*Without* using a deployment/setup project, is there a graceful way of stopping a .NET 2 app. at start of execution on a .NET 1.1 fcl system? (or is it best just ot let the CLR (or PE .. CLR invoker) inform you ? - Mitch ...more >>

I'm in the process of trying to create a template ASP.NET 2.0 web site for all the developers in my group. I'd like to encrypt the connection strings for commonly used databases and put them in every developer's machine.config file. However, I'm not sure the best encryption to use. 1.) Do I...more >>

i am writing a code for export data to excel, it is working smooth on windows 2000 platform. After I upload to windows 2003 server, FileInfo object always has problem: the FileInfo object can't access and always return "Access is denied" but i grant ASP.NET has write and modify permission an...more >>

Using .NET 2 managed code only, what is the best that can be done security-wise in collecting a password from the user (as console or some pswd control dialog) and passing to a function (like X509Certificate.Import) which can accept a SecureString? What about pinvoking to access a secure pass...more >>

Hi all, Am trying to implement some security on my program. This program will be run on a number of machines across the globe. I have created a number of user groups which contain the access priveleges of the windows users but as they are not builtin groups I cannot do as below! <Principa...more >>

My web app is not on a secure server. However, before getting to my app, a user is supposed to logon thru a secure server. Is there any way to tell that the user has been approved and is coming from the secure site rather than just typing the url in their browser? Is there any way to pa...more >>

I've built a .net 2.0 Windows Service that accesses a Registry key shortly after startup. On one XP Pro SP2 I build the service and referenced libs, deploys the servie, starts it up, and it runs fine. I transfer the service and libs to another XP Pro SP2 box , deploys it , starts it up ,...more >>

The following code works fine in VS2003 (.Net 1.1). However, in VS2005 (.Net 2.0) it throws a "Bad Data" exception on the decrypt line! (Although this example may seem pointless, it is just the pertinant lines from larger source code. It was consolidated to highlight the error). Is there...more >>

Hi. I'm trying to understand how to use CAS, and found something strange. I'm trying to deny my program of a few permissions to see what happens. I created a small program that creates the file c:\hello.txt and exits: [assembly: FileIOPermission(SecurityAction.RequestRefuse, ViewAndM...more >>

Hi, I am loading a private .pfx key using the X509Certificate2 class by the following line X509Certificate2 x509 = new X509Certificate2(PrivateKeyFile, PrivateKeyPassword); where PrivateKeyFile and PrivateKeyPassword are strings. This perfectly works on my computer with windows XP home and...more >>

Security problem running unmanaged code (.ocx control) in a windows from control hosted in IE6 Hi, I have design a windows from control which contain a .OCX in one of its forms. Component developed in C#2005 -------- .NET2 Now, the control is loaded successful via IIS in my web ...more >>

Hi, I have set-up my web app to use ASP.NET 2.0 membership and roles. It works OK on my local Windows XP Professional PC but when I upload the site to our Windows 2003 development server it doesn't. The local and development server web sites both point to the same SQL Server 2005 database (loca...more >>

I have written a .NET application which does heavy use of interop (through ManagedC++). It works allright. Now someone askedme if it works when installed in a shared directory. So I'm testing, installed the application on a remote computer, in a shared folder and trying to run it from this re...more >>

I have written an application which I have "installed" (copied) in a shared directory on some remote computer. Now I'm trying to run this application but I get plenty of SecurityException all over the places. I'm trying to use mscorcfg to grant full trust to the application, but that doesn't...more >>

I'm currently working on a system that is made up of multiple Databases. The first database contains all of the user information; such as UerName, password (stored as a hash) etc... The other databases are used to provide different services, for example one of the databases may be used to s...more >>

Is there a tutorial to create custom permissions and deploy/import it in Visual Studio IDE source ...more >>

I am building a generic Password object for my application and I am thinking of using an instance of SecureString as the backing value for the Password Instance. However, in order to compare it I have to serialize it to a string. So I feel like my password object should just auto hash the pass...more >>

Just curious why people freak out about not having SSL and/or having a SQL Server port 1433 open. If I do the following why do I care about SSL or port 1433? 1. 40 character passwords for all SQL accounts 2. any sensitive data written to the SQL server is encrypted (via one of numerous ...more >>

So I have the following situation: 0. I have a web app in an intranet setting. 1. I have a .Net 2.0 user control that i want to embed/host in IE. 2. It relies on a 3rd-party COM dll. 3. I've created an interop assembly around the DLL and gave it a strong name. 4. I've given my user control a...more >>

Hi How can I encrypt a string with the new ProtectedData class in the .NET Framework 2.0? I have an example, but I receive always a 㣊 as output?!? Here's my code: Dim plainBytes As Byte() Dim encryptedBytes As Byte() Dim cipherText As String ' Conver...more >>

As some of you may have noticed, the JavaScience web site is now offline (except for a basic home page). It has been suggested to me that I should author (or co-author) a book on the material therein (probably an "Interop Cookbook" type of publication). My initial thought was to simply sell th...more >>

Hi everybody, When I place data field into crystal report and then run the web application, it causes error with a message: Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error...more >>

Are there any public examples of applications deployed by ClickOnce on the web? (preferably ones that have the deployoment manifest Authenticode-signed). Before deploying a few of my .NET 2 apps that way, I want to see what the GUI user experience looks like. Also, for elevated permissions ...more >>

Particulars: Wn Server 2003, DotNet 1.1 IIS 6 I have a web application that needs to determine a UNC of a file on the web server to send to another application server. I have developed two solutions, one using WNetGetUniversalName, and the other using NetShareEnum. Both work fine on an XP P...more >>

I have an application in which I would like to add user accounts into an object. The user gets to type in the user they want added. I only want to do this for user accounts and not roles/groups. I am looking in security.Principal but cannot find a way of doing this. Is it possible? Adrian ...more >>

Hi, I need to digitally sign an XML document. I already hashed the string to be signed, but my problem is the private key is provided to my user in a "*.key" file (PKCS8), so my question is: how should I extract the private key from the file, in order to create the instance of the system.sec...more >>

One thing I noticed in first release of .NET is that programs stored on My Computer were granted fulltrust regardless its location effectivly equivelant to an unmanaged application. My thought is that assemblies in temp directories, my documents, etc, can in general be assumed to have come fr...more >>

Hi, i want to run my application from a network share. With the .Net Configuration Tool i changed the permissions of the localIntranet_zone to FullTrust. Without success: "The application attempted to perform an operation not allowed by the security policy.The operation required the Securit...more >>

I have three Active Directory domains across two forests, Dom1 and Dom2 are in one forest, while Dom3 is in another. There are bidirectional trusts between Dom1 and Dom2, and there is a one way trust from Dom2 to Dom3. We have a users stored in Dom1, and Dom3, and those users are assigned to...more >>

Hi, I'm currently deploying a 1.1 .net dll assembly which is installed on a shared folder on a file server along with a legacy application. The clients run the .exe from the server. The .exe calls the .net .dll via interop. In our environment we had to increase the trust for the as...more >>

hello experts i'm new to encryption so please... i think i've tried every piece of code out there that claims to encrypt/decrypt files the common thing about them all(and that is strange...) is that the proccess changes the file (in fact it adds 16 bytes to it, no matter if i encrypt or decr...more >>

I need to configure a web server with CA and produce the public key .I have got no idea on doing it .Later i will have to send files from asp.net with digitaly signatured. I need help on this particular topic. Please Hep...more >>

are System.Data.SqlClient.SqlConnection thread safe? can many threads share a System.Data.SqlClient.SqlConnection instance without any synchronization? ...more >>

All, I was able to find an IETF document proposing some specifications for GSSAPI C# bindings (http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-csharp-bindings-00.txt), but I was unable to find any suitable implementation. The goal is to use MIT Kerberos to authenticate to remote...more >>

Hi, We are creating a application where we until now has been using AzMan for authentication. We are now looking at alternatives, because we have some problems with AzMan, eg ClickOnce, Windows 2003 AD Domain level. We think that we are able to shift to only be using AD Security groups, ...more >>

I am trying to deploy an application to our application server using Clickonce. I was hoping not to have to install the application on every Citrix server that our users access, but utilize the Online Only function to actually run the application from the application server. I have created a...more >>

I need to modify my application so that my users don't have to always login as an Administrator on the machine. Currently we store data for the application where the application was installed on the machine (c:\program files\[product name]\xxx). This works fine except that in order to run the ...more >>

Hi all, I'm implementing role based security, but I keep having this nagging feeling that it may not be as secure. Using role based security to classes / methods, whats to stop a malicious client from creating their own prinicpal that answers yes to ever IsInRole call? What should I watch ...more >>

Hi All, This is my first time dealing with data and file encryption over the web and was hoping someone could lend a helping hand. My client has the following requirements. They wish to allow their users to upload files (xls, xml, and pdf formats) that contain sensitive information. I am tr...more >>

I need help for making an asp.net app where a USER uploads his file to a Location.While uploading it should be digitaly signed........... At the server the signature has to be verified....... I need some light into this issue... What is MCS and how can i use this on this application Parv...more >>

I can not get into a credit card site because it says I do not have 128-bit encryption on my browser. I updated to internet explorer 6 sp2 from the internet. What could be my problem?...more >>

Im trying to do a new app where i can store most of my passwords, basically another "Password Keeper" style tool.... Question about this is what is the best way to store the data, as a plain XML or MDB is totally insecure im wondering what other choices i do have and how do i can implement th...more >>

Hi, I have created a web service which I am calling from InfoPath, a WinForms application and an ASP.NET Web Application. I would now like to implement some security. The web service is only being used inside a corporate network, so I can use Windows-based security. How secure is it if ...more >>

If your a service as say Admin or Local System, can you impersonate other users without their password (i.e. run a thread with their WindowsIdentity)? TIA. -- William Stacey [MVP] ...more >>

I am moving an application over to 2005 and CLR 2 which so far has had minimum trouble. Now I have hit a real road block. I use Authorization Manager with the enterprise lib security block. Part of that requires that the AzMan managed wrapper "Microsoft.Interop.Security.AzRoles.dll" which I...more >>

Hi I haven a question concerning roles and membership in asp.net 2.0. I work for an online university, and we would like to implement role based security for our portal. Currently our university has 11 courses, which fall in 5 semesters, and each course has is then subdivived into approx 5 or ...more >>

Hi, We are using Enteprise library in our application to manage database connectivity to a DB2 server. When the application is delpoyed we receive an error when opening a connection to the database. The problem is that the db2app.dll is not allowed the registry access. I have read the securit...more >>

Hi - we've got an ASP.NET 2.0 application that needs to write to the event log (an already created source). The code works fine on XP but on 2003 throws an access denied exception on EventLog.WriteEntry. I've played around with the CustomSD string as suggested by several other posts, but I can...more >>

Hi all, The SslStream class has a method named AuthenticateAsServer which uses a boolean parameter named clientCertificateRequired to authenticate the client. What's the behavior differences for true/false values? Does the client needs to install the certificate? Thanks, -- Andre Az...more >>

Sur un TS en W2003, nous rencontrons des probl=E8mes avec des exe C# ..NET qui accepte de se lancer sous un compte administrateur mais qui refuse de s'ex=E9cuter sous un compte plus limit=E9 (de niveau de droits utilisateur). En recherchant d'un peu plus pr=E8s, l'erreur vient de la m=E9thode ...more >>