Home All Groups Group Topic Archive Search About

.NET Security

microsoft.public.dotnet.security
Score License File Generator Using Digital Signatures
mr.mike.ward - 19 Mar 2005 11:03 PM - 6 messages
I've written a license file generator in C# that generates a signed XML file for use in another program. I need to give this generator to a third party (ShareIt.com) so they can generate license files when a ...
Score ildasm
vhoward - 19 Mar 2005 9:01 PM - 4 messages
hi, i use compact frameword and c# to program on pocket pc is there a way to prevent user to examine constant in a .exe using ildasm ? thanks in advance ...
Score Re: RSA Encrypt/Decrypt Problems
Michel Gallant - 19 Mar 2005 1:25 PM - 8 messages
Typically ... RSA encryption is meant for encryption of small amounts of data (like secret symmetric keys). The related concept of enveloping (combination of bulk symmetric encryption of data, combined with RSA encryption of that secret symmetric keys to recipient(s)) ...
Score SecurityCritical, SecurityTreatAsSafe and SecurityTransparent Attributes?
Jesse Towner - 19 Mar 2005 1:02 PM - 3 messages
I noticed these intriguing classes have been introduced recently into the .NET Framework 2.0. However, documentation for them seems to be lacking, and google search turns up nothing. I was wondering if someone could be generous and comment on the usage ...
Score RSA Encrypt/Decrypt Problems
Joseph MCAD - 18 Mar 2005 11:53 PM - 11 messages
March 18, 2005      I am trying to encrypt messages typed in a textbox by encrypting them using RSACryptoServiceProvider. If the text is shorter than about 1/2 a sentence, then it works fine. If it is longer, say: "This is my message. It ...
Score ASP.NET roles, authentication
Neel - 18 Mar 2005 7:20 PM - 2 messages
Hi all, I am creating a web page (asp.net) with AD authentication (LDAP), I have few set of roles created for this project. I have roles1, roles2, roles3, roles4 Based on the above roles, i have to pull the data from a database for ...
Score full trus and 1.1 SP1
AndrewEames - 18 Mar 2005 6:17 PM - 2 messages
I just applied 1.1 SP1 and I am seeing some changes in behavior wrt. security If I set my security level to no trust, my .NET application will now actualy execute until Application.Run (previously, it wouldn't even start up without ...
Score Security - newbie Q
Steve B. - 18 Mar 2005 5:15 PM - 1 message
I have a local Form and ADONet application created in Visual Studio utilizing MS-Access and is compiled (Released) to the public network drive.  Each time I create a new VS project or dll I have to go to each users machine and use ...
Score authentication and access control (.NET socket connection)
Dan - 18 Mar 2005 5:14 PM - 1 message
Hi, Can someone point me in the right direction on a really simple access control issue?  Here is the situation: 1. an app on a client computer connected to internet and executes this kind of code: acceptor = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ...
Score Re: Remoting security
K. Prafulla - 18 Mar 2005 3:11 PM - 1 message
Hi, There is nice way by which we can have encrypted communication between client and server in .Net Remoting. You will have to use ClientSink and ServerSink. So all communication which goes over wire, will be encrypted. I guess this will solve your concerns. ...
Score enableViewStateMAC and 3DES
Dominick Baier [DevelopMentor] - 18 Mar 2005 1:55 PM - 1 message
grab a tool called GenerateMachineKey from [link]   ....this does the magic for you. --- Dominick Baier - DevelopMentor [link]    nntp://news.microsoft.com/microsoft.public.dotnet.security/<d39c956e.0503180129.4e2e3***@posting.google.com> ...
Score Disable concurrent login to web app
Chris - 18 Mar 2005 1:55 PM - 1 message
Is there a way to disable concurrent login to a web site or web app without using session variables? Thanks in advance. ...
Score How do I test enableViewStateMAC?
Dominick Baier [DevelopMentor] - 18 Mar 2005 1:54 PM - 1 message
first of all - EnableViewStateMAC does _not_ encrypt the ViewState (the docs are wrong). This setting creates a MAC (Message Authentication Code) and appends that to the viewstate before sending to the client. After the post back to the server ASP.NET calculates the MAC again and finds out if someone tampered the data on the client. ...
Score How do I test enableViewStateMAC?
Simang - 18 Mar 2005 9:44 AM - 1 message
Hi, Im just wondering, I set the enableViewStateMAC to true and the machineKey validation to 3DES is my web.config. How do I test my asp.net pages if its really working? Thanks! Mayet ...
Score enableViewStateMAC and 3DES
Simang - 18 Mar 2005 9:29 AM - 1 message
Hi, I am trying to encrypt viewstate in my ASP.NET web site. I put these items in the web.config.. <pages enableViewStateMac="true" /> <machineKey validation="3DES"/> However, when I tried to access the .NET pages, I encountered the ff error: ...
Score Security Exception due to Medium trust level
vrush Deshpande - 18 Mar 2005 5:43 AM - 2 messages
Hello, We have a web application developed in ASP.NET and MySQL database. The code works fine if trust level of web server is kept high for ASP.NET. It seems all service providers keep trust level Medium by default. ...
Score XML encryption
tragic_hip - 17 Mar 2005 8:13 PM - 1 message
I'm looking to encrypt some xml elements, and I'm trying to be as standards complient as I can (although strictly speaking, it's not a requirement). Looking at [link] I want to encrypt the my AES key, IV with RSA, and then encrypted the ...
Score Re: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903)
revtomd - 17 Mar 2005 7:29 PM - 1 message
mkaone wrote: Yes, I am having this same problem. I tried to removed .Net\framework 1.1 and now I get "Fatal Execution Engine Error (0x7927e03e). Have have tried safe mode restore and then remove, but still get fatal error message. I have gone on microsoft site and can not find any info on this problem. has anyone really sovled this problem? -- revtomd ------------------------------------------------------------------------ Posted via [link] ------------------------------------------------------------------------ View this thread: [link] ...
Score Need TRIPLEDES and TRIPLEDES3KEY Functions
Basheer - 17 Mar 2005 4:49 PM - 1 message
Hello INFO: bin -  ssod is working OK. when I change passwd on the windows side it changes on the UNIX side. But we also want to change password on an ERP application. I.e if windows passoword is changed, then change the unix side password - then call a ...
Score A single page from an existing application under SSL?
Mike Owen - 17 Mar 2005 8:13 AM - 4 messages
I have developed an application which all works fine, and runs under a normal non secure connection, e.g. [link] . I now want to run just a single page, that already exists in the ...
Score How do I get the current logged in user in Windows Forms
anonieko - 16 Mar 2005 10:19 PM - 1 message
You can get the Windows Principal and User Name by the following: System.Security.Principal.WindowsIdentity.GetCurrent() System.Security.Principal.WindowsIdentity.GetCurrent().Name ...
Score ASP.NET security for a combined intranet/Internet site
gauty - 16 Mar 2005 9:53 PM - 2 messages
Hi, I'm writing an application using forms authentication, and have implemented roles-based authorization using custom Principal and Identity classes. This is all working fine, but now the client wants to bypass the forms authetication when an intranet user is accessing the ...
Score what would disable certificate export?
nicole - 16 Mar 2005 9:42 PM - 2 messages
I have several certificates in my user store. When I inspect them with MMC snap-in, I can see that I have the private keys. When I try to export them, it doesn't let me export private keys. I am pretty sure ...
Score any way sending S/MIME signed email with asp.NET ?
ron - 16 Mar 2005 4:05 PM - 3 messages
...
Score Re: Custom IPrincipal and declarative security checking
Dominick Baier [DevelopMentor] - 16 Mar 2005 1:34 PM - 2 messages
My point is that you run in even bigger trouble when you only copy the IPrincipal to Thread.CurrentPrincipal - a common mistake i have seen. Do you have a practical example of code that demands PrincipalPermission before HttpApplication.SetPrincipalOnThread is run (besides code you've written yourself in AuthenticateRequest) ? ...
Score Java encryption <--> .NET encryption
Gawel - 16 Mar 2005 11:56 AM - 2 messages
Hajo, I need to exchange encypted data between ..NET and Java environments. The first problem I encountered is that symmetric ciphers in .NET needs initialization vector and Java counterparts don't. Can some one point me out the place where I can find any practise and ...
Score Re: Custom IPrincipal and declarative security checking
Dominick Baier [DevelopMentor] - 16 Mar 2005 8:08 AM - 1 message
download [link] put the ashx file in a web app and run it through your browser - you'll see the DefaultAuthentication event (this one is hardwired and you will not find a registration in the HttpModules section in machine.config). ...
Score Re: RSACryptoServiceProvider
Ignus Fast - 15 Mar 2005 11:46 PM - 1 message
I wish I knew the answer to this one, since I'm having problems with it myself.         Ignus ...
Score CryptographicException problem on Server 2003
dingfahd - 15 Mar 2005 9:13 PM - 2 messages
This is my first attempt at cryptography, and I'm a bit stumped.  The following code is meant to encrypt an image on a client, then decrypt the image on a server.  When the client and server are both running on the same ...
Score ASP.NET - Impersonation - CoInitializeSecurity, CoInitializeEx
POnfri - 15 Mar 2005 9:09 PM - 1 message
I am having a ASP.NET application that makes calls to a COM Component. The COM Component has calls to CoInitializeEx, ConitializeSecurity etc. What Thread options and Impersonation and capabilities I have to set for these calls. Actually, I tried with the default ASPNET and impersonating the web ...
Score Custom validation of mixed .dlls in a rights managed application
Bern McCarty - 15 Mar 2005 3:01 PM - 1 message
We have a large desktop application that supports a home-grown rights management capability.  It is written in C++/MEC++ under .NET 1.1  The application is very extensible.  During a right's managed session the extension loader will perform custom checks on a native extension .dll to ...
Score Custom IPrincipal and declarative security checking
Baileys - 15 Mar 2005 1:29 PM - 6 messages
Hi, I'm having trouble getting declarative checks (using PrinciplePermissionAttribute) to work with my custom IPrincipal implementation in a web scenario. I created a custom principal class (MyPrincipal), implementing the IPrincipal interface I added code to the global.asax Application_AuthenticateRequest handler to ...
Score Certificate install impossible - W2K & MMC
Matthew.DelVecchio - 15 Mar 2005 2:04 AM - 2 messages
hey gang, i am a developing webapp that requires a client-side certificate in order to consume our partner's webservice. i have finished this app and, on Windows XP, i can install their cert via MMC and everything is ...
Score Re: best practice for encrypting in app
Dominick Baier [DevelopMentor] - 14 Mar 2005 11:56 AM - 1 message
i also wrapped the wrapper in a single aspx file (and a gui and command line version) ready to use [link] --- Dominick Baier - DevelopMentor [link] ...
Score Code Access Security - User Policy Level
Kjetil Kristoffer Solberg - 14 Mar 2005 10:19 AM - 3 messages
How can I set Code Access Security, User Policy Level, policy for a certain user on a machine? regards Kjetil Kristoffer Solberg ...
Score Remote WMI Queries to Security EventLog Using System.Management in
ITbhikkus - 13 Mar 2005 7:57 PM - 1 message
Hi, I have been searching the web for some time, trying to come up with a solution to my dilhema. I am using Microsoft Visual Studio 2003 .NET with the .NET Framework 1.1 to write an application to automate a process for server administrators who are ...
Next »