.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Crash Course: Analyze Crashes to Find Security Vulnerabilities in Your Apps

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Here the authors analyze program crashes to help you understand if you have the potential for read or write violations in your applications, and how they can lead to security vulnerabilities.

A. Abouchaev, D. Hasse, S. Lambert, and G. Wroblewski

MSDN Magazine November 2007

View Complete Post

More Related Resource Links

Code Reviews: Find and Fix Vulnerabilities Before Your Application Ships


Code defects can be found using many approaches, but manual code reviews stand out in terms of precision and quality. We provide some best practices for planning and executing code reviews on your own team.

M. Chmielewski, N. Clift, S. Fonrobert, and T. Ostwald

MSDN Magazine November 2007

Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps


In this article, the author presents an extension to the Security Development Lifecycle Which could promote a better flow of information between users and designers of software security features.

Mark Novak

MSDN Magazine November 2006

Are You in the Know?: Find Out What's New with Code Access Security in the .NET Framework 2.0


Unlike role-based security measures, code access security is not based on user identity. Instead, it is based on the identity of the code that is running, including information such as where the code came from. Here Mike Downen discusses the role of code access security (CAS) in .NET and outlines some key new features and changes in CAS for the .NET Framework 2.0.

Mike Downen

MSDN Magazine November 2005

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

Can't find AD security group while creating Audience rule


Hi guys,

I'm trying to create audience rule : all members of AD group. But when I try to choose a security group I need I can't find in search window. Though I see another groups. So in a whole the problem is I can't see all the AD groups but only some of them. It doesn't depends on on its type (global or local domain).

What could be a reason?

Security processor was unable to find a security header in the message



Recently on one of my machines, my client (WCF client) is having problem talking to WCF server. Both server and client are running on the same machine. The machine is Windows7 64 bit machine. It used to work fine until recently. The same software is working fine on all other machines with exactly same configuration. I am really confused here. Could someone please let me know what could be the problem?

Exception Type:

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089


Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

Stack Trace: System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) System.ServiceModel.Channels.SecurityChannelListener

SharePoint app crashes due to System.Security.Policy.PolicyException.


We have a two W.F.E servers. The server is hosting our intranet we app. The app is crashing at 2 in the night. It does not happen frequently, but does happen twice a week. Below is the description of the error message.

Server Error in '/' Application. -------------------------------------------------------------------------------- Execution permission cannot be acquired. Description: An unhandled exception occurred during the execution of the current web request.

Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.Policy.PolicyException: Execution permission cannot be acquired.

Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: [PolicyException: Execution permission cannot be acquired.] System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +10239176 System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& d

System.Security.Cryptography.CryptographicException: The system cannot find the file specified





When i tried to use a third party web service  using IIS  , i am getting the following Error

Exception Details: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

[CryptographicException: The system cannot find the file specified.
   System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +1459868
   System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +55
   System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +79
   System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters) +38
   System.Security.Cryptography.RSA.ToXmlString(Boolean includePrivateParameters) +41
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.a() +158
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.RequestLogin(String reasonMessage) +200
   Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.GetNewSecureSessionToken(Boolean attemptLogin) +148

Serving Silverlight Apps from Windows Mobile

Even if mobile dev is not my every day work, thanks to the .Net Compact Framework, it's still .Net programming.

Here is the scenario:

You come back home, you have a windows mobile phone wifi capable and you want to quickly get access to your phone pictures from your home network.
You just activate the Wifi, run my app and then browse to the provided link from any computer on the network.

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Practical Multithreading for Client Apps

Writing applications that use multiple threads is often considered an advanced programming task, prone to errors. In this month's column, I'll focus on a practical application of multithreading in Windows® Forms applications with some real benefits, while attempting to keep things simple. My goal is to present multithreading in an approachable way that addresses a very common need: writing applications with a user interface that remain responsive to the user.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

find a Control inside a GridView using jQuery


I have databound GridView in my page and I have a hidden DIV in all rows. Each row contains a Button that I want it to make the DIV visible for me! how can I use that with jQuery?!

here is the code page: 

<asp:GridView ID="GridView2" runat="server" AutoGenerateColumns="False" 
                                EnableModelValidation="True" GridLines="None" ShowHeader="False" Width="100%">

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend