| Does this code actually authenticate a user on ADSI..... (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Dim sADPath As String "LDAP://MyADDomainString" Dim DE As New DirectoryEntry(sADPath, username, password) Try If Not DE.Name Is Nothing Then Return True 'Authentication Successful End If Catch err As Exception Return False ' Authentication Failed Finally DE Nothing End Try It apears tome that this code is just verifying that they a person with the value in 'username' has a Name property in AD. So,... |
|
| Copy protecting desktop application (12 replies) |
| ASPFriends.com 'aspngsec' list |
| I need to copy protect a desktop application so that distributors and end users cannot easily copy the application and use it without our knowledge. Since the product will sell in the $5 $10,000 range per copy, this is a fairly important consideration. I would like to distribute a license key separately from the application so that the application cannot be started without it. How can I create a k... |
|
| Forms Security and .Net Service Packs (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I have noticed that each time I upgrade .Net with a new service pack on my server I find that all the users that are using Forms security and cookies to remember their logins have to re login to the site. Do any of you know why this is happening and how to avoid it? Cheers, Julian Voelcker The Virtual World (UK) Limited Cirencester, United Kingdom |
|
| Installing an APPlication (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngstart] to [aspngsec] by Victor Von Doom doctordoom@aspelite.com Hi all, I am installing a web application on a client that just installed the .NET framework When I go to run the application I get an error message, that says something to the effect of "This application can be started, check the event log for errors" In the eventlog, the error basically says that there is something ... |
|
| forms-authentication (5 replies) |
| ASPFriends.com 'aspngsec' list |
| I tested the example and i liked very much this way to make security, but i didn't understand one thing, inside my project if i have some pages that no need be check(no security). how can i mark the pages that need or not check the security ? thanks a lot, []s, Gustavo. Original Message From: Scott Mitchell [mailto:mitchell@4guysfromrolla.com] Sent: segunda feira, 5 de agosto de 2002 17:12 To: asp... |
|
| Security Design: Authenticating users by IP address (7 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, I'm looking for options on how to Authenticate users. Intranet users who visit the site DO NOT have to login. Extranet users who visit the site with a domain name need to log in except if they come from a group of fixed ip addresses. We have a requirement to recognize some Hotel Users by there IP address because they don't want the extra burden of remembering passwords for the numerous pot... |
|
| IsAuthenticated woes (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi! I have a site that employs form authentication (strongly modified version of ibuyspy portal). Intermittently, for logged in users the IsAuthenticated property will return false even though the client sends a valid authentication ticket. If such page is refreshed, IsAuthenticated goes back to true! Have you ever encountered such behaviour? Any hints/thoughts/concolences? :) Thanks Remas http://... |
|
| Re-direction does not work before loging into the app. (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Michiel van Otegem mvo@mail.aspnl.com I have an ASP.NET project that uses Forms authentication. I have added a "Contact Us" link in the login page. The problem is that the redirection to the Contact Us page does not work since the user was not authenticated. How can I solve this problem? Thanks, Marcelo. |
|
| Role authorization in Beta 2 (19 replies) |
| ASPFriends.com 'aspngsec' list |
| Hey all, I know this has been a frequently discussed issue, and I've spent most of the night poring through the archives found in this group, and have seen many helpful answers. The only problem is (and of course, theres always a problem, elsewise I would not be writing this) I have not been able to get them to work. I previously (more like 4 months ago) wrote in with this problem, and Erik Olson ... |
|
| Forms Authentication ReturnURL (15 replies) |
| ASPFriends.com 'aspngsec' list |
| In forms authtentication Information about the originating page where access was requested is placed in the query string using RETURNURL as the key. In beta1 this contained the entire URL. In the release this contains the path but not the web site. If you are using forms authentication across multiple websites. How do you know what the originating page is? |
|
| HttpWebRequest and X509Certificates...anyone? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Has anyone had luck accessing a secured SSL site using HttpWebRequest and the X509Certificate class. I keep getting the error "Could not establish trust relationship with remote server.I have successfully exported a .pfx file to a DES 509 certificate .cer file. I then read in the certificate file with the code below and TRY to post data to HTTPS server. Here is my code. Thanks much Paul //////////... |
|
| Video Seminar of ASP.NET Security of PDC 2001 by Eric Olson (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Folks, Any idea where I can Download/View the Video Seminar of ASP.NET Security of PDC 2001 (http://www.microsoft.com/Seminar/Includes/VideoSeminar.asp?url /Seminar/en/ developers/2002218ASPNetSecur/portal.xml) The presentation was by Eric Olson. Thanks Raman |
|
| Must impersonate in web.config (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, Anyone know of a way (or even possible) to force a user to use impersonation in their web.config file as well as specify the username and password? Thanks, Ely |
|
| New Asp.net Web site ACL security permissions (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I have an IIS server on w2k. I am setting up a new web site, which will have the web files located on a different drive than wwwroot. I installed the new ip, created the web site, re ran aspnet regiis.exe i (I think you have to do this whenever you install a new website to get the aspnet client directory installed). The question is what are the ACLs needed on the website's directories? Is there an... |
|
| FileCopy copyto permissions for copying across network? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com What do I have to do to make this work...I know the worker is running under user ASPNET but I can't figure out how to give that user permissions to my network share that I need to copy files from and to. I've tried changing the ProcessModel setting to LOGIN as a valid user...but am coming up empty handed... |
|
| Temp ASP.NET directory (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, I was wondering if anyone has had any luck changing the Temporary ASP.NET files directory using the following tag: compilation tempDirectory "E:\web\T\test2.com\Temporary ASP.NET Files" /compilation I have been able to get it to work if I run the aspnet process under the System account, but if I try impersonating my IIS User, it fails with an access denied error, even though the IIS User ha... |
|
| Protecting non aspx and ascx resources (11 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspappsecurity] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Moved from [aspngsec] to [aspappsecurity] by Tim Musschoot Tim.Musschoot@rug.ac.be Hi, Where can I tell the asp worker process to watch over non aspx and non ascx files. Currently, any other file with .rpt, .sql extension can bedownloaded without authentication. Thanks, Wolfgang |
|
| Forms Authentication and Roles (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all I'm using ASP.NET's built in forms authentication. I have all the user information, including the roles stored in a database. I limit access to areas of the site by defining which roles can access which virtual paths in the Web.config file. It all works very well. My question is, when ASP.NET denies access to a certain area, it bounces that person to the login screen. Now the user in questi... |
|
| FormsAuthenticationTicket Info (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Can someone point me to any info on applications of FormsAuthenticationTicket class? The MS docs are a bit thin in this area. Would it be when you want more direct control of the user's session? I'm trying to get a handle on when I would need to/want to use this ... as it seems this "general" functionality might be implemented behind the scences when using something like below for user authenticat... |
|
| Roles and Form Based Authentication (7 replies) |
| ASPFriends.com 'aspngsec' list |
| Ok, I'm ready to pull the last of my hair out. I have a website with forms authentication: authentication mode "Forms" forms name "FormAuthentication" path "/" loginUrl "Login.aspx"/ /authentication a login page that assigns a role to the user: if(my user is authenticated) { HttpContext currentContext HttpContext.Current; string formsCookieStr string.Empty; FormsAuthenticationTicket ticket new For... |
|
| Forms authentication and code security (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti peter@aspdll.com I'm writing a ASP.NET Web application using using forms based security and I'd like to be able to write to the event log with my ASP.NET application. When I attempt to do this I receive an exception: Exception Details: System.Security.SecurityException: Requested registry access is not allowed. Source Error: 20 Line 21: ... |
|
| Roles from DB when using forms authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Is there a way to get a list of custom/dynamic roles into the FormsAuthenticationTicket once, when the user is authorized, instead of the samples I have seen where a new ticket gets set up in the Application AuthenticateRequest event by managing a separate cookie that contains a ticket with the list of custom roles read in from the database? |
|
| System.IO.Directory.GetFiles (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Does anyone know why I'd get "Could not find a part of the path" and "Incorrect login" errors when I attempt to call the System.IO.Directory.GetFiles routine? I've taken off anonymous access (meaning that I'd HAVE to be authenticated with my domain credentials since that's how I'm logged in) and it still bombs out ... |
|
| Impersonating (9 replies) |
| ASPFriends.com 'aspngsec' list |
| I remember a recent impersonation discussion utilizing calls to LogonUser() in ADVAPI32. Has anyone found this to work on their workstation but not on the web server? We're running into this now and can't figure it out. My workstation is 2000Pro (Native) and our web servers are 2000 adv server, active directory. Thanks. Regards, Tim Ellison Senior Web Applications Developer, Long and Foster Real E... |
|
| MSDE dD: DOT.NET connection works but not ASP connection string! (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm running MSDE, Server is "(local)" machine name assume "machinename" and I'm connecting to IBuyStore Portal Database. This connection works in .NET work SqlConnection("server localhost;Trusted Connection true;database Portal" ) This same string doesn't work in ASP3.0 'cn.Open "server localhost;Trusted Connection true;database Portal" But I have to do this (ie. Specify the driver): cn.Open "Prov... |
|
| .NET Security error after changing SQL stored procedure (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Copied from [ngfx sqlclient] to [aspngsec] by Bob Levittan blevittan@hotmail.com Moved from [aspngibuyspy] to [ngfx sqlclient] by Bob Levittan blevittan@hotmail.com After I change or add a SQL stored procedure and recompile my VisualBasic.NET application and then try to run ate application I get the following error: Security Exception Description: The application attempted to perform an operation ... |
|
| Extend context.user.identity (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi All, Is it possible to easily extend context.user.identity? I'm doing a forms authentication against a sql database, I return some extra data like clientID,FirstName,CompanyName,... I would like to make these available through my application using ex: context.user.identity.ClientID context.user.identity.FirstName context.user.identity.CompanyName ... Is this possible or is there another (and be... |
|
| Problem w/ Deleting Records... (8 replies) |
| ASPFriends.com 'aspngsec' list |
| I am having a very strange thing happen... I set the folders where my database resides in Windows XP to Full Access (Read Write).. When I run and launch my ASP.NET application, I am receiving errors trying to delete records in a table. (Can't delete from specified tables) I close my application and launch Windows Explorer and for some reason the folder where the database file resides is set back t... |
|
| web.config connection string? (3 replies) |
| ASPFriends.com 'aspngsec' list |
| In the web.config file to store the database connection string it exposes cleartext password to sensitive database. Like this appSettings add key "DBI.ConnectionString" value "Provider OraOLEDB.Oracle.1;Password mypass;Persist Security Info True;User ID me;Data Source SGUCode;"/ /appSettings ****************************** Is there any another solution that does not expose the password in cleartext... |
|
| Trying to change Temporary ASP.NET Files directory (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, I am trying to change to location fo the Temporary files that .net sticks the assemblies once compiled. I am using: compilation tempDirectory "C:\websites\S\site1.com\temp\" debug "false" explicit "true" defaultLanguage "vb" / But when I try to run an aspx page, I always get an error: Failed to create temporary files directory 'C:\websites\S\site1.com\temp\root\d5eda910\1b06d7a2'. Access de... |
|
| ASPNET User Security Issue (12 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspappsecurity] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Moved from [aspngvs] to [aspappsecurity] by Tim Musschoot Tim.Musschoot@rug.ac.be Hello, It seems that when you are running an asp.net app, the security context runs under the ASPNET user account, not the IUSR Machinename that is defined in the IIS MMC. In a shared hosting environment, this might be dangerous if you... |
|
| web.config 101 (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have some simple asmx files running on my web server. When I have NO web.config file the following code runs BUT if I stick in my web.config it gives me an unauthorized message. %@ WebService Language "C#" Class "ADOWebSvc" % using System; using System.Data; using System.Data.SqlClient; using System.Web; using System.Web.Services; [WebService(Namespace "http://www.oreilly.com/webservices")] publ... |
|
| Using Widows domain accounts inconjunction with database/Enterprise Services defined roles (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Anyone have some concise sample code that integrates Windows domain accounts security along with roles/groups contained/defined within a database or possibly Enterprise Services? (formerly known as COM Services) What I'm looking to do is utilize existing Intranet accounts while applying a custom user group structure (as developers don't often have the ability to have the IS department define domai... |
|
| Information on user (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Yannick Smits dotnet@stepcompany.com !DOCTYPE HTML PUBLIC " //W3C//DTD HTML 3.2//EN" HTML HEAD META HTTP EQUIV 3D"Content Type" CONTENT 3D"text/html; charset 3Diso 8859 1" META NAME 3D"Generator" CONTENT 3D"MS Exchange Server version 5.5.2652.35" TITLE Information on user /TITLE /HEAD BODY BR P FONT SIZE 3D2 Hi all, /FONT /P P FONT SIZE 3D2 How do I ge... |
|
| Email (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by devin devinr@drone interactive.com Hello everyone. I'm learning asp.net and just tried to use the system.web.mail namespace and received an error about security. I'm working through Wrox's Beginning ASP.net using vb.net. In the book errata, they did address the security issue and had instructions for setting "write" permissions for the folder containin... |
|
| Is there a way to Enumerate the GenericPricipal object's roles array? (5 replies) |
| ASPFriends.com 'aspngsec' list |
| I've written some code that for each request, looks up user roles in a database, creates a GenericPrincipal object and populates the roles assigned to that user (see Application AuthenticateRequest below) I can then do things like: Label3.Text Context.User.Identity.Name.ToString() " br "; Label3.Text " is a member of role Manager: " User.IsInRole("Manager") " br "; However, I would like to be able... |
|
| Form Authentication and Roles (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I have users with three different levels of authorization, each level will give them access to a specific sub folder of the web. Ideally, higher levels of authorization will include authorization to all lower level folders. I can not use Windows Authentication. What are my options to simulate roles with form authentication? different cookies for different roles role stored in session etc. I'm ... |
|
| Default page in form authentication (9 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngstart] to [aspngsec] by Cain Marco juggernaut@aspelite.com How do you change the default page from default.aspx when using forms authentication? |
|
| What Sets IsAuthenticated=True (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Cain Marco juggernaut@aspelite.com I have a forms based application that is giving me fits. I noticed that, in a location where the IsAuthenticated property had been True, it was now false and the was not working as expected. I am wondering if I have a setting that is invalid?? Can anyone tell me what sets the IsAuthenticated property to True what cons... |
|
| Thread.CurrentPrincipal question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Ok, I went through the process of extending IPrincipal to suit my applications needs, and it works GREAT....for the first page hit only. I assign my custom IPrincipal object to Thread.CurrentPrincipal in the global.asax Application AuthenticateRequest evtn. It was my understanding that by assigning it to Thread.CurrentPrincipal in that event in the global.asax, would make my custom IPrincipal avai... |
|
| form auth and pdf files (5 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Has anybody run into this problem? I have setup form security on my web site. On the site, I am securing a few dir with exe,zip and pdf files using a Web.config that deny access to unauth users. I've setup my machine.config to go to my login page and setup the login page. I have also mapped exe,zip and pdf files in IIS 5.0 to be handled by the ASP.net dll (aspnet isapi.dll) only on GET and HEAD ve... |
|
| 2 levels of authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| In my web.config in the root folder, it has forms authentication setup. I want to have a /Admin section with its own web.config. I have created a /admin folder with another web.config which allows only a certain user. The problem is that if I access the admin/index.aspx page it directs me back to the login.aspx page setup in the root's web.config. I want to have a separate login page for the admin... |
|
| Forms Admin with two Secure Areas and two logins? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have a site that uses forms authentication for controlling access to a directory structure. I now want to secure another directory structure on the site with a different login page. The settings in the web.config file are as follows: authentication mode "Forms" forms name ".CharitySkillsAUTH" timeout "30" protection "All" loginUrl "/login.aspx" path "/" / /authentication authorization allow user... |
|
| Move IIS off the c: drive? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| So to move my inetpub directory off the c: drive (this is still recommended right I did not see it in any MS checklists though), I just physically move the inetpub to d and use MetaEdit? BTW that MS (and a lot of others) link is dead. Original Message From: Rob Caron [mailto:robcaron@microsoft.com] 20 Sent: Tuesday, June 04, 2002 4:39 PM To: aspngsec Subject: [aspngsec] RE: [aspsecurity] Re: Secur... |
|
| Enumerate the GenericPrincipal's roles ?array (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I've written some code that for each request, looks up user roles in a database, creates a GenericPrincipal object and populates the roles assigned to that user (see Application AuthenticateRequest below) I can then do things like: Label3.Text Context.User.Identity.Name.ToString() " br "; Label3.Text " is a member of role Manager: " User.IsInRole("Manager") " br "; However, I would like to be able... |
|
| Impersonation - uggrr (7 replies) |
| ASPFriends.com 'aspngsec' list |
| !DOCTYPE HTML PUBLIC " //W3C//DTD HTML 3.2//EN" HTML HEAD META HTTP EQUIV 3D"Content Type" CONTENT 3D"text/html; charset 3Dus ascii" META NAME 3D"Generator" CONTENT 3D"MS Exchange Server version 5.5.2652.35" TITLE Impersonation uggrr /TITLE /HEAD BODY P FONT SIZE 3D2 Hi , /FONT /P P FONT SIZE 3D2 Ambrose gave me some impersonation control I have allowed my MACHINENAME\ASPNET to run as part of OS b... |
|
| Impersonation - again (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, First of all, apologies in advance for what seems to be the beating of a dead horse. I've poured over the docs and the discussions, but I can't find an example that quite meets my scenario. SCENARIO: ASP.NET webserver on Intranet using Windows authentication. Webserver needs to create directories on a Linux server running Samba based on user input. Samba configuration grants certain users ... |
|
| Forms Authentication and non .net pages (2 replies) |
| ASPFriends.com 'aspngsec' list |
| We have an old ASP site that is made up of .asp pages and .pdf, .ppt and .zip files for download. We now want to add to it and are planning on using .Net. Currently each ASP page checks for a session variable to ensure the user is logged in and each file has an asp extension to ensure this works even though there isn't any other scripting in the pages. If we re wrote the login page and moved over ... |
|
| Network Dir (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Network DirHi all, I have tried ALMOST everything I can think of I have spent the whole of yesterday and today reading about the system.io class and all it can do but I hit a hard and frustrating wall when trying to use the directory.create(\\myremoteserver\share\newfolder) I keep receiving can not find path \\myremoteserver\share . When i try a file.delete(\\myremoteserver\share\myfile.txt) then ... |
|
| Resolving DNS names with DNS.GetHostByAddress (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm having quite a bit of trouble getting the System.Net.Dns class working in my asp.net application. Below is the simple line of code causing me grey hairs: Response.Write("host name:" Dns.GetHostByAddress(Dns.GetHostByAddress(Request.UserHostAddress ).HostName); Hitting this page from the internal network resolves the machine name, but hitting this page from the internet, outside of the local ne... |
|
