.NET Security

We have designed a simple forms authentication ASP.Net 1.1 application to access an existing static website (thousands of .htm pages).  The application authenticates against a SQL server.  Also, the authentication ticket is not setup to be persistent.  The application works great as long as we access .aspx or any .Net extension.  Even though I have entered a Application Extension Map for .htm to the aspnet_isapi.dll, after the first login, the forms authentication does not function for the .htm files.  Now, if you quit the browser session and then start up a new session and go to a .aspx page or any page with a .Net extension, the login starts working again.  It's real evident that the authentication ticket/cookie is working just fine for the .aspx files but not the .htm files.  This occurs on both Windows 2000 and 2003.  Help!!! ...

How do I get a windows application to run as a different user.  I am user A and I want to act as user B.  I need to copy files out of a shared directory on a server that user B will only have access to.  In ...

I have a .NET web application that access the local file system and it will not run on Windows Server 2003. I have tried setting all of the security policies I can find, changedf the permissions on the directories, made sure the dll's are fully trusted, given ...

I have been grappling with ?cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present)? on SharePoint for the last few days, incorporating some procedures gleaned from the net and msdn.microsoft.com but I have not beaten it yet. ...

We are in the process of migrating an intranet web server from a Windows 2000 box to a Windows 2003 box. In migrating OSs and from IIS 5 to IIS 6, we've noticed a significant difference in how Windows integrated security ...

I have no clue what's happened. About a month or so ago I developed a VSTO app that used WSE 2.0 SP2. I created a setup project that correctly installed the app and set the policy correctly. All deployed and ran properly. ...

Hi all, I need to know the user privileges (does user have administrator privileges) .. Which  c# api's should i use? Thanks a lot ...

I am writing a web app that uses windows authentication. I have a logout button in the app that abandons session and returns the user to the main page of the application. I would like to force the user to provide their windows ...

Hi, I have an application that sends a .NET (C#) web service an base64 encoded string.  This string sometimes includes extended ascii, e.g. é ù ô and when I try to decode this string in the webservice using: ...

Hi all! I need to set folder security to full control to everyone is it possible from code (without calling any external applications and sripts) ? example would be nice. Thanx ...

Hi everybody I've installed my web application on a IIS6 (Windows 2003) but I've difficulty to share caching in Application and Session scope between .NET and ASP. It works on a II5... I'm sure it's something about security - but what? ...

Does anyone can point me out to good articles or documents which clearly explain the security under .Net framework I try to follow something but I am really getting lost indeed, a lot confuse with the code security and security of the operating system also how they are ...

I am in the same situation as yours. Simply trying to undersatand what is going on when a compoent is in a way lisence with the Validating function. Of course I undersatnd that the component is license at that point but then what ...

Hi We have windows application and have created our own custom principle & identity objects that implement IPrinciple and IIdentity. When a user logs into our system we set the threads principle to our custom principle object by calling Thread.CurrentPrinciple = blah. This all works great for role ...

I have created a web app and now I want to make sure that it only has execute rights to run.  Below is what I put in the assembly file.  Is this correct?  'Allow this web app to execute ...

We retrieve data from a company called XYZ through httpwebrequest. The program is coded using VB.NET They have given a certificate to install. This certificate is included with the request object.I use httpwebrequest to retrieve data. The certificate is added to the client certificates ...

Hello, I want to encypt a small ( I'm aware that max 117 bytes may be encryptes with RSA ) portion of data with private key and later to decrypt it with a public key which will be embeded in my code. ...