| non-aspx file security (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Is there a way to place the security/authorizations on a file (word doc, images, txt files) like you can with the aspx files with roles based authentication? I didn't see this option in any web.config settings. Aaron Kaufman Do You Yahoo!? Yahoo! Greetings Send FREE e cards for every occasion! |
|
| error logging to a custom event log (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Charles M. Carroll charlesmarkcarroll@yahoo.com hi, i'm trying to log errors occuring in my app to a custom event log, but i always get the following error message: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your s... |
|
| Error copying ASP.NET apps to other machines (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com I have develop an asp.net app in my machine. When I copied over the pages to others machines..and run it. I get this error.. Server Error in /fkm Application Server cannot acces the application directory 'L:\fkm\qbestats\'. The directory does not exist of is not accessible because of security settings. Description: An... |
|
| User Permissions on Assemblies (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, Does anybody know how to set user permissions on an assembly? Case scenario: My application references an assembly called "SecureAssembly.dll". This is a simple class containing a function called "AddNumbers()". So if I run my applicaiton under the "myserver/user1" WindowsIdentity... I would have access to the "AddNumbers()" function but if I run as "myserver/user2" or "IUSR myserver" I wo... |
|
| Forms Authentication (23 replies) |
| ASPFriends.com 'aspngsec' list |
| I am trying to set up forms authentication and it is not working. I have configured IIS to allow anonymous access and disallow all three modes of authenticated access for the application virtual directory, using the Computer Management console. Next, I created a login form called csLoginForm.aspx in the virtual directory. Finally, I modified web.config in the virtual directory to add the following... |
|
| WebRequest prob (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngwebservices] to [aspngsec] by Marcie Jones marciejones@yahoo.com Moved from [aspngfreeforall] to [aspngwebservices] by dreilly doug@accessmicrosystems.net I want to enter a directory which hasn't anonymous access. How do I send username and password, and avoid that user/password/domain box that pops up, so the user doesnt even know that it nees authentication? Code which returns H... |
|
| non-aspx file security update (3 replies) |
| ASPFriends.com 'aspngsec' list |
| All of a sudden pieces of it started working!? I went to bed frustrated that the aspnet isapi was not filtering requests to .doc files (or anything other than the standard .net install..aspx, cs, .config, etc..). I woke up and tried it one more time and it worked without any modifications. I'm suspecting some caching and cookies causing this. Now that the deny users "?" works I need to figure out ... |
|
| User.IsInRole in Usercontrol (3 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Copied from [aspngreuse] to [aspngsec] by Marcie Jones marciejones@yahoo.com Moved from [aspngfreeforall] to [aspngreuse] by Marcie Jones marciejones@yahoo.com Trying to use a User.IsInRole() in a User control, but it isn't being recognized. Works fine in an ASPX page. |
|
| Which Ports needs to be opened when using Integrated Windows Authentication (3 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Hello All, Does any one know which Ports needs to be opened in the Firewall, when using Integrated Windows Authentication? I searched a lot on MS site and I was not able to find any information. Thanks, Srinivas Chat with friends online, try MSN Messenger: http://messenger.msn.com |
|
| Redirection is not there! (2 replies) |
| ASPFriends.com 'aspngsec' list |
| hi, I am trying an example of using Forms Authentication. This is what I have given in my web.config file: authentication mode "Forms" forms name "LoginForm" loginUrl "./login.aspx" credentials passwordFormat "Clear" user name "guest" password "password"/ /credentials /forms /authentication But when I try to access anyother page, it is still going without redirecting itself to my login page!!. Am ... |
|
| Allowing selective anonymous access to page? (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi there...I'm using forms authentication and I'm wondering if there is any way to allow access to ONE page within the project anonymously (without redirecting to the default URL upon failure). Thanks! ALB |
|
| X LogOnUser as System (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I need to validate an NT username/password. The only way I know to do this is with the LogOnUser function. Unfortunately in w2k this function requires RunAsSystem rights to operate. I would prefer not to give the ASPNET account this right. Is there a way to get System to run this (reverttoself?)? The only solution I could think of was to create a dummy account with that right then logit in, get th... |
|
| Execute client-side code before postback (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Copied from [aspngcontrolscs] to [aspngsec] by James Avery javery@deluxeeng.com I think this was answered in a post several months ago but I was unable to track it down. I am interested in beginning able to execute some client side code to modify data before it is posted to the server. Specifically I am looking to create a login user web control that will encrypt the password before posting back t... |
|
| ip question (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com Hello all, I hope i posted this to the right list. I have a simple request, i think. I need to confine access to a website based on the first 2 subsets of an ip number. For example, If any ip address begins with 170.140 i need to allow access, if not, deny access. Any ideas? Thanks in advance. Richard M. |
|
| New Microsoft Web Service Security Alert (4 replies) |
| ASPFriends.com 'aspngsec' list |
| I was recently notified by MS of a new security concern with .NET web services. Basically its a redirect threat for web services that allow HTTP POST and HTTP GET access. The link is below; it can describe it much better than I can: http://msdn.microsoft.com/library/default.asp?url /library/en us/dnnetsec/html/disHTT.asp My question is, what is the real concern here? It seems that what's happening... |
|
| best method for secure user data? (9 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| What is the best method for storing session information (without session variables, I don't have SQL state enabled and I'm using a web farm) securely. If i just use cookies the info is not encrypted. I need to store values like "username" and password on the client so all ascx modules can find these variables. Is formsauthenticationticket the best methodology? ViewState? Would I need to create a t... |
|
| Security config problem? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com I have code behind that instantiates an unmanaged COM component (which is installed as a COM app) via interop. On my development machine, it works fine. When xcopy deployed to another server, however, the call to "new" to create the COM component throws "System.UnauthorizedAccessException: Access Is Denied". I've trie... |
|
| NOT ASWERED: impersonate in web.config, and problems with "insert into" in db (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi I have a case here. I have an app that has two levels, one (default) for all users and on level you log into, using windows authentication (lying in own folder, with rights set in IIS). I want to get user name etc, and use identity impersonate "true" / . But this means I get trouble when I want to insert data into my db's. When I remove this impersonate line, everythings works fine. The error m... |
|
| list authenticated users (8 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com Hi, When using forms authentication, is it possible to get a list of all logged in users (Collection of Context.User.Identity.Name's)? Thanks, Yannick Smits |
|
| Ticket Problem (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Have an ASP.NET application in development. Have a group of machines I'm testing on all running IE 6.0. MIS folks tell me all machines are exactly the same, but I get an error a on a few machines after login Invalid value for 'encryptedTicket' parameter. I'm using forms authentication, and I'm guessing this is the cause of the problem. Not sure if I can get around it with a browser setting... Anyo... |
|
| Access database security in .NET release (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Having upgraded from the Beta to the release, I now get the following when running my web application: The Microsoft Jet database engine cannot open the file 'C:\Inetpub\wwwroot\Sport\fpdb\Sports.mdb'. It is already opened exclusively by another user, or you need permission to view its data. Description: An unhandled exception occurred during the execution of the current web request. Please review... |
|
| pfx and 509x certificates (2 replies) |
| ASPFriends.com 'aspngsec' list |
| This is the code I am using to http wise comm. With a server that uses a proxy and a 128 bit certificate: Private Sub certify(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim httpWReq As HttpWebRequest Dim proxyObject As New WebProxy("http://samsproxy.verizonwireless.com:9090", True) Dim cert As X509Certificate X509Certificate.CreateFromCertFile("c:\downloads\s... |
|
| aspnet_wp.exe could not be launched?! (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by James Avery javery@deluxeeng.com Below are the errors that were displayed. After researching, I changed the UserName in ProcessModel of machine.config to "SYSTEM" and the problem went away. Had to do this because we promoted the box to a DC today (nice surprise, btw!) I'm curious what this does from a security standpoint for our web box...please try to... |
|
| Session Vars & Forms Auth - Syncronization? (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com Is it generally bad practice to use Forms Authentication and Session Variables if the expirations are both set to the same amount of time and Forms is set to non persistent? Will they get out of sync? Would it be better to latch on to the Forms Authentication cookie and store more information there? Thanks! Al ALB |
|
| Intrusion Detection Software (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspsecurity] to [aspngsec] by James Avery javery@deluxeeng.com Any thoughts on the best IDS software for IIS and .Net? Regards, Jon Ceanfaglione Director, Product Development CIS, Inc. The information contained in this communication is intended only for the use of the recipient named above, and may be legally privileged, confidential and exempt from disclosure under applicable law. If ... |
|
