• .Net Security's Today Newest Questions & Articles Featured

    • ArgumentNullException checking User Role
    • I have an Asp.net 2.0 site that is using custom role and membership providers using the aspnet_ tables in an Access database. The Providers are based on the original MS Access Providers that I believe shipped with a Beta.I am using a Sitemap with Security Trimming enabled to show additional menu
    • What event in Login.aspx (ASP.NET 2.0) Profile populated?
    • My application uses ASP.NET membership and profile. It works after the login is done in any page. I am trying to access this object while the Login is being done (in Login.aspx.cs)but this object is NULL. I tried LoggedIn, PreRender and Render event. Whenthis object is populated and what event c
    • Application Security Model
    • This is a very general question. In our companys application we have a security that we use to control access to the database as well as application security (logging people in, allowing visibility of sensitive documents, certain functionalities, etc) class and in this class we have hundereds of
    • Adding permissions to predefined permission sets
    • Hey all, I've finally had a chance to start experimenting with caspol.exe andother things to test the security of .net.But I'm having some strange problems - for one I was told that you could gointo the security policy files and manually edit the XML. However, I havetried to give either
    • Retrieving Windows User Login Name
    • Hello,A client would like me to implement the option of having an asp.net system I have created for them to detect what their login name is on the system, and if that matches a user account on the .net system, automatically log them in.I'm having trouble locating any resources on this issue
    • If I'm developing an application that must accommo...
    • If I'm developing an application that must accommodate multiple security levels though secure login and my ASP.NET web application is spanned across three web-servers (using round-robin load balancing)what is the best viable approach to maintain login-in state for the users and WHY?Thanks f
    • Active Directory authentication used in form
    • Is it possible to use a users Active Directory logon in a form on a local network?I'm wanting to create an intranet system where users do not have to logon as there identification is already known through logging on the information is accessed or passed from active directory.Thanks.
    • A good debug tool.
    • Hoo WinTail v2.11Hoo WinTail is a real-time file viewing Windows utility like the Unixtail -f utility. It can be used to view the end of a growing file. It isideal for viewing application traces or server logs in real time, as theyare generated. Quickly viewing the last part of a large file with
    • Can We bypass NT Authentication for some pages in a virtual directory?
    • Hi,I want to implemented NT Authentication for my web applicaion but the pages like Privacy Policy, Terms of Use need not be secured.Can any please suggest me a way (may be using web.config or creating another virtual directory) by which I can allow every user to view some pages whether he is lo
    • Trust An assembly with .NET framework 2.0
    • Hi,I have an ASP.NET web application that requires a signed assembly to bedownloaded from the server to the client. In prior versions of the .NETframework, I used the .NET Framework configuration wizard to give full trustto this assembly or any other assembly with the same signature and it worke
    • ASP.net authentication
    • Do you have to have your login page in a different directory than your protected asp.net pages when configuring a web.config file in the protected folder?I've got all my pages in a folder, including the login page, which all needs to be protected except the login page. How would I go about
    • How to clear "Remember Me Next Time" Cache
    • Hi,When I use the Login control of ASP.NET 2.0, does anyone know where the username/password pairs are stored? How would one clear them so that they don't appear in the "User Name:" drop down list box? I would like to put a button on the Login Page and allow the user to remove their usernam
    • CAPICOM problem with .NET 2.0
    • RSACryptoProvider creation problem:I used some code for RSACryptoProvider creation with smart card andCAPICOM COM objectThe code worked well in Framework 1.1but when I tried the same code in Framework 2.0I got an following Cryptographic exception:"Unable to open the access token of the current t
    • Password recovery sends 2 emails!
    • Hi there, Not sure why but when I click the password recovery button I am sent 2 emails...both contain different passwords.I have done nothing out of the ordinary or so I think.<asp:PasswordRecoveryID="PasswordRecovery1"runat="server"><MailDefinitionPriority="High"></MailDefinitio
    • Fixing poorly implemented authentication model...?
    • I made a site that was divided into 3 parts. There was the root application accessible by everyone, then I added projects to this root project. The 2 add-ons (AppX and AppY) were individual applications and each have seperate authentication - very basic forms authentication (either you are in or
    • Authentication from Active Directory & Database based user detai
    • Hi there,We have 500 users on our network. I'm writing a web system (asp.net) whereyou can create a user and give them access to various sections of the site.To create a user you select and existing Active Directory user and justattach their permissions (to see different web pages/options o
    • Storing Encrypted Password in Database
    • Hi, I am trying to store a hash encrypted password in my database but when i try to compile my dll I get an error message saying that "Operator & is not defined for types string and a 1-dimensional array of byte".At the moment my code is:Dim md5Hasher as New MD5CryptoServiceProvider() Dim hashed
    • AES Encryption - default IV question
    • I have software that uses the default AES Provider to encrypt text strings.I now need to allow MAC users to access the documents and be able to decryptthem. The encrypted documents were created using whatever default IV bytearray that .NET generates, while the AES code I've found for MAC req
    • Secure files on virtual
    • I am designing a document store. I want user to login and then be able todownload files presented to them in the form of a list of links. Obviously Idon't want nonlogged user to be able to see the files over http. I havetried to secure the diectory by mapping the the pdf extension to the asp
    • Impersonating to ASPNET or SYSTEM Identities
    • Hi all,I am trying to write a secure application and some of you have been veryhelpful on that subject.the only question remaining open after implementing certain methodologies isthis:from a hacker point of view, is it possible to impersonate to SYSTEM orASPNET windows identities on a local mach
    • Login Problem
    • hi folks! i expiriencing a strange login problem on my live server. if im using the ip (like http://192.168.80.140/EQR/login.aspx) everything works finebut if i take the server name (like http://ral_server01.328ssg.de/EQR/login.aspx) it dosnt log on correctly...i dont get an error message but im
    • help needed
    • I have a web.app with an subfolder called "admin" which I would like to make password protected using Form based security.Where should I put the web.config file? In the app.root folder or in the admin folder?How should it look?Where should I put my login.aspx file? In the app.root folder?When tr
    • Using multiple providers on the same server
    • I have more then one application on the same server and I want to use different provider for each application using SQL server 2000.I didn't have any luck pointing the provider using the main web.config, it was still pointing to the default ASPNETDB file. After doing some research, I used I
    • How to create MachineKey
    • HiIs there any tools within .NET Framework for generating MachineKey inASP.NET (both 1.0 and 2.0)?If not, using third party site is the only way or what is the best methodof generating the key.Can anybody help me in this at the earliest RegardsPradeep
    • Invalid Time Stamps For The Membership Table
    • Im curious as to how the membership gets its time.All of the columns in the Membership table have incorrect time stamps. The time is always 6 hrs ahead of what it should be.Im running Win Server 2003 with SQL Server 2000.The asp tables are the only tables that get populated with the wrong time.
    • Programmatically Add User to Local Admin Group
    • Anyone knows which class in .NET to add user account to another local machine admin group?thankstryasp.
    • CryptoAPI cryptographic service provider (CSP) for this implementation could not be ac
    • Crossposting to dotnet.security.Thanks,Ryan Menezes [MS]This posting is provided "AS IS" with no warranties, and confers no rights."Rimma Kravchinsky" <rimma.net-security.itags.org.agile.net> wrote in messagenews:eq7$8R8eEHA.2044.net-security.itags.org.TK2MSFTNGP10.phx.gbl...> I have an ASP.Net application that uses cryptography. W
    • Lost in Authentication & Authorization
    • We are creating an app in which the users will have several applicable level of rights. For example, the user could be part of the 'Helpdesk' and 'Engineering' groups. The user could also have an adhoc right to access payroll reports, but not everything in the 'Payroll
    • obfuscatorS & decompilers
    • My concern on about decompilers. I am newly educated about obfuscation but Iam curious how common place .Net decompilers are.Given that one product I looked as was both I would assume fairly common.Just trying to secure my dll files without spending a ton of money.Thanks
    • Medium Trust Security Level
    • Hi ..,We are using one of the third party tool (Syabse DataWindow.Net 2.5 trail version )in ASP.Net with C#.Net . Server (IIS) securityPolicy trustLevel is "Medium". We configure Server following method ( In %windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\Web.Config to change <trus
    • »» Read More about ".Net Security"...