.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

In this article, the author presents an extension to the Security Development Lifecycle Which could promote a better flow of information between users and designers of software security features.

Mark Novak

MSDN Magazine November 2006

View Complete Post

More Related Resource Links

Crash Course: Analyze Crashes to Find Security Vulnerabilities in Your Apps


Here the authors analyze program crashes to help you understand if you have the potential for read or write violations in your applications, and how they can lead to security vulnerabilities.

A. Abouchaev, D. Hasse, S. Lambert, and G. Wroblewski

MSDN Magazine November 2007

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

HOW TO Extending ASP.NET Security Model to use RIGHTs and Permission?


Hi all,

I am new to ASP.NET security model, I need to perform a RIGHT-based security checking for every actions in my applications (e.g. CreateUser, UpdateUser, SearchUser....etc)

However, the built in ASP.NET security model only support ROLE-based security, and I would like to do something like that, but using RIGHTs.

Is there any idea, experience and post I can read and extends the ASP.NET Security Model to use RIGHT-based security to perform granular control.

e.g. How to I write my own HTTPModule, or make use of IPrincipal object.

If there any details steps/tutorial will be great, as I am very new to the ASP.NET.

Thank you so much!

Serving Silverlight Apps from Windows Mobile

Even if mobile dev is not my every day work, thanks to the .Net Compact Framework, it's still .Net programming.

Here is the scenario:

You come back home, you have a windows mobile phone wifi capable and you want to quickly get access to your phone pictures from your home network.
You just activate the Wifi, run my app and then browse to the provided link from any computer on the network.

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Business Modelling and Web Applications and extending UML

UML can be used to model a business, prior to automating it with computers. The same basic UML syntax is used, however, a number of new symbols are added, in order to make the diagrams more relevant to the business process world. A commonly-used set of these symbols is available in current versions of Rational Rose.

Practical Multithreading for Client Apps

Writing applications that use multiple threads is often considered an advanced programming task, prone to errors. In this month's column, I'll focus on a practical application of multithreading in Windows® Forms applications with some real benefits, while attempting to keep things simple. My goal is to present multithreading in an approachable way that addresses a very common need: writing applications with a user interface that remain responsive to the user.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


WCF The Security Support Provider Interface (SSPI) negotiation failed


I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);


Security negotiation failed because the remote party did not send back a reply in a timely manner. T



Dear All i have created one simple service

like this

namespace WcfService2
        public class Service1 : IService1
        public string ShowEmpName(string strFirstName, string strLastName)
            return strFirstName + strLastName;

after executing in .net command promt i got 2 files

service.cs & output.config

after that i create one class file like this

namespace WcfService2
    public class clientcs

        static void Main(string[] args)
            Service1Client client = new Service1Client();
            string strResult = client.ShowEmpName("Pradeep", "Deokar");

iPhone and mobile apps


Hi Guys,


I would like to develop a mobile application such as the one you find in iPhones but I don't know from where to start!!? I'm not looking for something complicated, just an a static application of an eBook that users can read an flip the pages, I don't think that you can do such animation easily in ASP.net so does anyone knows what tool that I can use to develop such application?






ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend