Hi, I start learning\working with security and I found out that full-trust apps are like the Masters of my server. for example, I have an ASP.NET web site which has ASP->BL->DAL, and I would like to defend my DAL from malicious users, I'll put the StrongNameIdentityPermission on the DAL'...more >>

I'm using the publish capabilities of VS2005 to deploy a smart client application. To secure the connection strings I'm encrypting them in the app.config file using the DataProtectionConfigurationProvider. Everything works fine with one major security hole I need help with. My client is set...more >>

Hi all, I'm triying to create a prototype of a smart client that using .NET Remoting. I've got an assembly loaded into an HTML page by a tag object <OBJECT id="myID" height="150" width="300" classid="http:bin/CPRSWebClient.dll#IBM.Cipros.Refinery.CPRSWebClient" /> My assembly is strong na...more >>

Hi, I have a VB.Net Windows form based user authentication system. The form authenticates the user info against a server through Remoting that is hosted by IIS. The authentication process runs well all the time. Once the authentication is done, I set up my customized identity and principal ...more >>

When I configure a VPN connection on W-XP it connects automatically to the server when i launch my browser whehter i want vpn or not. How can I stop the automatic connection so that vpn only starts manually? I must have set something to enable automatic connection but i don't know what. ...more >>

Hi all, I am trying to send a signed and encrypted email using C#. After doing some research I understand that there are a couple of ways of doing that. With framework 1.1 we can use interop to capicom.dll and with framework 2.0 a new package "System.Security.Cryptography.Pkcs" is avai...more >>

I would like to create an "ActiveX" object to display on a web page using C# in Visual Studio 2005. It appears the only straightforward way to do this is to create a UserControl and display it with the object tag. This works fine as long as no extended permissions are required. I need to co...more >>

Hello, i have created a vb.net 2003 program and when i create an EXE file i want to add a license key so that nobody whitout that key can install that programme, can anybody help me with that TX Peter ...more >>

On a new computer with Windows XP, Microsoft Office, and all updates installed, my Windows Firewall gives off a false, I hope, warning every day 5-6 times. It says the Windows Firewall is off and I may be unprotected, but by the time I open the Security Center, Windows Firewall clicks back fr...more >>

I have made a small app that resides on a server share. It needs to draw some data from a SQL Server database that resides on yet another server. And the app should be possible to run from client computers. When we run it from clients we get the following error: "Request for the permission ...more >>

Hi! Please point me to the correct discussion if I am off base. We are beta testing a new Dot Net Framework application that allows us to upload documents of different file types for online storage with each of our transactions. We can easily drag and drop email attachments to the new appl...more >>

Hello There is two option to asign keypair to an assembly 1. In assenblyinfo.cs file asign .snk file name to AssemblyKeyFile atrribule. for exam - [assembly: AssemblyKeyFile("..\\..\\mykey.snk")] 2. Install keypair in kaycontiner by use sn.exe - i and and asign keycontainer name to A...more >>

So after doing development/testing of our application on several different development machines, we went to start testing it on a "cleaner" system. No Visual Studio, only the .NET 2.0 runtime. It was here that we noticed the configuration tool (normally present in Administrative Tools) is ...more >>

I asked this in the Vista dev support newsgroup but thought I might have better luck here: I've got a .Net 2.0 WinForms app that I've written for XP/2003. One of things it does is use the OpenRemoteBaseKey on the RegistryKey class to acces the registry of a remote machine. This works fine on ...more >>

First of all, is it possible usign .NET remoting feature inside a .NET applet loaded into a tag object inside an HTML page ? <OBJECT id="myID" height="150" width="300" classid="http:applet.dll#test.applet"> </OBJECT> If not please can anyone explain why ? I think yes and so I'd written a ...more >>

In the .Net Framework 1.1 the password property had a get accessor which seems to have been removed in the .Net amework 2.0 assembly . Is there a security issue and is it why this property is allowed only a set in the 2.0 version?...more >>

Hello all ! I´ve developed a page to do a Asymmetric Cryptography with Digital Certificate, but something doesn´t work. I have a URL like that : "FIELD1=000000000000001&FIELD2=0000&FIELD3=AAAAA&SIGN=5705236f1f462afe65f6704d24c8e1359fead41e42c460d........" When I receive it, ...more >>

Hi everyone, I create a windows application and a web application (.NET 2.0). The windows and web application uses the same Business Logic Layer and Data Access Layer. How can I secure the windows and web application with the same code? Some specifactions: 1. Many users. 2. Many roles. 3...more >>

I'd like to update the DACL of a directory on either a local or remote machine. When I use the UNC directory path (e.g., "\\machine\share\...") on an XP, SetAccessControl will wipe out the inherited ACEs. If I use a plain directory path (e.g., "C:\directory\..."), the API works fine. Has a...more >>

The following c# code: [...] XmlSerializer serializer = new XmlSerializer(typeof(myClassType)); StringReader reader = new StringReader(tmpstring); _data = (myClassType)serializer.Deserialize(reader); [...] works great on a web server with .net application security set on "FULL TRUST", ins...more >>

I need to know the types stores in a dll module (is an application that is using plugins). To read types I create a new AppDomain and then I load the assembly in this new domain. But when I try to access to Assembly.GetTypes() .net throw the next exception: Request for the permission of...more >>

I wrote a small program for a friend that waits x seconds before giving control back to the system. When I run the program locally, it works fine, but when I try to run it off of a network drive I get the following error: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Micro...more >>

I have a message that is signed (attached) and encoded in base64 by CAPICOM in a .NET 1.1 application. I have a .NET 2.0 server which needs to reads this. So I did the regular base64 decode. The I found out while debugging that the original message is packed into a bunc of funky characters whi...more >>

Hi, I have an assembly (.exe) started at logon of each computer of my company and for each user. (Through PDC scripts) This assembly use web services in order to request any informations. When my exe is executed, i have this exception : ____________________________________________________...more >>

Hello to all, We have the following problem: using: Framework 2, VB.NET, Visual Studio 2005, SQL Server 2005 or MSAccess, Win XP professional service pack 2. We developed a WebService that is now installed in a machine. The database is located in the same machine where web service is instal...more >>

Hi All, I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 which is dsigned to ONLY run when the logged in user has administrator privileges. At one point it needs to delete a HKLM\Software\... registry value if it has, in fact, created it. So there is a method that dele...more >>

Hello everybody, I'm using visual studio .net 1.1 for my applications. Source codes are located on a lan server. Until last week I was able to compile and run mi applications according to the policy I'd defined in control panel / administrative tools / .net configuration (a full trust group of c...more >>

hi, I have 2 services running, one doing a job and the other monitoring the job is done and that the other service (the one doing the job) is still running. The thing is, the 1st service fire some events notifying other programs that an alert happened... I want to register to that event in m...more >>

public string CreateAuthenticationToken(string strEncryptedUserName, string strEncryptedPassword) { //Microsoft.Web.Services3.Security.Tokens.UsernameToken userToken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(strEncryptedUserName, strEncryptedPassword, PasswordOpt...more >>

Hi all, I receive a certified email with an attachment in .p7m extension. How can I retrieve the original content after verifying the sign with CAPICOM? The EnvelopedData failed when I try to Decrypt it. I am under .NET using C#, and I need to save the original content in a db or in a shar...more >>

I'm trying to access a UDDI registry server programmatically using ..net. The registry server is set to require client certificates. If I access the registry through Internet Explorer, a window pops up asking me to select a PKI certificate. However, if I try to access the registry through a C...more >>

I know I'm just another in a long list of people who have active directory developers who have problems, but I'm going to post anyway: I add a user to the container: "CN=Users,DC=my,DC=domain,DC=com" I set the following properties: oDE = GetDirectoryObject(LDAPDomain); oDEC = oDE...more >>

Hi, I'm developing an app that will access secret info from a SQL Server db. The server component that accesses the db will be hosted on the same machine as the db. Client components will connect to the server component to retrieve the secret. Two questions: 1. Using CAS, is it possib...more >>

I have a simple remoting sample using IPCChannel. If I run the server code as a console app my client can connect just fine. However, if I the same server code runs in a service, the client gets a RemotingException of "Failed to connect to an IPC Port: Access is denied". The Access is denied...more >>

Hi, I apologize for the extensive cross-posting but I'm getting desparate. We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with ...more >>

I know I messed up, I am not skilled at all and would like to know if I can buy something to fix this?? See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.NullReferenceException: Ob...more >>

Does someone have any insight into the assumptions made with the Rijandael algorithm - I'm trying to encrypt documents on a PC platform and decrypt them on a Mac OS (and vice-versa) without success. How is the IV field created by default on .Net2 implementation? Is there any known issues wit...more >>

Hi all As per my earlier conversation with Ciaran (thx for reply) I have installed the MS APplication block on the server , when i ran Build Enterprise Library file and Install Services from (batch files ) programme files menu it was asking for visual studio 2003 , I have only .net fr...more >>

I am going to use LDAP to look up userids on an active directory server. The LDAP server is on the outside in the DMZ. The Active Directory server is on the inside, so holes need to be poked into the firewall. My question is, what ports need to be poked into the firewall so I can read active d...more >>

I have some very simple code FileStream fileStream = new FileStream(@"K:\Development\Projects\POReport.asp", FileMode.Open); Which throws an exception Unhandled Exception: System.UnauthorizedAccessException: Access to the path "K:\Development\Projects\POReport.asp" is denied ...more >>

An new day, a new problem. This time I am attempting to save settings back to the application configuration file. The exe and config file reside on a network drive. I've configured the application to be trusted fully using the Microsoft Configuration Tool and the security errors I was getti...more >>

Hi there, I've got this strange problem. I've created a library of some assemblies and one of these (webclient.dll) is linked inside an html tag object by using this sintax: <OBJECT id="myID" classid="http:WebClient.dll#namespace.WebClientClass" /> The assembly is correctly loaded insid...more >>

Hi I have Microsoft Enterprise Library 2005 installed on my local system. I m also using ASp.net 1.1 And C3 as coding language , I have MS Sql Server 2000. I am developing a web application in which i am using data Access Application Block for data access. I have a remote web n data...more >>

I have an ADAM instance with a root of "CN=TestWithRoles,DC=royalroads,DC=ca" running on a server called metrocsdev, port 5000. I successfully connect to this remotely using AdsiEdit. This instance contains an AzMan store, which I have successfully edited using the AzMan tool. However, when I tr...more >>

I am reading a book "Programming Dot Net Security" and have a general question - Runtime uses Assembly evidence to get Permissions through Policy resolution, then why does it allow assigning Evidence while loading an assembly? I think assigning Evidence is a way of presenting false evidence. ...more >>

I'm trying this out usig ASP 2.0. The public key part works ok but the private key request fails. CspParameters cspParams = new CspParameters(); cspParams.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams...more >>

I need to generate RSA keys using a different public exponent from the default one used by the RSACryptoServiceProvider (65537, {1,0,1}). The reason I need to do this is that I am currently writing software which communicates with a device that annoyingly assumes the public exponent of the 1024 ...more >>

Hello all, I need to retrieve a certificate from a Microsoft Certificate Services PKI by its certificate ID and I don't know where to start. background: I have signed records in a database, each record holds the id of the certificate it has been signed with. I don't want to copy the certi...more >>

I'm building a .NET Windows Service that needs Modify rights on a network folder. I'm guessing that running as the Network Service (or Local Service) account is the way to go, but simply giving this security principal Modify rights on the folder does not work. Any recommendations?...more >>

I want to encrypt the username and password using public key. Decrypt it using private key. Any help or code is very helpful. Thanks in advance for your help. ...more >>