News in the Category: Security Subscribe to the rss of this category.

Total posts: 1322 | Sort by Views | Sort by Hits

Implementing Active Directory Services in ASP.NET 2.0 Features, May 25, 2006
Views: 4,793 | Hits 922

With the introduction of ASP.NET 2.0 and Visual Studio 2005, many of the security tasks required to connect an application's authentication and authorization mechanisms to Active Directory have been d...

Free Sharepoint 2007 Book Download

ISerializable, June 20, 2006
Views: 6,843 | Hits 907

If you're into that kind of thing, Eli says there's a free book download about SharePoint 2007. Download the PDF directly from here.    Eli says: "Future or current SharePoint develope...

Making your assembly run "as Administrator" in Vista

Peter Brombergs UnBlog, April 3, 2007
Views: 5,832 | Hits 902

This came from one of my favorites in the C# newsgroup, Willy DeNoyette. I'll simply post the questions and answers directly, since there is no need to modify it except for some formatting and cleanup...

Custom Username and Password Authentication in WCF 3.5

Keyvan Nayyeri, February 2, 2008
Views: 5,188 | Hits 866

A few days ago I wrote about a new feature in WCF 3.5 to detect client's IP address. The other new feature in .NET Framework 3.5 and Windows Communication Foundation 3.5 is the ability to write custom...

Juggling Identity in the Brave New World

WebServices.Org Weblogs, February 25, 2006
Views: 1,516 | Hits 573

As we speed through the security industry?s gala ball?this week?s RSA Conference in San Jose?it?s clear that privacy and identity management are getting more attention than ever....

WSE3.0 and SoapContext.Security (obsolete)

Julia Lerman Blog - Dont Be Iffy..., December 21, 2005
Views: 4,812 | Hits 557

In WSE2.0, the recommended way to do authorization, was to attach a principal with role information to a SecurityToken in a custom UsernameToken manager (which you would be...

WCF Workshop Part 6 (Securing your Service Part 2 Message Encryption)

Federal Developer Weblog, August 2, 2006
Views: 4,156 | Hits 557

In Part 6 of the series, Ive added to the security choices by showing how to do Message-Level (aka., Encryption) between the Service and Client. Unlike Transport-Level Security (or SSL over HTTP) whic...

Query string encryption for ASP.NET

The Code Project Latest Articles, May 8, 2008
Views: 4,916 | Hits 556

Clear text query strings are a potential security threat for your web application. Thus, query strings should be always encrypted....

Test Secure Class Instantiation Helper Method

youve been HAACKED, September 21, 2007
Views: 1,512 | Hits 555

This is a quick follow-up to my last post. That seemed like such a common test situation I figured Id write a quick generic method for encapsulating those two tests. Ill start with usage. [Test] publ...

Custom Membership Provider under Minimal Trust in SharePoint 2007

Software/Technology Discussion, June 1, 2006
Views: 4,371 | Hits 551

Overview This document is a systematic instruction sheet for creating and installing an ASP.NET 2.0 Membership Provider into SharePoint 2007 Beta 2 installation. This document assumes the reader is f...

Urgent: Subtext Security Patch

youve been HAACKED, September 20, 2007
Views: 3,222 | Hits 503

A Subtext user reported a security vulnerability due to a flaw in our integration with the FCKEditor control which allows someone to upload files into the images directory without being authenticated....

The Security Patch Dilemma For Scripting And VM Based Languages

youve been HAACKED, September 21, 2007
Views: 1,188 | Hits 465

In his book, Producing Open Source Software, Karl Fogel gives sage advice on running an open source project. The section on how to deal with a security vulnerability was particularly interesting to me...

Controls Based Security in a Windows Forms Application

Simple Talk, January 22, 2007
Views: 2,660 | Hits 438

Jesse Liberty demonstrates a role-based security architecture for Windows Forms applications that will allow you to restrict access to any given control, on any form, so that it is either invisible or...

Remote File Sync using WCF and MSF

Bryant Likess Blog, January 3, 2008
Views: 4,147 | Hits 425

One of the things I've been looking into in my free time is the Microsoft Sync Framework (MSF) (currently in CTP mode). The MSF is: [A] comprehensive synchronization platform enabling collaboration...

WSE: Security Token could not be retrieved vs. Permissions and some other Certificate hints

Julia Lerman Blog - Dont Be Iffy..., January 16, 2006
Views: 3,030 | Hits 422

I was pushing a new WSE 3.0 web service to a test web server. Whenever I tried to authenticate I was getting "Security Token could not be retreived" from the server. WSE590:...

Forefront Bug Deletes Data in SharePoint Files

Microsoft Certified Professional Magazine Online | Todays Top Picks, July 6, 2009
Views: 1,313 | Hits 391

Microsoft last week described a problem with its Forefront enterprise security solution for SharePoint Server, cautioning that document data could get deleted as a result of the bug....

Updates to Amazon S3 and Silverlight

Method ~ of ~ failed, July 16, 2008
Views: 1,960 | Hits 387

After posting my sample implementation of accessing Amazon Simple Storage Solution (S3) via Silverlight, I reflected quickly and also chatted with some AWS engineers. Cross-domain Policy One thing t...

Running ASP.NET in Medium Trust

Rick Strahls WebLog, July 10, 2006
Views: 3,568 | Hits 379

I’ve been spending a bit of time testing my ASP.NET West Wind Web Store application in medium trust, and it’s been a hit or miss situation finding little things here and there that donR...

Authentication in web services using C# and Kerberos (POC)

The Code Project Latest Articles, July 7, 2008
Views: 3,281 | Hits 353

This article is considered a proof of concept article (POC) to explain how Kerberos authentication can be implemented to authenticate requesters when they need to request a web service.... - OpenId - Verisign -

Scott Cates WebLog, October 3, 2007
Views: 1,153 | Hits 337

Last week I was in Boise, speaking to their .NET User Group, with The group leader, Cory Isakson, was talking about his PayPal Security Key. This is the key chain fob that has a tiny screen...

How to pass custom object between WCF client app and custom issued security token provider

hongmeigs WebLog, September 13, 2007
Views: 4,863 | Hits 323

There are two options: 1. OperationContext.Current. Pros: This is pretty straightforward and relatively hard to discover.  Cons: This is a thread local storage, and you are invoking a ...

ClientBase<T> and a Common Base Class

Rick Strahls WebLog, December 14, 2007
Views: 2,137 | Hits 310

I've been racking my head over a 'generic' problem in relation to a WCF Web service client. I have an component that acts as a Web Service wrapper to proxy calls between a non-.NET client and a WCF We...

Windows Auto Sign On In Locked Mode

Steven Smith, September 4, 2009
Views: 2,069 | Hits 308

Earlier this week, after enduring yet another windows update, I came up with a feature request for Windows that would make me a much happier user.  Weve all heard about requests for speeding up b...

IActionable: Add Items to Your DotNetNuke Module Menu

Shaun Walker, September 29, 2006
Views: 4,238 | Hits 308

.Code { background-color: #FFFBD6; border-style: dashed; border-width: 1px; border-color: #cc0000; padding: 5px 10px 5px 10px; } .CodeKeyword { color: #0000FF; } .CodeComment { color: #008000;...

ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources

ScottGus Blog, February 24, 2006
Views: 1,810 | Hits 303

I usually try and spend at least an hour or two each night hanging out on the ASP.NET Forums answering questions.  The last week or so Ive been spending a lot of time in the Security Forum answer...

Rackspace Cloud (MOSSO) doesnt support Linq2Sql? (ReflectionPermission CAS)

Jeffrey Palermo, June 6, 2009
Views: 1,905 | Hits 289

I tried to set up a website with Mosso, the Rackspace cloud.  What was really interesting and much more compelling that Azure is that they claim they support .Net 3.5 SP1 and ASP.NET MVC as well ...

Adding to SharePoint List from a Web Service

Software/Technology Discussion, June 28, 2007
Views: 2,901 | Hits 282

I've been racking my brain for the last couple of days trying to figure out how to add a list item to a WSS 3/MOSS 2007 list via the object model from an anonymous web service.  At first I ran in...

How to skip server certificate validation error when using HTTPS?

Wenlong Dongs Blog, August 17, 2007
Views: 3,041 | Hits 272

When you are developing a WCF service with an HTTPS endpoint (i.e., you enabled Transport security), you would want to test it with a test certificate or a certificate which has some invalid data. The...

ConfigSource attribute on system.serviceModel section

Pablo M. Cibraro (aka Cibrax), July 24, 2007
Views: 1,497 | Hits 271

The configSource attribute was firstly introduced in .NET framework 2.0 to support external configuration files. This attribute can be added to any configuration section to specify a an...

Workflow + InfoPath Forms, Form is not workflow enabled??

Sahil Malik -, August 19, 2007
Views: 2,594 | Hits 267

This has to be one of the most common errors you will encounter when tying your WF's with Infopath Forms. So we all know that you can have instantiation/association/modifica...

KeePass + FolderShare = Store your passwords securely and share them at the same time

ISerializable, February 16, 2006
Views: 1,108 | Hits 264

KeePass for the past month or so and I love it. FolderShare to automatically synchronize my passwords with all my machines. I only need to remember one unique password - the one to open KeePass. the r...

Chapter 5 - Mock Object Frameworks - Done

ISerializable, June 7, 2007
Views: 1,260 | Hits 261

Last night I finally Finished chapter five in my upcoming book about unit testing. Chapter five was all about Mock Object frameworks and was the longest and hardest to write so far. Some of the reason...

Resharper : Don't develop with out it.

Scott Cates WebLog, April 13, 2007
Views: 1,132 | Hits 260

If you've ever seen my demo, you've noticed that I use and talk about Resharper a lot. I love it. It does so many things that enhance productivity, it's simply amazing. Here is my favorite feature of ...

WCF Impersonation for Hosted Services

Wenlong Dongs Blog, May 18, 2006
Views: 2,772 | Hits 252

In my blog entry ASP.NET Compatibility Mode, I showed how to do impersonation with ASP.NET approach. WCF provides more flexible operation-level impersonation. Here is a common question:   Questio...

Sharkshield Ah: this takes all the fun out of it!

Rick Strahls WebLog, March 16, 2006
Views: 2,212 | Hits 252

I thought this was pretty funny:   Interesting when you dig through the site there's not a heck of a lot of information on how the thing works. All I see i...


Miguel de Icaza, March 8, 2006
Views: 1,476 | Hits 236

Joe posted an enthusiastic description of AppArmor: a Novell technology that uses the Linux security infrastructure to improve the security of your system. Novell originally acquired this proprietary...

Membership, Users and Roles on GoDaddy

ASP.NET Announcements, August 8, 2007
Views: 2,924 | Hits 236

Salmon Training has released our latest training pack: Going Live on Go Daddy (TM) with your ASP.Net 2.0 Membership Website. Part I sets up the membership site on your PC. We leave you to have the fun...

Upload multiple large files to your DNN site fast!

Joe Brinkman, January 10, 2009
Views: 3,510 | Hits 233

Silverlight File Uploader is a DotNetNuke 4 & 5 module that is a "wrapper" around the Open Source project Silverlight File Upload. It adds upload security that the original project does not curren...

Hashing, MACs, and Digital Signatures in .NET

GotDotNet: New resources, November 10, 2006
Views: 1,099 | Hits 230

This article covers what the differences are between hashing, MAC and digital signatures. It presumes a certain level of knowledge about encryption methods especially the difference between symmetric ...

Ideas for Improving ASP and ASP.NET Web Application Security - Part 1 - The #1 ASP.NET Community, June 16, 2006
Views: 1,085 | Hits 230

In the first part of this article, Brett provides ideas for improving the security of ASP and ASP.NET web applications....

ASP.NET 2.0 Active Directory Provider Model Security Options

Canadian Launch Tour 2005 - Launch Blog, October 20, 2005
Views: 3,160 | Hits 228

For those that want to learn more about the Security options for Authentication and Authorization with the ASP.NET 2.0 Provider Models then I recommend you visit my blog as I outline how to enable dif...

ASP.NET 2.0 Security, Membership and Roles Tutorials

ScottGus Blog, June 20, 2006
Views: 2,386 | Hits 221

Scott Mitchell recently published part 5 of his nice series on using the new ASP.NET 2.0 Membership and Roles features.  You can read the series here: -- Part 1 - Learn about how the me...

NetNamedPipeBinding and Impersonation, March 7, 2006
Views: 2,945 | Hits 217

On of the top benefits to using NetNamedPipeBinding is that we provide an on-box guarantee for your messages. The on-box guarantee is enforced by Denying the Network Security Identifier (SID: S-1-5-2)...

Using the SecureString Class

DevX: .NET Feed, August 21, 2007
Views: 3,136 | Hits 213

NET 2.0's System.Security namespace includes the SecureString class, which lets you create encrypted strings and delete them from memory when they're no longer needed....

JSON and Why I am glad security is the way it is with Web Services in IE

Wallace B. McClure, November 24, 2005
Views: 1,073 | Hits 207

As I am working on our "AJAX with ASP.NET" book, I have had this one nagging question "Why can't I make a request against a web service on another server"  I still don't have a specific answe...

Medium Trust - WebPermissions and SmtpPermissions

Rick Strahls WebLog, March 6, 2007
Views: 2,254 | Hits 206

Ive been going over some final code tweaks to my West Wind Web Store for a new release and one thing Ive been fretting over is a couple of Trust issues related to Http permissions and Socket/SMTP per...

Mask Your Web Server for Enhanced Security Features, January 5, 2006
Views: 982 | Hits 201

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no u...

Medium trust issue in ASP.NET 2.0

Keyvan Nayyeri, June 3, 2006
Views: 2,236 | Hits 201

This issue for us on ASPnix bit me to post this. Medium trust issue in ASP.NET 2.0 is one of most common issues for developers on most of shared hosting environments. Those of you who havent depl...

Book Plug: Professional ASP.NET 2.0 Security, Membership, and Role Management

Brad Abrams, January 30, 2006
Views: 946 | Hits 200

Stefan Schackow a PM on my new team recently published at great book on the applications services offered by ASP.NET 2.0.  While I have only worked with Stefan for a month now it is already obvio...