I've seen a lot of traffic on the newsgroup about using StrongNameIdentityPermission with LinkDemand to restrict the direct caller only trusted assemblies, and it seems like this should work. I added the following attributes to a method in a strong named assembly (dll). [StrongNameIden...more >>

Hi all, I have IIS 5.1 and dotnet 2003. I want to provide 100% secutity to IIS. It should not affect by hackers. How can I do this? Are there any articles on this? Please suggest me. I am new to IIS. Thanks in advance. -- Regards, Durga....more >>

Dear all, In my project I have many assembly made from my own wich refer each other. Ideally what I would like to do to cover security is signing all my assembly with strong name. So far so good nothing complicated on that except that one of the assembly that I try to sign as a reference to ...more >>

How Do I go about accessing the Client Certifcate info in .NET for a web service? All I can seem to find for an object containing this info is: HttpClientCertificate cert = Request.ClientCertificate; however, Request is not found...i'm guessing this is for an ASP.NET app vs an ASP.NET Web ...more >>

Dear all, I am sudying the SSL configuration of web site using certificate. On my reading it is mention that if an attacker retrieve the certificate request file and install it on his machine, he can use it to decrypt the traffic between the initial web server and the client. What I have...more >>

Dear all, When you check the authentication method for a web site under IIS configuration, by default it has the Enable Anonymous Acces and Integrated Windows Authentication set. If you have the Integarted Windows Authenticatin set, it means for me that you absolutly need to provide corr...more >>

Dear all, I have seen in samples following assembly atribute : <Assembly: Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, Unrestricted:=True)> What does the Unrestricted Flag means ? regards serge...more >>

How can you determine who created a file? Using VB2005, .Net Framework 2.0. ...more >>

Hi gurus, I wrote a small exe file using vs 2005. the exe file is pretty simple. just open a web site using System.Diagnostics.Process.Start("http://website"). The exe file works fine in my machine. But it can not open the website if I run it in another machine. I got an error box say, The a...more >>

Hi, Does anyone have any recommendations for a third parties PGP API for use in ..net? I am specifically looking to encrypt files that get sent to a bank. Thanks Al ...more >>

Hi, I have a server and client program. The client encrypts data being sent to the server using the servers public key before it transmits it to the server over a tcp connection. The question i have though, is where do i store the private key on the server so that it will be safe?! In my mind...more >>

Hi there, I am a newbie to the security framework of .net and to digital signatures, and I need some help regarding signing files in .net. Here's my problem: I have a web application developed in asp.net (with ..net framework 1.1). This web app has a support database and can access files th...more >>

Hi, When I try to use impersonation when remoting I always get an exception even when the server and client are on the same computer... Here are my 2 config lines for the channels (that's about all there is in each config files) Client : <channel ref="tcp" secure="true" tokenImpersonationL...more >>

Hello, I have read several articles about encrypting db connection strings and I do not really understand the fundamental reason behind this. Most articles advocate the use of DPAPI, which takes care of key management tasks. However, if the machine where the software runs is compromised, th...more >>

Hi there, I'm trying to create Windows users in my NT4 domain using ADSI, from a web application (ASPX / VB / framework version 1.1). I am using Web.config to impersonate an admin account : <identity impersonate="true" userName="the-domain\the-admin" password="the-password" /> Th...more >>

I have an application which use has a DLL with 100+ (auto-generated) Managed C++ wrapper around some native API. Compare to a purely version my application has some performance issue and I just realized it is probably due to the security check which happen just before each of the (numerous)...more >>

Hi I'm working on a project that has multiple modules. Most of the modules (windows services, Class libraries) are coded in C#. There are multiple class libraries which use each other's classes too having refrence added in them. To avoid exact code decompilation, I tried using obfuscation o...more >>

Can anyone point in the direction of a good reference, using VB.Net, for working with directory security? My code has located a directory that has inherited access rights form a parent directory. I want to programmatically turn off the inheritance from above, completely remove all existing...more >>

Hello, I am extracting a pkcs7-signature part from a s/mime message. When I verifiy the signature I get a CryptographicException "The hash value is not correct" . I am using CheckSignature(true), therefore it should verify signature only and not worry about the certificates. This message...more >>

Hi, I developed an ActiveX control with C#. This works fine on local machine but not on Internet domain. After evaluating the assembly it turns out that I do not have full trust for this assembly. Trying to increase assembly trust I do get the following error: "Application attempted to per...more >>

I am trying to determine all the groups which the current user has permissions to add a member. Here's my code: foreach (System.DirectoryServices.SearchResult ADSearchres in ADSearch.FindAll()) { //ActiveDs.ADSearchres.Properties["ntSecurityDescriptor"] ADChi...more >>

hi everyone, i do not have much experience about encryption. So sorry if my question is a little silly. i have problems about storing KEYS that are used in encryption. i could not decide where should i store my keys or how should i store them. We have this scenario in our Project: We a...more >>

I'm using asp.net 1,C#.my application has a form authentication but there are some aspx pages that all clients, include unauthenticated clients, should be able to visit them. i can not use html pages because i need connecting to database...more >>