| Source Code Vendalizem! (7 replies) |
| ASPFriends.com 'aspngsec' list |
| How do you protect your souce files from being vendalized? I have devloped a distributed app for a client using ASP.NET and now I have to copy, source files and all, on to client's web server so they could start using it. However, I don't know of a way to protect my source files (in which I have invested alot of time and money) from being vendalized by the client. Is there a way of replacing the c... |
|
| Forms-based authentication question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| If my application uses forms based authentication and it will only authenticate users under the credentials section of my web.config, how I am supposed to do forms based authentication dynamically, i.e pull usernames and passwords from the database? I can't see writing the credentials section on the fly with the XMLWriter object cos I don't see the web.config as being a file that can be autogenera... |
|
| DirectoryInfo Permissions (4 replies) |
| ASPFriends.com 'aspngsec' list |
| I created a directory browser type ascx. It works fine when I ask it to look at directories on the local machine. However, when I point it to look at a directory on another server it bombs. The directory on the other server is open to everyone. I get: A first chance exception of type 'System.IO.IOException' occurred in mscorlib.dll Additional information: Logon failure: unknown user name or bad pa... |
|
| FormsAuthentication SignOut Problem in V1 (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm using forms authentication for an application and I've put the FormsAuthentication.SignOut() function on my logout page just before a redirect (much like the IBuySpy logout page). The problem is that if you clicks Back after hitting the logout page, the application behaves as if you are still logged in. Any ideas out there on how to resolve this? Mark Hines This e mail and any attachments may ... |
|
| ASP.NET Version 1 Release Security Configuration Question (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I would like to write to the application event log with my asp.net application. I've written a console app to test my code, and it works just fine, writes to the event log just fine. However, when I try to use this same code in an asp.net app, I get the following error: System.Security.SecurityException: Requested registry access is not allowed. I know that this is a permissions problem, but for t... |
|
| Encryption (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I am in need of some simple encryption for a string password. I don't need anything highly secure as it's only to deter casual interference. I have some TripleDES code working, but it's really rather more than I need, partly because it's overkill, but partly because I do not know enough about TripleDES to feel confident using the code. Can anyone recommend a way to do some basic symmetric encrypti... |
|
| Password hash across machines (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Given string X, will the hash (SHA1 or MD5) generated on machine A be the same as the hash generated on machine B or must A and B share some key as they would if I were encrypting X? Thanks, Aaron |
|
| Authentication to NT Domain (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I am successfully able to authenticate a login against an NT domain from within the domain but I am wanting to authenticate against a different domain. Is it possible to authenticate against a domain if the web server is not part of that domain? Sean ************************* Sean Bytnar MCSE, MCP I Illinois State University Technology Specialist Campus Box 2202 Normal, IL 61790 v 309 438 7355 f 3... |
|
| WebForm Walkthrough: Integrated Security Problem (5 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm very new to VS.Net and am trying out the samples and walkthroughs. I'm having trouble with the walkthrough ms help://MS.VSCC/MS.MSDNVS/vsintro7/html/vxwlkWalkthroughCreatingWebApplicationUsingVisualCOrVisualBasic.htm. It offers up a page explaining how to connect to remote servers and I think I have followed the instructions. But I still get the same error. It fails to connect. And yet when I ... |
|
| Not Answered Before: Authentication to NT Domain (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngescalate] to [aspngsec] by Marcie Jones marciejones@yahoo.com I am successfully able to authenticate a login against an NT domain from within the domain but I am wanting to authenticate against a different domain. Is it possible to authenticate against a domain if the web server is not part of that domain? Sean ************************* Sean Bytnar MCSE, MCP I Illinois State Unive... |
|
| encyption question (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi folks! BR I have a problem here and no solution to it, maybe one of BR you can give me a hand. BR I have a asp/aspx page with dynamicly genorated content. BR At times the data it contains is sensative and it needs to BR be encrypted. So I sned the page with SSL (HTTPS) when BR there is secure content on the page. The only way I know BR how to do this is to redirect the user to a secured page BR... |
|
| Not Answered Before: Security Level and Form Authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I know that Form Authentication make the use of Cookie in Client workstation. When I use FormsAuthentication.SetAuthCookie(LoginName, False) in my project, all user can't login to my Web application when their client browser is configured as "Middle" or above Security Level. While they can successfully login IF they set it as "Low". Now, can I configure my applicaiton by using Form Authentication ... |
|
| Finding to which groups an Active Directory User belongs (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngcs] to [aspngsec] by Rob Caron robcaron@microsoft.com I am writing a security class library for our company to where when a user runs an application I can pull rights from AD. I have been playing with ADSI and can get/set properties on AD objects such as users. What I need to be able to do is to look at which groups a user is in on the AD so that I can give them rights to certain ... |
|
| Need opinions on authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I am developing a web based intranet. When an employee is created, their password is encrypted using the FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1") command and stored in the database in their encrypted form. I will also be using the "MD5" Encryption with the same method and tack that onto the existing password, so I have an ultra uncrackeable password. Is this... |
|
| Set permissions on a file. (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngcs] to [aspngsec] by Alex Lowe webmaster@asp grandrapids.net If i have a text file that i just created programmatically, how can i set the NTFS permissions on the file? Some sample source code would be appreciated. Seth Berger sberger@estco.net |
|
| 3rd submission: Form Authentication and Cookie Relation (6 replies) |
| ASPFriends.com 'aspngsec' list |
| I know that Form Authentication make the use of Cookie in Client workstation. When I use FormsAuthentication.SetAuthCookie(LoginName, False) in my project, all user can't login to my Web application when their client browser is configured as "Middle" or above Security Level. While they can successfully login IF they set it as "Low". Now, can I configure my applicaiton by using Form Authentication ... |
|
| authentication expiration time (5 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm doing formsauthentication the ibuyspy way. I would like to have the authentication expire after one day, or after browser has closed. But whatever I try it keeps expiring after 20/30 minutes (not sure). How can I achieve this? This is my code: loginpage.aspx: // Use security system to set the UserID within a client side Cookie FormsAuthentication.SetAuthCookie(userId, false); // asign role // ... |
|
| Impersonating Windows account - similar to ASPUser.com (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com Hi all Im converting an ASP project into a .NET program and am having a problem. In the ASP program, it makes a call to the ASPUser object (from ASPUser.com) to temporarily impersonate an NT user so they can upload files/delete files under this user. The problem I have is that I need to keep this functionality, but do... |
|
| Why isn't impersonation working correctly? (7 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm having some issues with impersonation under the release version security model. Problems with the change to the ASPNET account. If I have an entire directory set up to use impersonation, using the location path in web.config, shouldn't all the code run under that identity. I am using a specific domain account and password that I know has the rights to do what I am trying to do. My code is fail... |
|
| web.config Security bypassed (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I posted this in early January but got no takers so I'm trying again in the hope that one of you might spare the time to help me out.... I have an app that uses the web.config Location tag to protect directories and resources. If a user right clicks and tries to "save as" a protected resource they are denied access in accordance with the web.config entries. BUT if I use the following code to m... |
|
| Security Opinion Sought (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi folks, I just thought I'd throw this out to you in the hope that someone is doing something similar and may have an opinion that might help: A friend of mine(!) needs to make applications and resources available to a target audience. Now, the vital requirement is that the data be secure in terms of not allowing one member of that audience to view another's data. Data is stored in databases but ... |
|
| Get roles in Windows Authentication (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Is it possible to retrieve the roles a user belongs to? Using Windows Authentication. |
|
| Role based security - restricting ability to change roles in the principle? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, I am building an authentication module, that assigns the roles of an authenticated user to the principle when authentication occurs from a database. Problem is, that in any code, the roles in the principle can be modified. I want to stop the ability to redifne roles in the current context by code after the initial authentication has been done. Any ideas? Cheers, Gerard.... |
|
| How to use impersonation to access file resources? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com I am having trouble using File.Copy to copy a file to a mapped network drive. In an earlier post it was suggested I use impersonation to do this. It was a good suggestion but I am having a bit of trouble trying to implement it. Since the user is an anonymous user (though he does need to login and the login is forms ba... |
|
| Per-Session cookies (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngcommunity] to [aspngsec] by Marcie Jones marciejones@yahoo.com Hi, I'm using ASP.NET forms authentication and it works fine for some, for others it redirects back to the login screen even when the correct user/password are supplied. Is something wrong with the framework or client browser? Server: .Net Framework on Win2000 server, IIS5 Clients: IE 5.0/5.5/6.0 on NT4/Win98/Win2000 C... |
|
