.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

ASP.Net Forms Security Flaw

Posted By:      Posted Date: September 15, 2010    Points: 0   Category :ASP.Net
Hi allWas pointed in the direction of this today:  http://visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspxCan anyone shed any light on this? I'm keen to know if I need to make any changes to our websites that use Forms authentication, the article is a little vague IMO and as comments on the article suggest, SHA1 is the current default for Forms.ThanksKev

View Complete Post

More Related Resource Links

Security: Unify Windows Forms and ASP.NET Providers for Credentials Management


The .NET Framework 2.0 provides custom credentials management to ASP.NET apps out of the box. Using it, you can easily authenticate users without using Windows accounts. In this article the author presents a set of helper classes that let a Windows Forms application use the ASP.NET credentials management infrastructure as easily as if it were an ASP.NET application.

Juval Lowy

MSDN Magazine April 2005

Windows Forms: .NET Framework 1.1 Provides Expanded Namespace, Security, and Language Support for Yo


With the much-anticipated release of the .NET Framework 1.1, developers are eager to know what's been added to their programming bag of tricks. In this article, the author focuses on new developments in Windows Forms, such as namespace additions, support for hosting managed controls in unmanaged clients, and designer support for C++ and J#. Integrated access to the Compact Framework and new mobile code security settings also make this release noteworthy. Along with these features, the author reviews the best ways to handle multiple versions of the common language runtime and highlights some potential pitfalls.

Chris Sells

MSDN Magazine March 2003

.NET Zero Deployment: Security and Versioning Models in the Windows Forms Engine Help You Create and


Windows Forms applications solve many of the problems inherent in building Web applications the old fashioned way?with HTML. To demonstrate the use of Windows Forms over the Web, the author takes his existing app, Wahoo!, and ports it to Windows Forms. In doing so, he discusses versioning, linked files, security, storage isolation, the deployment model, and everything else you need to get started building your own Windows Forms apps for the Web.

Chris Sells

MSDN Magazine July 2002

provide detailed security configuratin for web forms

hi I'm considering solutions for enforcing a security model to porvide much more than granting or denying access to a person or group of people. I need to indicte which controls on the page can user take advantage of based on its group. for example there might be a form that users can Create Retrieve Update Delete some contents. I want to restrict a specefic group of people from Updating And Creating date. but I don't have a seprate web form for each of them. all of the stuff is done in a single page.   kind regards to those who readI'm waiting for smart replies. Thank you.

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Routing for Web Forms in ASP.NET 4.0

posted a prototype demonstrating how one could use Routing within Web Forms. This is something you can do today with ASP.NET 3.5 SP1, because of the work we did to separate Routing from ASP.NET MVC. I would have liked to include Web Form Routing as part of the Routing feature when we were working on SP1, but we didn't have the time to do so in a robust manner before SP1 was locked down.

Application Architecture in Windows Forms 2.0

Applications have special support in Windows Forms. For starters, you can manage and tailor your application's lifetime, and, when the work flow is disrupted by an unhandled exception, you can choose from several methods of response. Then, there are several application models that you can employ, including Single Document Interface (SDI) and Multiple Document Interface (MDI) applications, each of which can support either multiple-instance or single-instance mode, the former the VS05 default and the latter requiring special consideration. All applications, however, can discover and use a wide variety of information about the system and environment they execute in.

Application Architecture in Windows Forms 2.0-Single-MDI Applications

Consider an MDI application like Microsoft Excel; files opened from the file system (by double-clicking) are all opened as separate child windows within the parent Excel window.7 For the first instance of an MDI application to open a new child window to display the file that was passed to the second instance of the application, the second instance must be able to communicate with the initial instance.

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Determine whether Forms Server is installed on a server

Check whether the Microsoft.Office.InfoPath.Server.dll and FormServer.aspx files are installed on the server.

How to programmatically add controls to Windows forms at run time by using Visual C#

Create a Windows Forms Application
Start Visual Studio .NET or Visual Studio 2005 or a later version, and create a new Visual C# Windows Application project named WinControls. Form1 is added to the project by default.
Double-click Form1 to create and view the Form1_Load event procedure.
Add private instance variables to the Form1 class to work with common Windows controls. The Form1 class starts as follows:

How to Localize Windows Forms and Change the Language at Runtime

Localization is the process of customizing your application to a particular language, culture or locale. Visual Studio provides support for localizing Windows Forms with much ease. In this article, we will see how to localize windows forms and give the user the ability to change to his preferred language at runtime.
When you run a localized application, the appearance is determined by two culture values. The UICulture property is used to specify which resource files will be loaded for the form. The Culture property, on the other hand, determines how strings such as dates, numerals, and currency amounts are formatted.
Let us see the steps required to create a localized form. You can then expand this example and adopt the same approach for the rest of the forms in your project

Localizing Windows Forms

The Visual Studio project system provides considerable support for localizing Windows Forms applications. There are two ways to generate resource files using the Visual Studio development environment: one is to have the project system generate the resource files for localizable UI elements such as text and images on the form. The resource files are then built into satellite assemblies. The second way is to add a resource file template and then edit the template with the XML Designer. A reason for doing the latter is to make localizable strings that appear in dialog boxes and error messages. You must then write code to access these resources.

This walkthrough topic demonstrates both processes in a single Windows Application project.

You can also convert a text file to a resource file; for more information, see Resources in Text File Format and Resource File Generator (Resgen.exe).

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend