Accessing IIS integrated security website from .NET application?
So I have an application on webserver1 using FORMS authentication (allows anonymous access to login page so running under ASPNET account). In this application there are links to a website on webserver2 that does not allow anonymous access and requires windows integrated security. So basically when you click on a link from the application to webserver2 an authentication popup window appears.  What I'd like to do is pass the authentication information from my application (on webserver1) to webserver2 so that the page I'm calling (via a simply linkbutton) does not produce an ...

(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security in .net
Dear friends i have created applications projects and also  give the permission to download through web.but every month client have to  get new registration number then only that applications will work.other wise it will get expires .give the idea how to do that .. Hi, inbaathere are a lot of ways to implement such an application. You have 2 main choices to make - to use the direct URL to your file (for example http://yoursite.com/downloads/somefile.zip) or to use common download page ( for example http://yoursite.com/download.aspx?fileId=23423154243 ).1) If you choose the first ...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Security Briefs: Security Enhancements in the .NET Framework 2.0
Security Briefs: Security Enhancements in the .NET Framework 2.0 http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/default.aspx *********************************************************** Quote *********************************************************** As I write this column, version 2.0 of the Microsoft .NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.1 as well as 2.0. I then used WINDIFF.EXE to compare the two text files, and s...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

.net Security
Hi.Please explain me about declarative security & imperative security.Thanks in advance.(If this has answered your question, please click on "Mark as Answer" on this post. Thank you!)Best Regards,Michael SyncMicrosoft WPF & Silverlight InsiderBlog : http://michaelsync.net Declarative security is where you establish Code Access Security requirements through the use of attributes attached to classes and methods. Imperative security is where you interact with the security engine using method calls.RegardsDave Thanks so much..(If this has answered your question, please clic...

about net security
Name: Nasir Email: nasi81ataoldotcom Product: Firefox Summary: about net security Comments: Dear Sir Please tell me that if I use firefox for browsing any type of web site, can it would be checked by my administrator that which type of web sites are to be open at my system or not? Mean the Administrator can check or not the sites which I used to open at my system? Waiting your reply Thanks & Regards Nasir Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note ...

Is .NET Secure?
Here's the scenario. I want to develop a website that is hosted by a third party (shared web host initially) that contains sensitive data.    I encrypt / decrypt the data (that is stored on the SQL server encrypted) at the data access tier to StringBuilders and pass them up the business logic layer to the presentation layer. When the data hits the presentation tier, in this case the web page, I must convert them to String so that I can display them as you cannot simply point web controls to StringBuilders . When the page is rendered, these strings&nbs...

Security in .NET
hi All, I m make a application, here, user can view some page or some not, So which type of security i can use, Page Level security means, every time when page,this check user is valid or not, or User level, means every time user login, check those pages user can visit. which type of tecnique is best regarding security and performence... plz discuss in detial thanx in advance Sajjad Please Mark as Answer, if the post Solve your Problem__________________________Regards,Sajjad RizviC U ON NETreply me : sajjaddotnet@yahoo.com Windows authentication  - for intranet scenarios. F...

what is the use of code access security in .net
Hi,   what is the use of code access security in .net, and how to work in .net 3.5 If you have your code running in separate assemblies then you can restrict the permission set for that assembly by using CAS.You could restrict a desktop application from making DNS requests for example. This section of msdn is devoted to explaining the concepts and usage of Code Access Security:http://msdn.microsoft.com/en-us/library/930b76w0.aspx Hi good example of CAS is Microsoft SharePoint (WSS 3.0). While Creating your own web parts for sharepoint you will required CAS for your WebPa...

.Net code access security has no effect.
Hi All. I have built a library -MyLib.dll -  for my asp.net application that has been signed using public-private keypair made from sn.exe. I signed it from the signing option in visual studio 2005 and gave the public-private key pair file. I had already added  the StrongNameIdentityPermissionAttribute to one of my classes inside Mylib.dll like the follwowing namespace Test { public class Sample { [StrongNameIdentityPermission(SecurityAction.Demand, PublicKey = "...")] public static void SayHello() { System.Diagnostics.Debug.Writ...

Accessing .NET Component in PB
Hi guys. I know this is not the right place to ask this question but I really need your help fast. The other company made a COM object in .NET 2.0 which manages connection to web service and signing of xml file. We copy those dll files to location where app using it is running, use regasm.exe to register the component and out tests using it were !successful!. BUT. If I run application as administrator it all works perfectly, but if I run application as "user" oleobject.connecttonewobject returns 0 - success but function calls fail and return message says something like...