| Winnt Intranet Security Authentication using ASP+/IIS (3 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| In the intranet security develop using ASP , how can we get the ack (username/password/domain) when the user access into the page and how can we validate it (against the corp domain/username/password) Here is the senerio: There is website that we only allow a group of people to be able to access using corp security NT logon (domain/username/password). However, we don't want to request the user log... |
|
| Hacking into Passport (8 replies) |
| ASPFriends.com 'aspngsec' list |
| I am planning to use Microsoft Passport to authenticate members of my new website CoverYourASP.NET (currently in development). Now I read this article about a supposed fatal flaw in the system. What do others think of this? Is it a known issue that Microsoft acknowledges? http://www.devnewz.com/resources/1769.html James http://CoverYourASP.com/ Download it. Run it. Learn it. http://ASPRSS.com/ Pub... |
|
| Declarative Security (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I'm reading from this page... http://msdn.microsoft.com/library/en us/cpguidnf/html/cpconassert.asp?fra me 3Dtrue But having trouble getting it to run correctly. Here is my code... Public Class Log Public Sub New() Call MakeLog() End Sub Public Sub FileIOPermission(SecurityAction.Assert, All : 3D "C:\Log.txt") MakeLog() Dim TextStream As New StreamWriter("C:\Log.txt") TextStream.WriteLine("Thi... |
|
| FormsAuthentication.RedirectFromLoginPage (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngcs] to [aspngsec] by Charles M. Carroll darthcarroll@asplists.com Is there a way to override what page FormsAuthentication.RedirectFromLoginPage redirects to? I need to do this because if a user goes to a page that they do not have access to I redirect them to the login page. I then have to use FormsAuthentication.RedirectFromLoginPage so that the app knows that the user is Authen... |
|
| NTLM with Forms Authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I am using Forms Authentication in an application. For folks using Netscape I direct them to a login page that uses a Crypto Card with Kerberos for authentication. Ok, get a cookie. For folks using IE I send a response.Status "401 Unauthorized" to force NTLM authentication. If Request.ServerVariables("LOGON USER") comes back with a Domain and UserName I like, they get a cookie. If not, I send them... |
|
| extending IPrincipal (4 replies) |
| ASPFriends.com 'aspngsec' list |
| I have implemented the IPrincipal interface for my authentication. Now I want to add a method named GetFirstRole. But it doesn't seem to work. Is this interface protected for some reason or am I missing something? Here is the code from my implementation: using System; using System.Collections; using System.Security.Principal; namespace Stepsource { public class MyPrincipal : IPrincipal { private I... |
|
| public/private key encryption (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Does anyone know of any examples using public/private key encryption techniques with dotnet (RSA or DSA)? I've figured out the symmetrical encryption classes, but have yet to find any examples to work off of for using the asymmetrical encryption classes. I'd like to use asymmetrical encryption to encrypt/decrypt the symmetrical session key. Thanks for any tips. Get your FREE download of MSN Explor... |
|
