| Client prompted to authenticate when opening .xls files (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, I've written the following to spit out an Excel file from an aspx page.... // // excelStuff.aspx // Response.Clear(); Response.ContentType "Application/vnd.msexcel"; Response.Write( " table border 1 " ); Response.Write( " tr th Name /th /tr " ); Response.Write( " tr td Larry /td /td " ); Response.Write( " tr td Moe /td /td " ); Response.Write( " tr td Curly /td /td " ); Response.Write( " /... |
|
| SQL Server access by ASPNET account (8 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| How is it possible that my asp.net pages can access the SQL Server (that is on the same machine) without having to logon? I setup SQL Server to grant access to the administrators but the ASPNET windows account doesn't belong to them. So how is it possible that it accesses the SQL Server with only the following connectionstring: "server localhost;database myDB"; // without uid and pwd Note: in regu... |
|
| Microsoft Security Article (2 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Hi, Does anyone have a link to the microsoft ASP.NET security article that appeared on the microsoft.com front page a while back. It talked about all the security models and which one was appropriate in each situation. If anyone has a link, could they please reply. Thanks, Shannon, |
|
| Using impersonation in a sub directory? (8 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I have an Intranet Web application where I have the need to do some file operations on a UNC share. This continues to be a problem in IIS 5, even with ASP.NET. Don't know why Microsoft doesn't provide some special security class to do this properly. Anyway, the main Intranet application is using Windows authentication. The only way I've found to get these pages doing the file operations to wor... |
|
| Persistent Cookie Authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I am giving up on the non persistent cookies, because I couldn't get them to work correctly(timeout, reauthenticate bugs). I am trying the persistent cookies now, but it doesn't seem to be setting the expiration date properly. Anybody know how to set the expiration. 'setting cookie Dim ispersistent As Boolean True Dim ticket As CookieAuthenticationTicket ticket New CookieAuthenticationTicket(1, "F... |
|
| More NonPersistent Cookie Bugs (9 replies) |
| ASPFriends.com 'aspngsec' list |
| Newest Bug Non persistent cookies can actually persist. .Net passes the cookie as a string in the URL after authentication. If you save this URL/string, you can close the browser and then reopen the browser click the URL and you are in. Other bugs I am using non persistent cookies for authentication on my site. All web sites redirect to a Cookie Web site via Config.web. The cookie site authenticat... |
|
| Microsoft Passport in .NET (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Has anyone implemented Passport in .NET? |
|
| MD5 and SHA-1 (3 replies) |
| ASPFriends.com 'aspngsec' list |
| This message, which was originally sent to "aspngvb", has been moved to "aspngsec" mailing list by the List Master html DIV Hi everybody, /DIV DIV   /DIV DIV I am trying to create hash IDs of files that are uploaded to my server, using either MD5 or SHA 1 algorithms. .NET has these algorithms in its classes, but I could not use them successfully. /DIV DIV   /DIV DIV There is a nice code ... |
|
| Authentication App Issues (6 replies) |
| ASPFriends.com 'aspngsec' list |
| To all, I am attempting to implement a management application, which will be in charge of providing authentication/authorization to many applications within our agency (similar to Passport). Essentially, I would like to issue a FormsAuthenticationTicket, then redirect to the requested application. This application would, most likely, be a legacy asp application. A .NET component, exported into a C... |
|
| RSA (2 replies) |
| ASPFriends.com 'aspngsec' list |
| This message, which was originally sent to "aspsecuritygurus", has been moved to "aspngsec" mailing list by the List Master Hey all, Just a quick question about the RSA classes in .NET. Say I have this code: using System.Security.Cryptography; [...] RSACryptoServiceProvider rsa new RSACryptoServiceProvider(1024); RSAParameters p rsa.ExportParameters(true); [...] Are p.DP and p.DQ the public and pr... |
|
| Forms authentication in asp.net (2 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Hello! I would like to learn more about asp.net forms based authentication. I got my website to forward un authenticated used to a login page and I use the FormsAuthentication.RedirectFromLoginPage once the user authenticates but this is where my knowledge stops. I am wondering how I can check who is the logged in person from some aspx page, weather someone is logged in at all, how can I make sure... |
|
| NOT ANSWERED BEFORE: URGENT: Forms Auth (3 replies) |
| ASPFriends.com 'aspngsec' list |
| We aren't persisting the cookie at all...I'll post to aspngsec as well... Original Message From: Balajewicz, Greg [mailto:Greg.Balajewicz@ACNielsen.ca] Sent: Wednesday, August 29, 2001 8:37 AM To: aspngfreeforall Subject: [aspngfreeforall] RE: URGENT: Forms Auth it seems like the browser is not cleaning up the cookie correctly. Are you certain you did not request the cookie to be persistent? Anywa... |
|
| Security Exception (11 replies) |
| ASPFriends.com 'aspngsec' list |
| I believe I need some assistance setting security properly. 20 I have an application that works fine on my local Windows 2000 Professional machine with .Net Beta 2 Enterprise loaded on it. However, when I publish it to my hosting companies computer I get the following security exception. 20 Does anyone know how I could fix this ? 20 Server Error in '/' Application. 20 20 Security Exception 20 Desc... |
|
| Assigning roles in forms authentication (6 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Hi, I have been experimenting with forms based authentication and trying to assign roles to the principle but have been unable to make the Principle and the assigned roles span page requests. These are the steps I have used 1 Using the Web.Config settings (below) requests are redirected to a login page. authentication mode "Forms" forms name ".Responsian Cookie" path "/" loginUrl "Login.aspx" prot... |
|
| ASCIIEncoding (7 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Does anyone know how to make this code work? Dim a as new ASCIIEncoding a.GetBytes(sTmp, 0, sTmp.Length, bDec, 0) I currently get an error of: "BC30518: No accessible overloaded 'GetBytes' can be called with these arguments." on the second line. Thanks, bk The Best Support On The 'Net Windows 2000 Advanced Hosting http://www.orcsweb.com/ ASP.Net FAQ http://www.aspnetfaq.com/ ASPAlliance http://www... |
|
| Request.IsAuthenticated (7 replies) |
| ASPFriends.com 'aspngsec' list |
| The intellisense for this property says "Gets a value indicating whether the user has been authenticated" Well that is fairly obvious, what I would like to know is what is it checking internally to know this. If it is checking for a cookie what happens for those that do not support cookies. Thanks Pat long |
|
| WindowsPrincipal.IsInRole question/problem (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Guys, Can anyone help me out here? I am having trouble with using the IsInRole method. Is always returns "false". If I use the enum version it works fine. The problem is that I wish to use non builtin groups, so I have to use the string version. But I can't even get that going for the standard groups! Here is what I have in web.config authentication mode "Windows" / identity impersonate "true" / H... |
|
| Custom ASP.NET HTTPModule Authentication Question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| All, I am trying to build a custom HTTP module for ASP.NET security that handles security/roles/permissions in the .NET environment. My problem is trying to attach to an event (the AuthenticateRequest property for an HttpApplication). In BETA 1 one would simply do the following: a. In the Init sub (which takes a HttpApplication) for the class inheriting from IHttpModule you would simply register t... |
|
| Form based authentication and cookie expiration (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello! I am using forms based authentication. I can have a persistent cookie (persistent across browser sessions) or one that expires in X minutes. Can I have one which does not expire until a browser is closed?? That is, the user would be authenticated until he closes a browser. Thanks! Greg |
|
| Verifying domain id and password (19 replies) |
| ASPFriends.com 'aspngsec' list |
| Does anyone know what the proper way of verifying a domain users id and password is in .NET? I have the code below that works (most of the time) using ADSI. But in the .NET seminar I went to they kept stressing that we quit using ADSI, and dll calls for OS level stuff and and start using the system object built into .NET. So does anyone know how to do the equivilent of the code below using system.... |
|
| security hole with cookie authentication? (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I have a guestbook witch saves the name of the sender in a cookie. Now when two people submit a message at the same time from a different location, the cookie values get switched!!! So there seems to be a bug in the cookie engine witch can cause serious security risks (ie forms authentication). Is this a know bug? Here is my code: // write cookie HttpCookie cookie new HttpCookie("pkweb"); cookie.V... |
|
| .NET Remoting and authentication (7 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Is there any information available that describes different ways to do role based security with .NET Remoting? I'd like to see it from both the client and server perspectives and using more than just integrate windows authentication. Use of GenericIdentity and GenericPrincipal is the kind of thing I'm after. Dan Green [ http://dotnetdan.com putting the dan in .net ] |
|
