If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.
MSDN Magazine July 2007
View Complete Post
I need to update active directory properties(attributes) through console application like Title,mail,sn,passwordQuestion,passwordAnswer.
DirectoryEntry.Properties["passwordQuestion"].Value = "What is your Favorite Color?";
DirectoryEntry.Properties["passwordAnswer"].Value = "green";
after updating , i check the attributes in Active Directory. All its fine.
the "password answer" saved as plan text.
After logged into asp.net portal with user's credential, it is working fine. After logout, When i goto click forgot password link, it ask the email address after that display the security password question and need to be enter the security password answer.
when i enter the security password answer in the text box , after click submit, it throw the error.
Invalid length for a Base-64 char array. Exception Stack Trace: at System.Convert.FromBase64String(String s) at System.Web.Security.ActiveDirectoryMembershipProvider.Decrypt(String encryptedString) at System.Web.Security.ActiveDirectoryMembershipProvider.ResetPassword(String
username, String passwordAnswer) at System.Web.Security.MembershipUser.ResetPassword(String passwordAnswer) at
But i update the passwordQuestion,passwordAnswer through web application(portal)
How to set SearchRoot Path in Active Directory in this
Functionality: We have scenario that
1<sup>st</sup> hit one LDAP server with some 'fixed user
name' &' fixed password ' and filter data
with specific User name(which given by user) getting 'User dn'.
After that we hit Next LDAP server based on the 'User
dn' getting from 1<sup>st</sup> server.
(So, in my case 1<sup>st</sup> LDAP
server works like as Load balancing server but functionalitywise it is
wi As System.Security.Principal.WindowsIdentity = _System.Security.Principal.WindowsIdentity.GetCurrent()
Dim a As String() = HttpContext.Current.User.
I am have requirement like displaying all the user information reporting to specific manager from Active Directory.
Please help me regarding this.
When i try to List the users from Active directory, i get this exception.
Error while processing.System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll()
The code i used is :
deSearch.Filter = "(&(objectClass=user) (cn=" + UserName +"))";
SearchResultCollection results = deSearch.FindAll();
But the DirectoyEntry method is getting validated if i use the overloaded method : DirectoryEntry(_path, domainAndUsername, password);
Please advice me.
Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you're managing user state stored on the client. Here's what you need to know about view state security.
MSDN Magazine July 2010
Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.
MSDN Magazine May 2010
Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.
MSDN Magazine March 2010
Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.
MSDN Magazine February 2010
This article explains how you can use Active Directory Federation Services (AD FS) 2.0 to claims-enable Windows Communication Foundation (WCF) services and browser-based applications. The focus is on the token issuance functionality in AD FS 2.0. You'll find out how to use AD FS 2.0 as an identity provider; set up an AD FS 2.0 security token service (STS) to interact with WCF; federate AD FS 2.0 with your custom STS or another AD FS 2.0; enable Web single sign-on and federation with WS-Federation and SAML 2.0 protocols; and externalize authentication logic through Visual Studio. You'll come away appreciating how AD FS 2.0 and Windows Identity Foundation make programming identity solutions in Windows less of a chore.
MSDN Magazine November 2009
This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.
This article explores the use of threat modeling to address security concerns in your applications.
MSDN Magazine September 2009
Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.
MSDN Magazine August 2009
Listen in on a chat between a developer and security pro that delves into some of the major Security Development Lifecycle (SDL) requirements we impose on product teams here at Microsoft
MSDN Magazine May 2009
Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.
MSDN Magazine March 2009