.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security: Safer Authentication with a One-Time Password Solution

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

View Complete Post

More Related Resource Links

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

Crystal Report Asking for Database Authentication each time when I view Page.


Whenever I open my Crystal Report page, I am taken to the Database Authentication page where I am asked for

User name
Data Name

each time.

Is there a way to avoid this and I save these authentication in my page once.

I am using VS2005, C#.

Any Help will be appriciated.


Security Briefs: Password Minder Internals


In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.

Keith Brown

MSDN Magazine October 2004

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Password / Application Security.


I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtec

I have a windows service that runs on client machines and connects to a WCF service on a server.  This windows service seems to work fine on Windows XP, Vista and 7  machines, but when I try and run it on a Server 2008 R2 machine I get the following error: System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for system.serviceModel/bindings: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'. (C:\Program Files (x86)\MyFolder\MyApp\MyAppWinSVC.exe.Config line 4) ---> System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.    at System.ServiceModel.Configuration.HttpTransportSecurityElement.get_Properties() I have the 3.5 sp1 feature installed. The only thing I have found online that is remotely similar is this MS hotfix: http://support.microsoft.com/kb/2262911 But when I try and apply it, it says that it isn't for my computer. Does anyone have any ideas how to resolve this issue?

LDAP - directory entry issue with out user and password using impersonate and windows authentication

Hi All I am using the below code to fetch the user information from LDAP             DirectoryEntry entry = new DirectoryEntry("LDAP://DEV");             DirectorySearcher searcher =  new DirectorySearcher(entry);             SearchResult result;             searcher.Filter = "samaccountname=testuser";             result = searcher.FindOne(); here i am using windows authentication always and along with that when i enable the impersonate = true ,  the code fails at "result = searcher.FindOne();" with message "object reference not set to instance of an object "  also with the same code if i give the username and password along with the impersonate tag >> it works  or if i am using the user and password along with the DirectoryEntry  object then also it will work  but it fails with same user that i gave in impersonate tag / directory entry object with windows authentication enabled  and the  user logged to the application and no username and password tag in directory entry / impersonate tag  Interesting thing is that  in our development server ,  i am able to execute the same code with out user name p

Remember password is not remember on ever time

Hi,  I am using sql server 2008 client while connecting to server i have given the correct password and click on remember password option.But next time i click on connect with same user it throws error like 'login failed for the user.'.  Any one know the resason please let me know. Thanks in anticipation.

IE8, AJAX and SSL - Solution to mixed content security warning!

 Hi everyone, I've searched this forum and the web for an answer to my problem, but haven't quite found the answer. My corporate site is using Asp .Net 3.5, AJAX and SSL to secure certain pages. The problem is that IE8 throws a message about unsecure content while IE7 and Firefox do not. I know this issue has been discussed ad nauseum (remember, I've done a lot of research), however, I have specifically isolated the issue down to adding the <scriptmanager> control on an AJAX page requiring SSL. With nothing else on the page (e.g. no images or script references), just a simple .aspx page, add <scriptmanager> and IE8 will display the message and IE7 and FF will not.  Based on my reasearch, the issue is most likely related to the scriptresource and webresource handlers, however, I don't know enough about the inner workings to do any good. Here's what I tried... Manually set the scriptpath property of scriptmanager to specify where to find the AJAX scripts. The scriptmanager uses the system.web.extensions assembly (which packages all the AJAX js), so I manually downloaded the library from ajax.asp.net site, copied the js files to a scripts directory and made reference in the scriptmanager directly.  Using Fiddler2, I could see that the references now appear to be SSL, and I know it was working because

Changed to claims based authentication, now I can't access my site. Please help! Time is of the ess

I am in a pretty big bind. I have a sharepoint 2010 site, that was using classic windows authentication. It worked fine from the inside, and I was able to extend it to the outside and it was using https with an SSL certificate. However, my performancepoint reports and my external lists weren't working when the site was accessed from the outside. Apparently this is a known issue with using classic authentication on the outside, so I tried to switch over to claims based authentication. I followed this guide: http://blogs.technet.com/b/wbaer/ar...point-2010.aspx I obviously changed the contoso stuff to my domain name, and changed all of the config files. The problem is, now I can't access the site at all from the inside or the outside. Here is the error I get in my logs: code: An exception occurred when trying to issue security token: Could not connect to [url]http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.[/url] TCP error code 10061: No connection could be made because the target machine actively refused it . My Sharepoint Central Administration site gives me this warning: code: The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state. Remedy Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, f

Office SharePoint - Mutual Authentication Failed. The servers password is out of date at the domain

I have a SharePoint Server 2010 site setup with SSL. (https://sitename.com) Whenever someone tries to save an Excel or Word document to the site through Save As or Save To SharePoint they get "Mutual Authentication Failed. The servers password is out of date at the domain controller". The desktop experience feature is installed and the webclient service is running. They also receive certificate is not available and if they wait a little bit or hit OK it will show the directory and not the website like on a regular http site.  

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


Security and Authentication


Hi, Everyone:

If anyone can please help me with this issue I would gladly appriciated and I thank anyone that can help and that takes the time to view this post. I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that  enables a user to be able to see a dataBase information only after that user has been successfully authenticated. Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, can anyone please direct me in the right path to how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members, thank you.

report builder prompts for password with forms authentication


I have implemented forms authentication with ssrs 2008 r2. The problem is when I try to go to report builder it prompts for a user name and password. This doesn't work with the way we have our authentication setup. I have tried adding implementing the following:


but it still prompts for a username and password. Is there a way around this?

Security settings for this service require Windows Authentication but it is not enabled for the IIS




We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend