News in the Category: Security Subscribe to the rss of this category.

Total posts: 1322 | Sort by Views | Sort by Hits

Stopping ASP.NET web.config inheritance

Brendan Kowitzs Web Log - Yes means I understand, however, it does not correspond to action., May 16, 2007
Views: 13,765 | Hits 119

If you are only ever running one ASP.NET application on a website this is not an issue. However, if you are running a site which may have an application at the root and other separate applications run...

Mutex and Semaphore WaitHandles: An Overview

Clarity Blogs: ASP.NET, May 30, 2006
Views: 10,720 | Hits 77

I am willing to bet that every developer has been warned about the dangers of developing multi-threaded operations at some point in their career. Let's face it, we have enough to worry about with app...

System.Web.AspNetHostingPermission when Accessing Network or Intranet Projects using Visual Studio 2005

Jason N. Gaylords Blog, February 13, 2007
Views: 10,058 | Hits 44

I rebuilt one of my development machines recently and attempted to access a project that I had out on a network share. I continually received project messages about the project not being trusted. I re...

Free Sharepoint 2007 Book Download

ISerializable, June 20, 2006
Views: 6,849 | Hits 907

If you're into that kind of thing, Eli says there's a free book download about SharePoint 2007. Download the PDF directly from here.    Eli says: "Future or current SharePoint develope...

ASP.NET Membership Tip: Requiring New Users To Change Their Password When Logging On For The First Time

Scott on Writing, July 27, 2009
Views: 6,450 | Hits 40

Most Internet-facing websites that support user accounts allow visitors to register an account on their own. Take a site like Facebook, for example. A visitor who wishes to create a new account may do...

Making your assembly run "as Administrator" in Vista

Peter Brombergs UnBlog, April 3, 2007
Views: 5,844 | Hits 902

This came from one of my favorites in the C# newsgroup, Willy DeNoyette. I'll simply post the questions and answers directly, since there is no need to modify it except for some formatting and cleanup...

Content Rewriting through Cisco WebVPN

the telerik blogs, October 13, 2009
Views: 5,326 | Hits 32

By default, all Cisco security appliances process all WebVPN traffic through a content rewriting engine that includes advanced elements such as JavaScript and Java to proxy HTTP traffic. That is a goo...

Custom Username and Password Authentication in WCF 3.5

Keyvan Nayyeri, February 2, 2008
Views: 5,212 | Hits 866

A few days ago I wrote about a new feature in WCF 3.5 to detect client's IP address. The other new feature in .NET Framework 3.5 and Windows Communication Foundation 3.5 is the ability to write custom...

Query string encryption for ASP.NET

The Code Project Latest Articles, May 8, 2008
Views: 4,935 | Hits 556

Clear text query strings are a potential security threat for your web application. Thus, query strings should be always encrypted....

How to pass custom object between WCF client app and custom issued security token provider

hongmeigs WebLog, September 13, 2007
Views: 4,867 | Hits 323

There are two options: 1. OperationContext.Current. Pros: This is pretty straightforward and relatively hard to discover.  Cons: This is a thread local storage, and you are invoking a ...

WSE3.0 and SoapContext.Security (obsolete)

Julia Lerman Blog - Dont Be Iffy..., December 21, 2005
Views: 4,828 | Hits 558

In WSE2.0, the recommended way to do authorization, was to attach a principal with role information to a SecurityToken in a custom UsernameToken manager (which you would be...

Implementing Active Directory Services in ASP.NET 2.0

15Seconds.com Features, May 25, 2006
Views: 4,793 | Hits 922

With the introduction of ASP.NET 2.0 and Visual Studio 2005, many of the security tasks required to connect an application's authentication and authorization mechanisms to Active Directory have been d...

Custom Membership Provider under Minimal Trust in SharePoint 2007

Software/Technology Discussion, June 1, 2006
Views: 4,375 | Hits 551

Overview This document is a systematic instruction sheet for creating and installing an ASP.NET 2.0 Membership Provider into SharePoint 2007 Beta 2 installation. This document assumes the reader is f...

IActionable: Add Items to Your DotNetNuke Module Menu

Shaun Walker, September 29, 2006
Views: 4,246 | Hits 308

.Code { background-color: #FFFBD6; border-style: dashed; border-width: 1px; border-color: #cc0000; padding: 5px 10px 5px 10px; } .CodeKeyword { color: #0000FF; } .CodeComment { color: #008000;...

An overview of how securityTrimmingEnabled is supposed to work.

-[ Danny Chen ]-, March 16, 2006
Views: 4,230 | Hits 119

I think that the #1 most confusing or misunderstood portion of Site Navigation is the securityTrimmingEnabled flag and the roles attribute on siteMapNodes.  This post wil hopefuly clear up some o...

WCF Workshop Part 6 (Securing your Service Part 2 Message Encryption)

Federal Developer Weblog, August 2, 2006
Views: 4,174 | Hits 557

In Part 6 of the series, Ive added to the security choices by showing how to do Message-Level (aka., Encryption) between the Service and Client. Unlike Transport-Level Security (or SSL over HTTP) whic...

Remote File Sync using WCF and MSF

Bryant Likess Blog, January 3, 2008
Views: 4,153 | Hits 425

One of the things I've been looking into in my free time is the Microsoft Sync Framework (MSF) (currently in CTP mode). The MSF is: [A] comprehensive synchronization platform enabling collaboration...

The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain

Colt Kwongs Blog, August 3, 2007
Views: 4,018 | Hits 139

My colleague created a WMware Windows base image and I asked him to send a new copy to me because I need an environment of 2 separate (virtual) machines for AppServer (machineA) and DbServer (machineB...

DotNetNuke Tutorial: Working with Security Roles

A DotNetNuke blog for tutorials, tips & tricks, October 19, 2005
Views: 3,999 | Hits 68

One of the most complex and important elements you need to understand when working with DotNetNuke is setting up the Security Roles.This tutorial covers: * An explanation of Security Roles * An analys...

SQL Server Reporting Services Subscriptions with custom security

Clarity Blogs: ASP.NET, May 28, 2008
Views: 3,879 | Hits 12

I ran into an interesting 'gotcha' when working with an SSRS site that has a custom security extension implemented (instead of using the built in Windows authentication model, see the MSDN sec...

Unrecognized attribute 'securityTrimmingEnabled'. Note that attribute names are case-sensitive

Steven Smith, November 5, 2007
Views: 3,680 | Hits 9

Saw this error today working with the SiteMapDataSource in ASP.NET 3.5/VS2008.  Apparently this is a bug that has been around for a while, and is discussed here and logged in Connect here. The is...

Running ASP.NET in Medium Trust

Rick Strahls WebLog, July 10, 2006
Views: 3,584 | Hits 379

I’ve been spending a bit of time testing my ASP.NET West Wind Web Store application in medium trust, and it’s been a hit or miss situation finding little things here and there that donR...

Upload multiple large files to your DNN site fast!

Joe Brinkman, January 10, 2009
Views: 3,514 | Hits 233

Silverlight File Uploader is a DotNetNuke 4 & 5 module that is a "wrapper" around the Open Source project Silverlight File Upload. It adds upload security that the original project does not curren...

ReflectionPermission requirements in anything but Full Trust in ASP.NET

Rick Strahls WebLog, May 20, 2006
Views: 3,342 | Hits 131

I ran into a bit of a revelation today when I got a message from a customer who had been running our West Wind Web Store in development and ran into a number of issues when deployed on the server. As ...

ASP.NET Web Services, HTTP GET and POST

Software/Technology Discussion, June 14, 2007
Views: 3,304 | Hits 148

Since the beginnings of ASP.NET 1.1, Microsoft disabled HTTP GET and POST actions on .NET Framework based web services (for security reasons).  If you want to enable these protocols, add the foll...

Authentication in web services using C# and Kerberos (POC)

The Code Project Latest Articles, July 7, 2008
Views: 3,288 | Hits 353

This article is considered a proof of concept article (POC) to explain how Kerberos authentication can be implemented to authenticate requesters when they need to request a web service....

BUG: Error message when you enable the Debug in Zone feature for projects in a solution and then you debug the solution in Visual Studio 2005: "The security debugging option is set but it requires the Visual Studio hosting process which is unavailable"

kbAlertz.com :: Visual Studio 2005, March 2, 2006
Views: 3,266 | Hits 40

913451 ... BUG: Error message when you enable the Debug in Zone feature for projects in a solution and then you debug the solution in Visual Studio 2005: "The security debugging option is set but it ...

Urgent: Subtext Security Patch

youve been HAACKED, September 20, 2007
Views: 3,226 | Hits 503

A Subtext user reported a security vulnerability due to a flaw in our integration with the FCKEditor control which allows someone to upload files into the images directory without being authenticated....

Adding users to a TFS project when youre not on the domain

JonGalloway.ToString(), October 15, 2009
Views: 3,187 | Hits 43

Visual Studio Team System was obviously designed for user groups who are all members of a Windows Active Directory domain, all working in the same local network. Im able to work remotely (without VPN,...

ASP.NET 2.0 Active Directory Provider Model Security Options

Canadian Launch Tour 2005 - Launch Blog, October 20, 2005
Views: 3,164 | Hits 228

For those that want to learn more about the Security options for Authentication and Authorization with the ASP.NET 2.0 Provider Models then I recommend you visit my blog as I outline how to enable dif...

Using the SecureString Class

DevX: .NET Feed, August 21, 2007
Views: 3,151 | Hits 213

NET 2.0's System.Security namespace includes the SecureString class, which lets you create encrypted strings and delete them from memory when they're no longer needed....

Creating and Managing a Connection String with Oracle ODP.NET

Radical Development, August 24, 2007
Views: 3,056 | Hits 141

If you need to view or even modify your connection string at runtime then give OracleConnectionStringBuilder a look. For example, the following method will pull the connection properties and display t...

How to skip server certificate validation error when using HTTPS?

Wenlong Dongs Blog, August 17, 2007
Views: 3,043 | Hits 272

When you are developing a WCF service with an HTTPS endpoint (i.e., you enabled Transport security), you would want to test it with a test certificate or a certificate which has some invalid data. The...

WSE: Security Token could not be retrieved vs. Permissions and some other Certificate hints

Julia Lerman Blog - Dont Be Iffy..., January 16, 2006
Views: 3,032 | Hits 422

I was pushing a new WSE 3.0 web service to a test web server. Whenever I tried to authenticate I was getting "Security Token could not be retreived" from the server. WSE590:...

Card Space exception: incoming policy failed validation

hongmeigs WebLog, July 30, 2007
Views: 3,029 | Hits 58

One possibility is that your binding does not contains required claim types. In your client binding, make sure you have at least one required claims: WSFederationHttpBinding binding = new WSFederation...

NetNamedPipeBinding and Impersonation

kennyw.com, March 7, 2006
Views: 2,948 | Hits 217

On of the top benefits to using NetNamedPipeBinding is that we provide an on-box guarantee for your messages. The on-box guarantee is enforced by Denying the Network Security Identifier (SID: S-1-5-2)...

Using Encrypted Authentication

Jason N. Gaylords Blog, February 21, 2007
Views: 2,947 | Hits 112

If you use the built-in authentication in ASP.NET, its a good idea to use Hashed or Encrypted passwords. The issue with using Hashed passwords is that you cannot use the built-in password retrieval me...

Security and Ajax.NET Professional

Ajax.NET Professional, May 12, 2006
Views: 2,939 | Hits 85

I have written a short example about how to use web forms security with Ajax.NET Professional. The example (C# and VB.NET) is included in the latest version available at http://www.ajaxpro.info/. Disc...

Membership, Users and Roles on GoDaddy

ASP.NET Announcements, August 8, 2007
Views: 2,930 | Hits 236

Salmon Training has released our latest training pack: Going Live on Go Daddy (TM) with your ASP.Net 2.0 Membership Website. Part I sets up the membership site on your PC. We leave you to have the fun...

Adding to SharePoint List from a Web Service

Software/Technology Discussion, June 28, 2007
Views: 2,906 | Hits 282

I've been racking my brain for the last couple of days trying to figure out how to add a list item to a WSS 3/MOSS 2007 list via the object model from an anonymous web service.  At first I ran in...

SecurityTokenManager in WSE 2.0

hongmeigs WebLog, August 25, 2004
Views: 2,866 | Hits 184

The idea of SecurityTokenManager is very powerful.  It provides one single place to extend the WSE built-in token infrastructure.   You can only have one t...

Sharing the security context between ASP.NET and WCF REST Services

Pablo M. Cibraro (aka Cibrax), April 8, 2009
Views: 2,849 | Hits 118

It is very common for WCF services that work as Ajax callbacks and ASP.NET pages that live in the same web application to share a common security context for the authenticated user. However, in order ...

Enable SmartPart with AJAX in SharePoint

Colt Kwongs Blog, June 9, 2008
Views: 2,841 | Hits 82

I just try SmartPart and enable AJAX functionality in SharePoint tonight, here are few notes:1. Download and install SmartPart (make sure SmartPart is deployed and affect all WSS sites as shown in the...

WCF Impersonation for Hosted Services

Wenlong Dongs Blog, May 18, 2006
Views: 2,775 | Hits 252

In my blog entry ASP.NET Compatibility Mode, I showed how to do impersonation with ASP.NET approach. WCF provides more flexible operation-level impersonation. Here is a common question:   Questio...

Controls Based Security in a Windows Forms Application

Simple Talk, January 22, 2007
Views: 2,670 | Hits 438

Jesse Liberty demonstrates a role-based security architecture for Windows Forms applications that will allow you to restrict access to any given control, on any form, so that it is either invisible or...

CardSpace Demo Video

Thom Robbins .NET Weblog, April 14, 2007
Views: 2,662 | Hits 21

Christian has a great new demo video using Windows CardSpace to provide a secure way to authenticate and register your users for your ASP.NET Web Application. This is based on his Visual Studio 2005 T...

Workflow + InfoPath Forms, Form is not workflow enabled??

Sahil Malik - blah.winsmarts.com, August 19, 2007
Views: 2,598 | Hits 267

This has to be one of the most common errors you will encounter when tying your WF's with Infopath Forms. So we all know that you can have instantiation/association/modifica...

Data Refresh Failed in Excel Services

Colt Kwongs Blog, August 17, 2009
Views: 2,584 | Hits 65

I prepared a SharePoint Report Center portal by using SharePoint 2007 recently, but I was unable to refresh the Excel workbook on my portal and got an error message: Unable to retrieve external data ...

Unit tests for WCF (And Moq)

Pablo M. Cibraro (aka Cibrax), May 16, 2008
Views: 2,534 | Hits 71

As you may know, testing WCF services is not as simple as referencing a service implementation and start writing unit tests against it. If the service we want to test has a high dependency with the op...