When a PC starts, my software should come up directly without any user interaction. 2. Only my software will be accessible to the user and they will not be able to access anything from Windows - nothing at all. 3. A super user can access the software as we...more >>

I'm having troubles with reading Request.IsAuthenticated in Application_AuthenticateRequest. I have a scenario where I end up with two .ASPXAUTH cookies, and there's no way in the world I can get rid of both of them. I set a new one, but it doesn't matter - IsAuthenticated always returns false...more >>

How can I programmatically issue X.509 certificates for my users? I mean people give my program their public key and other characteristics of themselves (like name, address, etc) and the program gives them a digital certificate (*.cer,*.der, etc file) which is signed by my private key. Of cou...more >>

I want to create a custom user control to be used in a web page (by object tag) as an assembly. The user control needs to have a web browser control in it. Having tried with the managed System.Windows.Forms.WebBrowser or AxSHDocVw.AxWebBrowser, none of them worked from IE invocation unfortuna...more >>

The following code gives: An unhandled exception of type 'System.InvalidOperationException' occurred in System.Security.dll Additional information: The recipient certificate is not specified. SignedCms cmsMsg; ContentInfo cInfo; byte[] content; content = new byte[] { 0, 1, 1, 2, 4, 6, 6...more >>

Hi, I'm getting the following error when running a VB.NET 2.0 user control within Internet Explorer (i.e. embedded as an object in an HTML page): "Microsoft .NET Framework Application attempted to perform an operation not allowed by the security policy. To grant this application the require...more >>

Hi, I have created a custom key called "TestKey". Gave acess to NT Authority\network. Added code in web config... <configProtectedData> <providers> <add keyContainerName="TestKey" useMachineContainer="true" description="Uses RSACryptoServiceProvider to en...more >>