| | Rating Thread /
Thread Starter | Last Post  | Replies | Views |
 |  | Hi;
I'm pretty sure the answer to this is no because I see some security
problems if it's yes. But I figure it can't hurt to ask.
We want to be...
David Thielen
|
01-08-2007 01:13 AM
Luke Zhang [MSFT]  | 1 | 27 |
| | | Hi;
When installing an ASP.NET application using SqlRoleProvider and
SqlMembershipProvider we need to create the initial roles and the inital
admin...
David Thielen
|
01-08-2007 12:31 AM
Steven Cheng[MSFT] | 1 | 24 |
| | | I ran aspnet_regsql , and I now have the required database created in
the default instance of MS SQL Server 2005 (developer's license).
In SQL...
Ted
|
01-06-2007 11:27 PM
Ted | 0 | 27 |
| | | Hi,
I created a local group on server and added my self to that group.
I am using the following code in my web page to check the membership of...
vineetbatta
|
01-06-2007 04:28 AM
Dominick Baier | 2 | 26 |
| | | I have an intranet site that uses Windows Authentication. It is open to all
domain users. When I attempt to hit the site it asks me for my...
John
|
01-05-2007 10:32 AM
John | 11 | 49 |
| | | Hi,
I'm writing an ASP.Net 2.0 webpart that is doing sum HttpWebRequest stuff.
I need to go through a proxy, and have configured the web.config...
Martin
|
01-05-2007 06:05 AM
Martin | 1 | 29 |
| | | Hi,
I'm writning an ASP.Net 2.0 WebPart, which needs WebPermission.
I've read http://msdn2.microsoft.com/en-us/library/ms916855.aspx, but still
get...
Martin
|
01-05-2007 04:30 AM
Martin | 2 | 26 |
| | | I am trying to find the best procedure for storing keys used for encryption.
This would also be a question for the connection string to the...
tshad
|
01-04-2007 09:48 PM
Joe Kaplan | 5 | 25 |
| | | Hi All
If I set an ASP.NET 2.0 site to forms authentication mode with
requireSSL=true, and I log in though https, then as soon as I swap back
to...
TH
|
01-04-2007 04:40 PM
TH | 2 | 42 |
| | | Hello,
I'm currently maintaining an ASP.NET application with not much
knowledge about .NET. So any help would be greatly appreciated.
The...
mchemsi@gmail.com
|
01-04-2007 06:24 AM
Nicole Calinoiu | 3 | 30 |
| | | hi,
i'm using forms authentication with a web service, and i have the web
service passing in the password already encrypted in MD5. can i use any...
Tim Mackey
|
01-04-2007 06:04 AM
Dominick Baier | 7 | 35 |
| | | I have used asp.net to develop asp.net application.
I want to use https with login page, the others with http.
How can I do?
ad
|
01-03-2007 02:26 PM
Dominick Baier | 2 | 33 |
| | | Hello.
I'm working in asp.net and i need to disable the edit/delete
functionality from a frmview component.
help me.thang you!
my ACL...
TT
|
01-03-2007 07:24 AM
TT | 0 | 22 |
| | | Hello,
I am doing the Security Audit of a .Net Application Developed on
ASP.Net 1.1. The Developer has informed me that he has implemented...
anoop
|
01-02-2007 12:17 PM
Joe Kaplan | 1 | 45 |
| | | When my ASP.NET app writes to the event log in Windows 2003 I get this as the
event:
The description for Event ID ( 0 ) in Source ( Windward Portal )...
David Thielen
|
01-02-2007 12:15 AM
Luke Zhang [MSFT] | 1 | 25 |
| | | Hi;
This appears to be working but I want to make sure I am doing it right.
I want to be able to run where it passes my Windows Identity to my...
David Thielen
|
12-31-2006 04:28 AM
Dominick Baier | 1 | 28 |
| | | Hi;
My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
the correct user for strictest security? I thought best was "NETWORK...
David Thielen
|
12-31-2006 04:09 AM
Dominick Baier | 6 | 26 |
| | | If I call
IntPtr tokenHandle = new IntPtr(0);
bool returnValue = LogonUser("dave", "windward", "bogus",
LOGON32_LOGON_NEW_CREDENTIALS,...
David Thielen
|
12-30-2006 08:25 PM
Dominick Baier | 5 | 32 |
| | | Hi;
Ok, I've almost got my system to handle opening files using any uname/pw
setup. One item remains.
If a share and file is set to allow...
David Thielen
|
12-30-2006 07:58 PM
Joe Kaplan | 1 | 30 |
| | | Hi;
If you login using LOGON32_LOGON_NEW_CREDENTIALS and then impersonate that
user, you can use this to access a remote share where access to that...
David Thielen
|
12-30-2006 01:01 PM
David Thielen | 0 | 34 |
| | | I have a test http url that allows a connection from any domain user.
I am using the following code to test access to it:
XmlReaderSettings...
David Thielen
|
12-30-2006 12:44 PM
David Thielen | 2 | 32 |
| | | Hi,
I am doing Forms Based Authentication using the built in tools of .NET.
Authenticating off a database with some code a wrote and using...
Kyle Peterson
|
12-30-2006 10:11 AM
Kyle Peterson | 13 | 77 |
| | | Hi,
I was wondering if there are any samples that uses the new ASP2.0
Login Controls which authenticates NetworkUserName / DomainName...
wardemon
|
12-29-2006 12:21 PM
Dominick Baier | 2 | 30 |
| | | Well Arne it would be the best to ask your Network Admin whether there is a
GROUP or Role in Active Directory called
price list. Or maybe you have a...
Patrick.O.Ige
|
12-29-2006 06:40 AM
Dominick Baier | 4 | 29 |
| | | Hi,
I have implemented a .NET 2.0 app which uses Forms Authentication, sets
a cookie upon succesful validation from DB etc. Everything works...
Ben
|
12-28-2006 04:11 PM
Joe Kaplan | 5 | 23 |
| | | The forms auth infrastructure takes care of all the details how to set and
authenticate the ticket. Use the login control or the...
Dominick Baier
|
12-27-2006 03:41 PM
Dominick Baier | 0 | 39 |
| | | Hi all;
This year we are giving away free a screenwriting software program to say
thank you to everyone. If you ever wanted to write the next...
David Thielen
|
12-21-2006 09:14 PM
David Thielen | 0 | 32 |
| | | Hi Dave,
Yes, use net use is one means to link a remote share with user credentials
valid on remote machine. However, it is not quite good to be...
David Thielen
|
12-21-2006 12:37 AM
Steven Cheng[MSFT] | 3 | 37 |
| | | Dear all,
I have been reading some example on how to protect a folder via
web.config file. The question is that I wish to protect an audio
directory...
Godzilla
|
12-20-2006 02:06 AM
Henning Krause [MVP - Exchange] | 4 | 41 |
| | | Working solution:
Web Config:
<system.web>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="WindowsProvider">
<providers>
Enrico De Majorca
|
12-19-2006 09:57 AM
Enrico De Majorca | 0 | 25 |
| | | This problem has become a "show-stopper" for us.
I have defined a custom section for my web application that contains
sensitive data. Because of...
mnowosad
|
12-18-2006 07:43 PM
mnowosad | 3 | 30 |
| | | I've tried to run a VBscript with elevated privileges, but with no success.
My code works fine, except if I try to run it using impersonation.
Have...
Jim Andersen
|
12-18-2006 12:28 PM
Glenn McDonald | 8 | 61 |
| | | I am looking for some feedback on an approach and if anybody has some
documentation to point me to that would be great....So here is the
scenario:
I...
ryan.mccutchen@gmail.com
|
12-15-2006 11:08 PM
ryan.mccutchen@gmail.com | 2 | 36 |
| | | This seems like a pretty straightforward question, but I can't seem to find
anything useful.
I know ASPNET (or NETWORK SERVICE) does not have...
Armando Canez
|
12-15-2006 07:27 PM
Armando Canez | 0 | 26 |
| | | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ Has keys for all the
frameworks installed on the computer.
For each framework key there's an entry...
David Thielen
|
12-15-2006 04:30 PM
David Thielen | 7 | 30 |
| | | Hi Dave,
DPAPI require that you keep your web application running on the same server
whether you perform the encryption since its encryption key is...
Steven Cheng[MSFT]
|
12-15-2006 02:51 AM
Steven Cheng[MSFT] | 1 | 28 |
| | | depends on deployment scenarios - there is no better in regards of "better
crypt".
DPAPI is easier to use on single servers - RSA is easier for web...
Dominick Baier
|
12-15-2006 01:34 AM
Dominick Baier | 0 | 24 |
| | | Hi,
I am new to web admin and security.
Made a certificate server out of the development Win2k server and created a
root certificate.
The same...
Bob
|
12-14-2006 03:16 PM
Bob | 11 | 55 |
| | | If you copy ASPNETDB from your dev directory to IIS server, check access
rights to ASPNETDB files for pc_name\ASPNET (on XP), NETOWORK...
Bub
|
12-14-2006 05:52 AM
Bub | 0 | 31 |
| | | Hi,
I'd like to access the information in a membership provider from
another application. Currently I have an ASP.NET 2.0 application in
which I use...
cc
|
12-14-2006 03:14 AM
cc | 1 | 31 |
| | | Hi Dave,
You might want to use following approach to redirect to your own error page:
#Joshua Flanagan - HttpModule to allow a custom error page...
Walter Wang [MSFT]
|
12-14-2006 12:49 AM
David Thielen | 1 | 37 |
| | | We are having an issue with using a client certificate for authentication on
an HTTPS POST using WebClient related classes.
We are getting the...
DerekJMiller1
|
12-13-2006 10:43 AM | 5 | 39 |
| | | Hi,
I need a code signing certificate with a 2048-bit key to deploy a Windows
SxS...
Gary Gonzalez
|
12-13-2006 10:27 AM | 1 | 39 |
| | | I am getting this error - but I don't know what user to give rights to this
directory too - and I think the user that needs it - has...
David Thielen
|
12-13-2006 01:22 AM
Luke Zhang [MSFT] | 9 | 31 |
| | | Hi,
well - TextMode is only for the visualization - you shouldn't set the password
for the user.
-----
Dominick Baier...
Dominick Baier
|
12-13-2006 01:19 AM
Vidds | 7 | 24 |
| | | What you are doing has two problems:
1. Expecting that setting the textMode property to password will encrypt
the data in the textbox - it doesn't....
Scott M.
|
12-12-2006 05:14 PM
Scott M. | 0 | 23 |
| | | Hi,
I am trying to publish this ASP.NET 2.0 application on IIS 6.0, on a
2003
server. When I publish it on a local drive, it is OK. When I publish...
milen.elkin@gmail.com
|
12-12-2006 02:33 AM
Sandeep | 1 | 26 |
| | | Hi,
I am new to Web security and site maintenance.
Trying to secure a webservice
I made a certificate server out of the development Win2k Server...
Bob
|
12-11-2006 06:26 PM
Bob | 0 | 30 |
| | | ok. good luck!
-----
Dominick Baier (http://www.leastprivilege.com)
Dominick Baier
|
12-11-2006 03:05 PM
Dominick Baier | 0 | 28 |
| | | is it possible for a persone to create a cookie client side ?
for example my site wants a certain cookie to enter in some sections.
is it possible...
RicercatoreSbadato
|
12-11-2006 02:23 PM
david.lomuscio@gmail.com | 2 | 28 |
