Hello, I have the Microsoft Authenticode certificates (PKCS #7 Certificates, .spc and .pvk files) acquired from Verisign. How do I use this certificates to Sign the manifest for ClickOnce deployment. IDE accepts only .pfx files. Importing in Internet Explorer and exporting back doesn't seem l...more >>

Does anyone know.... is it possible to see if a loaded assembly skipped verification or was verified? I'd like my application code to be able to programatically verify that a loaded dependency assembly is indeed signed properly and did NOT use skip-verification, other than checking the ver...more >>

I create a user token for the windows anonymous user ("NT AUTHORITY\ANONYMOUS LOGON") using ImpersonateAnonymousToken. I successfully create a WindowsIdentity from that token, but the Groups property always reports zero groups, even though I have added the "NT AUTHORITY\ANONYMOUS LOGON" user...more >>

Hi, I get a Security Error when my WebService makes a call a method in another assembly. The details of the exception as viewed in immediate window of Visual Studio are pasted below. I am able to debug my WebService method. However, when it tries to call a method in another assembly, it fa...more >>

I'm trying to sign my Visual Studio 2003 C#.net WinForms app. I'm following this article: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/strongNames.asp I've generated the public and public/private key files. Then I added the appropriate lines in 'AssemblyI...more >>

I'm running into a dilemma. I"m trying to encrypt a message on one machine, and have it decrypted on another machine (say, the target application). But, I don't want the keys to be 'hacked' very easily. This is a small amount of info, and so I thought RSA sounded appropriate. My idea was to...more >>

When I restart or log back on, my Windows Firewall turns off. I have checked into the advanced tab and in the ICMP settings, and it has "Allow incoming echo request" checked. This seems suspicious to me because I am not sure if this is a ligit setting. Is there something that I can do to p...more >>

I am trying to set Full Control permissions on a directory. I have tried every combination of InheritanceFlags and PropagationFlags and I am having no success. After running the below code the parent directory "C:\Scripts" will have list permissions set, and special permissions Full Control. ...more >>

Hello, I would like to distribute an application in my company local area network. I published the setup via ClickOnce that works great for this purpouse even because it's wonderful for new releases of the program. Moreover I would like to avoid the prompt of the new release when a client us...more >>

Hi, RSACryptServiceProvider allows to specify OAEP padding. I wonder if there is a way to specify the encoding parameter P for this padding as specified in PKCS#1 v2 ? And what is actually used ? I would guess "null" ? If it is not possible to supply this parameter, i would need to do th...more >>

I wanted to use Dotfuscator before releasing my commercial application. I tried dotfuscating the entire EXE but it failed with some cryptic error about System.Drawing. I have no idea how to resolve that. So then I thought the next best thing would be to dotfuscate the DLLs that are part of ...more >>

Hopefully this is simple and I'm just missing it. I need to be able to use C# code in .Net to change the values of some of the Local Security Settings under Local Policies...User Rights Assignment. So far I haven't been able to find anything on how to change Local Security settings via code. ...more >>

I've written an app in Visual Studio 2003 (C#) that I want to correctly handle situations when the app is run from a network share. I've written some code in the main form constructor to attempt to access the registry. I've put this code inside a try/catch block and my app correctly displays...more >>

I order to automate some mail processing I need to access POP3 servers over a secure channel. A couple of MSDN articles recently written by Dominick Baier was helpful to me when I implemented a solution in C# with the .NET Framework 2.0. It works fine as far as I don't try to connect to an MS ...more >>

I wonder if anyone can help me. I have a request for an application to be installed on a server and the client to just have the .net framework. I have created a .net 2003 application. The executable, Calendar.exe, needs to be executed by the client on this server, Helios. Now this runs fine if...more >>

I am trying to run a app over a network share but it doesnt work. I also tried to grant full trust application but it still doesnt work. The error shows up when it tries to open a excel sheet over the network. Below is the error message. System.Security.SecurityException: Request for the p...more >>

Hi I am developing a SSO web part between a SharePoint site and my web application. I would like to accomplish this by passing the guid of the currently logged on user to the target web site. It seems the only way to get this id is by performing an AD lookup for the current logged in us...more >>

All, I have an application that will generally run on a machine where the logged in user belongs to the Administrators group. However many people may actually use the machine (a piece of quality control equipment for SMT manufacturing). These other people maybe Administrators (full access ...more >>

I'm looking at Verisign for my SSL certificate for our web/SQL server. What options should I look for and which provides the fastest response? ...more >>

Maybe someone can educate me, but how is the CipherAlgorithm set for an SslStream in .NET 2.0. I noticed you can get the CipherAlgorithm from an SslStream property, but how do you set it, or at least require a specific algorithm? Is this decided by the Cert? ...more >>

hi, i've found out here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=131195&SiteID=1 that FtpWebRequest does not support implicit connections. I have a serious problem with that, because i need to talk to an Ftp server that supports only the explicit connections. changing the server...more >>

Any recommendation for a product license generation/api package for ..NET? Thanks, ajam http://HackBuzz.com The Security and Programming News Portal ...more >>

Is there a way to attach a certificate to a website in IIS? I will be doing this during an install so using IIS and clicking buttons is not an option. The certificate is already installed in the store and know all the particulars about it. During installation, I just need to hook the ce...more >>

Hi, new to this newsgroup so please bare with me if Im a bit off here. I have created a Windows User Control in Visual Studio 2005 (.NET 2.0) that I load through a Web Form using the OBJECT tag. During development I used the "ASP.NET Development Server" and in here I have got the user c...more >>

Hi, can anybody tell me how sign a pdf document with a X.509 Certificate? I've found how to make it with a XML file, but I don't know how make it with a pdf file. Maybe converting the pdf file in a byte stream? Thanks in advance. ...more >>

Does anybody know how I can programatically force ASP.NET to issue a brand new sessionID to an end user. The primary challenge I'm looking to overcome is getting this done in one response request: 1. Client issues an HTTP request (sending in sessionID via cookie) 2. Server recieves request,...more >>

Hi, I have the login page that is inherited from the master page. When forms authentication is enabled the login page do not display the layout content of the master page. When the forms authentication is disabled the login page perfectly displays the content of the master page. What can...more >>

Does anyone know how to open a range of ports (instead of entering the ports one-by-one) using the Windows Firewall on a 2003 server? ...more >>

I have created a new Directory from my C# application. Here's how I set users permission : DirectoryInfo di = Directory.CreateDirectory(sPath); DirectorySecurity dSecurity = di.GetAccessControl(); // Add the FileSystemAccessRule to the security settings. dSecurity.AddAccessRule(new FileSyst...more >>

Hi, I'm working on the authorization subproject of our framework, and defined a class that derived from CodeAccessSecurityAttribute. One of its named parameters is of type System.Type (actually, it should've been a required constructor parameter, but CodeAccessSecurityAttribute doesn't wo...more >>

Hi, I am using the LogonUser method to authenticate ad users, and it normally works with no problems. But now I am trying to authenticate users across domains and there it fails. If I open a folder on a machine on the other domain using the ip address, it prompt me for credentials and it...more >>

Hello, I'm using windows service using LocalSystem account to connect to MSSQL database on other server. I'm connecting using SqlConnection class and connection string "Integrated Security=SSPI; .... I get SqlException: Logon failed for user 'NT AUTHORITY\ANONYMOUS LOGON' I expected that c...more >>

Dear all, I am studying security topic for my next exam and I am actually face to a topic about securing ASP application. In that part is explain that you can secure your application either from IIS or from your config file but it is recommand to do it on both side.Good Then a brief topi...more >>

Greetings, I'm new to this group so forgive me if I'm hitting on a frequent topic. I am creating a Windows application. I want to be able to control access to the FCL via some kind of policy for the Plugins of the application. In particular, I want to be able to restrict the ability for ...more >>

Hi, I want to open a project that is on a network share with Visual Studio, when I open it VS tells me that the project location is not trusted, that is it does not have full trust to execute, and this is good, since executing a project from a network could be a dangerous operation, but in my ...more >>

I am trying to redirect a user to error page and display an error message saying they do not have the proper credentials to access the applications in vb.net. How do i do this at application level or website level. I want to read the roles/group specified in web.config file and display it back...more >>

Open Security File Warning - Publisher not verifiied User is SYSTEM runing a service with interactive checked off. I keep getting the Open Security File Warning - Publisher not verifiied message when the service tries to launch an .EXE file which it does as part of a queue fed service. si...more >>

This is a .NET example for signing a message: C# // The dataToSign byte array holds the data to be signed. ContentInfo contentInfo = new ContentInfo(dataToSign); // Create a new, nondetached SignedCms message. SignedCms signedCms = new SignedCms(contentInfo); // Sign the message. sign...more >>

Can anyone please help me directing me how to do this. I am trying to write a generic 401 error handler written in .net 1.1 which will fire when a user gets denied access to a .net application. This error handler page would detect the page/virtual application where the error occurred, check...more >>

Is it possible to create a *Windows service* that could make logon to desktop/console (instead of manual user logon-entering username and password)...something like Remote Desktop does when someone connects via RDP, but on local console? I don't want to autologon when starting Windows, but ...more >>

I want to access a remote service using creds obtained via protocol transition. I get the s4u user creds fine (WindowsIndentity("joe", "Kerberos")) I impersonate the I call AcquireCredentialsHandle (becuase I want to do InitSecContext next) The Call fails with 80090305 - unknown security packa...more >>

I'm being asked to automate our installation process in order to prevent as many user errors as possible. I am looking to see if I can use the .NET framework to >>> create <<< a X.509 certificate or do I have to shell out to makecert.exe? The resulting file would be sent out to a verificat...more >>

I have a situation which requires me to create a directory on two different shares. The windows share is easy (using LogonUser()), but I'm trying to figure out a way to create a directory on a remote SGI Origin machine through AFP. To make it more difficult, the credentials for the machine are...more >>

On Windows using VB.net I am using RijndaelManaged alogrithm in ECB mode to decrypt the data that is sent from a 'C ' application which is running on Linux and it is using the same alogrithm (rijndael-128 with ecb mode) and the encryption keys are same on both the sides . Am using ciph...more >>

Hi. I posted this question on the wrong forum before. I'm hoping that I'll have more luck here. I'm working on a project in which I need to use MD5 cryptography. The requirements are vague, but I need to do both: compute the MD5 hash of a string and perform the MD5Crypt function on the stri...more >>

Hi, I have pounded my head for the last couple of hours tyring ot figure out on how to make my query using LDAP to the AD. The code works fine on XP. And also works great in a windows application. But on a web page, it just fails. I am sure its something to do with IIS settings on Win 2K3 s...more >>

Is anyone knows how to get a certificate from the file direclty in .NET 1.1? We found a way to do this in .NET 2.0; X509Certificate2 cert = new X509Certificate2(certFilename, thePassword, X509KeyStorageFlags.PersistKeySet); proxy.ClientCertificates.Clear(); proxy.ClientCertificates.Add(cert)...more >>

Hi, I am using both of above in my ASP.Net app. To use the LogonUser API i have to add the ASPNET account to the Local Security Policy - "Act as part of teh operating System" (see below article for reason why) http://aspalliance.com/39 In my Web App when I try to get the current logg...more >>

I was wondering if anyone can help me with a problem. I'm running a app on my company's network thats located on another server for my department. My application is suppose to back up files by copying them 1 directory up from where the application is located. It allows the user to choose a fol...more >>

Does anyone know if it's possible to get the Windows identity of the browser user when using Forms Authentication? I need the functionality of the Forms Authentication protocol for business reasons in my application, but I also need the Windows identity of the user in order to query Active Direc...more >>