are System.Data.SqlClient.SqlConnection thread safe? can many threads share a System.Data.SqlClient.SqlConnection instance without any synchronization? ...more >>

All, I was able to find an IETF document proposing some specifications for GSSAPI C# bindings (http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-csharp-bindings-00.txt), but I was unable to find any suitable implementation. The goal is to use MIT Kerberos to authenticate to remote...more >>

Hi, We are creating a application where we until now has been using AzMan for authentication. We are now looking at alternatives, because we have some problems with AzMan, eg ClickOnce, Windows 2003 AD Domain level. We think that we are able to shift to only be using AD Security groups, ...more >>

I am trying to deploy an application to our application server using Clickonce. I was hoping not to have to install the application on every Citrix server that our users access, but utilize the Online Only function to actually run the application from the application server. I have created a...more >>

I need to modify my application so that my users don't have to always login as an Administrator on the machine. Currently we store data for the application where the application was installed on the machine (c:\program files\[product name]\xxx). This works fine except that in order to run the ...more >>

Hi all, I'm implementing role based security, but I keep having this nagging feeling that it may not be as secure. Using role based security to classes / methods, whats to stop a malicious client from creating their own prinicpal that answers yes to ever IsInRole call? What should I watch ...more >>

Hi All, This is my first time dealing with data and file encryption over the web and was hoping someone could lend a helping hand. My client has the following requirements. They wish to allow their users to upload files (xls, xml, and pdf formats) that contain sensitive information. I am tr...more >>

I need help for making an asp.net app where a USER uploads his file to a Location.While uploading it should be digitaly signed........... At the server the signature has to be verified....... I need some light into this issue... What is MCS and how can i use this on this application Parv...more >>

I can not get into a credit card site because it says I do not have 128-bit encryption on my browser. I updated to internet explorer 6 sp2 from the internet. What could be my problem?...more >>

Im trying to do a new app where i can store most of my passwords, basically another "Password Keeper" style tool.... Question about this is what is the best way to store the data, as a plain XML or MDB is totally insecure im wondering what other choices i do have and how do i can implement th...more >>

Hi, I have created a web service which I am calling from InfoPath, a WinForms application and an ASP.NET Web Application. I would now like to implement some security. The web service is only being used inside a corporate network, so I can use Windows-based security. How secure is it if ...more >>

If your a service as say Admin or Local System, can you impersonate other users without their password (i.e. run a thread with their WindowsIdentity)? TIA. -- William Stacey [MVP] ...more >>

I am moving an application over to 2005 and CLR 2 which so far has had minimum trouble. Now I have hit a real road block. I use Authorization Manager with the enterprise lib security block. Part of that requires that the AzMan managed wrapper "Microsoft.Interop.Security.AzRoles.dll" which I...more >>

Hi I haven a question concerning roles and membership in asp.net 2.0. I work for an online university, and we would like to implement role based security for our portal. Currently our university has 11 courses, which fall in 5 semesters, and each course has is then subdivived into approx 5 or ...more >>

Hi, We are using Enteprise library in our application to manage database connectivity to a DB2 server. When the application is delpoyed we receive an error when opening a connection to the database. The problem is that the db2app.dll is not allowed the registry access. I have read the securit...more >>

Hi - we've got an ASP.NET 2.0 application that needs to write to the event log (an already created source). The code works fine on XP but on 2003 throws an access denied exception on EventLog.WriteEntry. I've played around with the CustomSD string as suggested by several other posts, but I can...more >>

Hi all, The SslStream class has a method named AuthenticateAsServer which uses a boolean parameter named clientCertificateRequired to authenticate the client. What's the behavior differences for true/false values? Does the client needs to install the certificate? Thanks, -- Andre Az...more >>

Sur un TS en W2003, nous rencontrons des probl=E8mes avec des exe C# ..NET qui accepte de se lancer sous un compte administrateur mais qui refuse de s'ex=E9cuter sous un compte plus limit=E9 (de niveau de droits utilisateur). En recherchant d'un peu plus pr=E8s, l'erreur vient de la m=E9thode ...more >>