.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

Frequently Asked Questions about the ASP.NET Security Vulnerability

Posted By:      Posted Date: September 28, 2010    Points: 0   Category :ASP.Net
 
Two days ago I published an important blog post about a security vulnerability in ASP.NET .  In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications. Below are answers to some common questions people have asked since then about the vulnerability. Is Microsoft going to release an update to fix the vulnerability? Yes.  We are working on an update to ASP.NET that we will release via Windows Update once it has been thoroughly tested and is ready for broad distribution. Until the update is available, we will also publish details on workarounds (like the one described in this post ) that can be applied immediately to help protect against the vulnerability...(read more)


View Complete Post


More Related Resource Links

Frequently Asked Questions - SQL Server Data Types

  
This is good and precise introduction and Frequently Asked Questions - SQL Server Data Types

Redirect to Security Questions if Site accessed from unrecognized computer?

  

Hello,
I'm fairly new to ASP.NET and i'm using the Membership Provider.  I have the need to do similar to some banking sites. Baically I need to track "authorized" computers/ip's for a user.  If the user accesses the site form a recognized Computer/IP then the user is allowed into the app after successful login.  If the computer/IP is not recognized I need to redirect them to a screen to answer the security question setup in fhte Membership Provider.

Has anyone done anything like this or can anyone point me to any examples?  I did a search, but can't seem to find anything.


My idea is to maintain a list of authorized computers/IP addresses and check them on initial login.  If the IP address isn't found I can redirect them to the questions.  My concern is that they are then actually authenticated and could enter any of the site URL's as an authenticated user.

Any suggestions greatly appreciated. 


ASP.NET Security Vulnerability and SharePoint 2007 (Microsoft Security Advisory (2416728))

  

With the recent security advisory issued by Microsoft for all ASP.NET applications it was highlighted by Scott Gu that SharePoint applications are at risk also. Scott provided a link to a script which would run on your web-server  to determine if there are ASP.NET applications installed on it and if it was vulnerable or not. I ran this script on my SharePoint server and noticed the following web.config files highlighted as being vulnerable:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\layouts\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\images\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\isapi\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\web.config

Could I follow the instructions provide by Microsoft in the alert and modify these files? If not, how do I protect my web applications from this threat or are they at risk at all?
 


Important: ASP.NET Security Vulnerability

  
A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET. This vulnerability was publically disclosed late Friday at a security conference.  We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications. What does the vulnerability enable? An attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data). At attacker exploiting this vulnerability can also decrypt data sent to the client in an encrypted state (like ViewState data within a page...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 3

  
In ASP.NET Security Vulnerability Error Handling Project Part 1 , we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability . Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails. I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 2

  
In ASP.NET Security Vulnerability Error Handling Project Part 1 , we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability . Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails. I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 1

  
After having read Scott Guthrie's post on ASP.NET Security Vulnerability , I decided to take my existing error handling code, update it with his suggested sleep delay, and put it into a separate VB.NET Visual Studio project to share with others. In my project, you may optionally display the details of the error on the page if you update the code to set the debug flag to true, for instance, if the developer is logged in. I also send the error message and site specific details to the developer via...(read more)

Basic Security Questions

  

Hi,

I'm new to ASP.NET, so please excuse my stupid questions^^


I have already done many tutorials but i don't understand how to work with that membership thing.

If I click on my project and select ASP.Net Configuration I can Setup Users, Roles and so on. But where do they get saved?

How does this ASP.Net Configuration behave after the page goes live, i don't want anybody who knows the adress of this "backend" to access it.


Many Questions, perhaps easy answers...

Maybe you have a good tutorial for me, beacause i didn't find one that explained the whole security subject to me.


Greets,

Attix


Web Services - Security questions

  
HI,

every one who is working on web services please let me know the answers to following questions I have about
web service security.

1. Which one is best authentication for web services (forms authentication or windows authentication)

2. Is it necessary to implement security for intranet web services?

3. If web service exposing multiple web methods, should we authenticate every time client calls a method
or any other way?

4. How to implement message level security?

thanks

Mostly asked jQuery interview questions list

  
jQuery is rocking and it has become so popular that it is used almost by every developer. As it has already become more popular, interviewers tend to ask jQuery questions in interview. Below is the list of questions which are asked in almost every jQuery interview.

SharePoint Tutorial - Security

  
Security in SharePoint is comprised of users, groups and roles.



Users, Groups and Roles

Users
A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

Groups
There are two types of groups SharePoint uses: domain groups and SharePoint groups.

C# Interview Questions

  
C# Interview Questions
This is a list of questions I have gathered from other sources and created myself over a period of time from my experience, many of which I felt where incomplete or simply wrong. I have finally taken the time to go through each question and correct them to the best of my ability. However, please feel free to post feedback to challenge, improve, or suggest new questions. I want to thank those of you that have contributed quality questions and corrections thus far.

There are some question in this list that I do not consider to be good questions for an interview. However, they do exist on other lists available on the Internet so I felt compelled to keep them easy access

Asp.net web site security database

  

Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?


Someone help me.


Thank you.


System.Security.SecurityException:

  

hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend