.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Tamper-Resistant Apps: Cryptographic Hash Algorithms Let You Detect Malicious Code in ASP.NET

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Cryptographic hash algorithms produce fixed-length sequences based on input of arbitrary length. A given input always produces the same output, called a hash code. Using these algorithms, you can compute and validate hash codes to ensure that code running on your machine has not been tampered with or otherwise changed. ASP.NET provides a software mechanism for validating hash code fingerprints for every page requested by a client. In this article, the author shows how to use hash codes with ASP.NET applications to detect tampering and prevent malicious code from running when tampering is detected.

Jason Coombs

MSDN Magazine September 2002

View Complete Post

More Related Resource Links

Office Apps: Extend Your VBA Code With VSTO


VSTO brings you the full feature set of Visual Studio including LINQ, WPF, WCF, and the .NET Framework 3.5.

Paul Stubbs and Kathleen McGrath

MSDN Magazine August 2007

Share Code: Write Code Once For Both Mobile And Desktop Apps


If you're building .NET client apps already, target them to Windows Mobile using the same skills and toolsets.

Daniel Moth

MSDN Magazine July 2007

Debug Leaky Apps: Identify And Prevent Memory Leaks In Managed Code


When is the .NET Garbage Collector unable to reclaim memory? The answer might surprise you. Stay tuned.

James Kovacs

MSDN Magazine January 2007

No More Hangs: Advanced Techniques To Avoid And Detect Deadlocks In .NET Apps


You can combat deadlock using a combination of disciplined locking practices which Joe Duffy aptly explains in this article.

Joe Duffy

MSDN Magazine April 2006

.NET Code Tuning: Make Your Apps Fly with the New Enterprise Performance Tool


Because the common language runtime (CLR) is a black box, it's pretty hard to divine what's going on when you want to track down performance problems. Microsoft will be delivering a brand new profiler, the Enterprise Performance Tool (EPT), as part of Visual Studio 2005 Team Developer Edition that's ideal for use on a production system because it offers some very lightweight means of collecting performance data. Here John Robbins takes you on a tour.

John Robbins

MSDN Magazine December 2004

Code Name Longhorn: A First Look at Writing and Deploying Apps in the Next Generation of Windows


The next version of the Microsoft Windows operating system, code-named "Longhorn," marks a significant change not only in terms of how the operating system works, but also in the way in which applications are built. The Longhorn version of Windows includes a new storage system, natural search technology, and an increased emphasis on security and trustworthy computing. Here the author provides an overview of Longhorn, focusing on the build-once, deploy n-times application model. In addition, he discusses the new language, code-named "XAML," that's used to create UI elements, then presents some working samples.

Dino Esposito

MSDN Magazine January 2004

Code Name Avalon: Create Real Apps Using New Code and Markup Model


The presentation subsystem in the next version of Windows, code-named "Longhorn," offers powerful new capabilities to developers. This subsystem, code-named "Avalon," allows developers to take advantage of its capabilities through a new markup language code-named "XAML." In addition, modern object-oriented programming languages such as C# and Visual Basic .NET can be used to tie everything together. Because most applications written to Avalon will probably be a mix of XAML and programming code, this article discusses XAML tags used to control page layout along with the procedural code written to respond to events.

Charles Petzold

MSDN Magazine January 2004

Debug: Detect and Plug GDI Leaks in Your Code with Two Powerful Tools for Windows XP


In a previous article, the author devised a simple method to detect Graphical Device Interface (GDI) objects that are not properly released by Win32-based applications on Windows 9x platforms. Because some newer versions of Windows require a slightly different approach to GDI leaks, the author has updated his techniques for those operating systems. He builds and explains two tools designed to detect and eradicate GDI leaks in applications running on Windows XP, Windows 2000, and Windows NT.

Christophe Nasarre

MSDN Magazine January 2003

Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts


Downloading scripts from the Web or e-mail leaves users vulnerable to security risks because scripts can't be signed. But now developers can use Windows Script Host (WSH) to hash scripts so users can verify their source and safety. With WSH, scripts can be signed or verified using all the same tools ordinarily used to sign EXE, CAB, DLL, and OCX files. This article discusses public-key cryptosystems, the process of signing and verifying scripts in WSH, and several warnings about attacks that could potentially be made against cryptographically secured scripts and ways in which to avoid them.

Eric Lippert

MSDN Magazine April 2001

Detect if code is running inside SQL Server.

Can managed code "detect" if it is running in the normal .Net CLR or the special SQL Server CLR? Is there some environment flag or field we can look at at runtime? Thanks Cap'n  

SharePoint 2010 Installation Failed - FIPS validated cryptographic algorithms

Hi All,
We are trying to install SharePoint 2010 foundation on a Windows 2008 Standard-SP2 (NOT R2).
After installing SharePoint when we run the config wizard for the first time we get the below mentioned error. We have another box which hosts MS SQL Server 2008 and we noticed that the config database is created but the wizard fails during the Create Config Database step.
Local security policy for FIPS is disabled.

Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown.  Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.SHA256Managed..ctor()
   at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.ComputeHash()
   at Microsoft.SharePoint.Administration.SPUserCodeService.UpdateValidatorsHash()
   at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
   at Microsoft.Sha

Code to detect monitor size

How to detect monitor size(i.e. 15 inch, 18 inch, 24 inch, etc) from C#.Net 2005 Windows Application.

Hash-based Message Authentication Code in WCF 4.0 RESTful service


What is an ideal way of implementing "Hash-based Message Authentication Code" in WCF 4.0 REST, with out putting logic inside each service operation logic?  Can you give me an example of using ServiceAuthenticationManager or some kind of service behavior to accomplish this?


FIPS validated cryptographic algorithms


I have enabled the FIPS algorithm policy on our windows server2008 machine. Now, any page that has a viewstate is abending with the following error: 

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

This is used in a web farm so we have a machine key defined in our machine.config. If I add decryption="3DES" to the end of that key everything works again. My guess is the default is AES which isn't FIPS compliant. I also noticed this is not an issue on my iis 6.0 servers running server 2003. Very similar setup.

Is there a better way to handle this situation? I read some articles about doing something similar in the app web config. The web.config worked fine. However, the machine.config change seems better because I won't have to change every application.


Code Optimized Web Development Profile (VS 2010 and .NET 4.0 Series)

When you first run VS 2010 it prompts you to select an IDE profile to use. The profile you select will configure how tool windows are displayed/docked in the IDE by default and set the default keyboard shortcuts. You can then customize any of these settings by using the Tools->Options menu within the IDE and then override/change them. You can also later reset your profile and pick a different one by choosing the Tools->Import and Export Settings menu command.

Free Code Snippets - ASP.NET

You Can Find Useful ASP.NET Related Posts on the above link.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend