.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security and Authentication

Posted By:      Posted Date: September 21, 2010    Points: 0   Category :ASP.Net

Hi, Everyone:

If anyone can please help me with this issue I would gladly appriciated and I thank anyone that can help and that takes the time to view this post. I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that  enables a user to be able to see a dataBase information only after that user has been successfully authenticated. Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, can anyone please direct me in the right path to how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members, thank you.

View Complete Post

More Related Resource Links

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtec

I have a windows service that runs on client machines and connects to a WCF service on a server.  This windows service seems to work fine on Windows XP, Vista and 7  machines, but when I try and run it on a Server 2008 R2 machine I get the following error: System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for system.serviceModel/bindings: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'. (C:\Program Files (x86)\MyFolder\MyApp\MyAppWinSVC.exe.Config line 4) ---> System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.    at System.ServiceModel.Configuration.HttpTransportSecurityElement.get_Properties() I have the 3.5 sp1 feature installed. The only thing I have found online that is remotely similar is this MS hotfix: http://support.microsoft.com/kb/2262911 But when I try and apply it, it says that it isn't for my computer. Does anyone have any ideas how to resolve this issue?

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


Security settings for this service require Windows Authentication but it is not enabled for the IIS




We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

Basic Authentication using security mode TransportCredentialOnly


i am trying to achieve username/password authentication using Basic as security mode in my config file. i have a requirement to make my service available on HTTP so HTTPS is not an option. The other requirement that i have is that the client should be authenticated (from a database so Windows authentication is not an option) using username and password that he will provide.

following is the code:

A class added in the service project:

public class ServiceValidator : UserNamePasswordValidator
        public override void Validate(string userName, string password)
            // This isn't secure, though!
            if ((userName != "mohsin") || (password != "mohsin"))
                throw new SecurityTokenException("Validation Failed!");

my service.config looks like this


Net.TCP Endpoint; Windows Authentication security; client can connect to a server at localhost but n


Hey all, so here's what going on:

I have a WCF Service that I have setup as a Windows Service.  Everything works perfectly when I attempt to use the system with all of the components (i.e. server and clients) on the same machine.  However, when I try to connect my client from a different system, I get an error that is trying to tell me that the server rejected the client's credentials.

I need the client to the able to connect from a different machine.  I want to implement a SQL Role Provider kind of credentialing in the future, but for now, I just need it to work.

What I have tried
I have looked around online and read a few other posts as well some things in the MSDN KB and I have either not found the answer, or not understood it.

  • I have tried setting the <security mode="Transport"> to "None" with the hope that that would disable the accreditation entirely.  All it did was result in a different error saying that there was an error that might have been caused by an invalid message.  I have also tried a few other configurations with this element in the app.config file; to no success.
  • I have read some things about Impersonation, but I am not quite sure I understand how to implement it

WCF: security token could not be satisfied because authentication failed.



I am newbie to WCF.... Please bare me..I have WCF service and client on the same machine with certificates(trusted root authority). Please find Client and server config below.

Below exception resulted when client tries to call service.

NOTE: This exception resulted when revocationMode= Online. But this is working fine when revocationMode= NoCheck.

<authentication certificateValidationMode="ChainTrust" revocationMode="Online"/>

But this should work in Online revocation mode for me.


Server Error in '/WCFClient' Application.

The request for security token could not be satisfied because authentication failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

Source Error:

Line 58:     }
Line 59:
Line 60:     public string Ping(string inParam) { return base.Channel.Ping(inParam);

Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' ..


 I am running Windows Server 2008, ASP.NET 3.5, IIS7

i wonder if it's IIS7 problem, or .NET Framework or even security updates problem

suddenly all websites do not work, and from event viewer

there're two errors

Exception: System.TypeLoadException

Message: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

StackTrace:    at System.Web.Hosting.IIS7WorkerRequest.Dispose()
   at System.Web.Hosting.PipelineRuntime.DisposeHandlerPrivate(HttpContext context)
   at System.Web.HttpRuntime.FinishRequestNotification(IIS7WorkerRequest wr, HttpContext context, RequestNotificationStatus& status)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

 Faulting application w3wp.exe, version 7.0.6002.18005, time stamp

[FtpWebRequest] System.Security.Authentication.AuthenticationException: A call to SSPI failed


Hi All,

   I'm using FtpWebReuqest, SSL enabled, to connect and upload files to an FTP server.

   During testing of the module i'm developing, I've encountered an unhandled exception indicating,

   "System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid"


Now before I decided to post this question here, I've searched the net and found several posts related to this. However, most them were not really helpful and not that clear. Hence, the post. :)

Additional info, I've already over ride the validation part of the SSL connection using the codes below:


ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(MyCertValidationCb);

public static bool MyCertValidationCb(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)


        return true;



What I can't really figure out is the root caus

Routing users after authentication to different sites/applications preserving the security context?



We want to authenticate our users on our main site (default port 80, default.aspx, login page) and once a user successfully authenticated, we go grab a list of possible urls for that user and present it as links. Once the users clicks a link, we want to preserve the authentication context so that the app living on the chosen url does not have to re-authenticate the user.

Is something like that possible?

Is it recommended to do something like that?

Are there other ways to route users to their destination?


Thanks in advance, regards,


SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend