.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Web Security: Putting a Secure Front End on Your COM+ Distributed Applications

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

The Internet requires that developers provide a different security model for clients than is used on a closed network. Because it would be too resource-intensive for both the client and server to prove their identity to each other, you need to look at other ways to ensure secure communications. This article covers the options, from digital certificates to public and private key encryption to Secure Sockets Layer and Web certificates. The discussion covers the installation of certificates in Microsoft Internet Information Services along with other options specific to IIS. This article was adapted from Keith Brown's Programming Windows Security (Addison-Wesley), due out in July 2000.

Keith Brown

MSDN Magazine June 2000

View Complete Post

More Related Resource Links

Silverlight Security: Securing Your Silverlight Applications


Josh Twist explains the unique challenges developers face in securing Silverlight applications. He shows where to focus your efforts, concentrating on the key aspects of authentication and authorization.

Josh Twist

MSDN Magazine May 2010

Cloud Computing: Building Distributed Applications With .NET Services


We show you how .NET Services within the Azure Services Platform makes it easy to bring workflow apps to the cloud.

Aaron Skonnard

MSDN Magazine April 2009

Secure By Design: Your Field Guide To Designing Security Into Networking Protocols


If you were to build a new communications protocol from scratch, how would you address security? Here the authors take a look at that question and generate some valuable insights into secure protocols.

Mark Novak and Andrew Roths

MSDN Magazine September 2006

Best Practices: Fast, Scalable, and Secure Session State Management for Your Web Applications


ASP.NET provides a number of ways to maintain user state, the most powerful of which is session state. This article takes an in-depth look at designing and deploying high-performance, scalable, secure session solutions, and presents best practices for both existing and new ASP.NET session state features straight from the ASP.NET feature team.

Mike Volodarsky

MSDN Magazine September 2005

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

WS-Security: New Technologies Help You Make Your Web Services More Secure


Without good security, Web Services will never reach their potential. WS-Security and its associated technologies, the focus of this article, represent the future of security for Web Services. Provided here is an overview of these emerging security standards that explains what they do, how they work, and how they get along together. Topics discussed include integrity and confidentiality and how these are provided by public key cryptography, WS-Security, and more. Some of the key components of WS-Security, such as the wsu namespace, are also covered.

David Chappell

MSDN Magazine April 2003

.NET Remoting: Design and Develop Seamless Distributed Applications for the Common Language Runtime


Prior to the advent of .NET, DCOM was the underlying technology for remote communications between Windows-based applications. But DCOM is quirky to set up and configure and not as interoperable as it should be. In .NET, XML Web Services and .NET Remoting are a seamless and effective answer to the demand for tools to build distributed applications.This article provides a primer on .NET Remoting with insights into the internal plumbing. Important aspects of remoting, such as channels, object lifetime management, and clients for remote objects are discussed. In addition, some practical examples are provided.

Dino Esposito

MSDN Magazine October 2002

Security in IIS 6.0: Innovations in Internet Information Services Let You Tightly Guard Secure Data


Security improvements have been a top priority in the evolution of IIS. IIS 6.0, which will be part of Windows .NET Server, has improved security features and a new approach to server configuration. New security-related tools for IIS, including IIS LockDown, make securing your server against attack easier than ever. The author explains how and why you can shut down services with IIS LockDown. He discusses limiting port access with TCP/IP filtering, controlling how files are served with extension mapping, what's new for Secure Sockets Layer, the use of URLScan, and more.

Wayne Berry

MSDN Magazine September 2002

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations.

Jeff Prosise

MSDN Magazine May 2002

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security.

Jeff Prosise

MSDN Magazine April 2002

COM+ Integration: How .NET Enterprise Services Can Help You Build Distributed Applications


The .NET Common Language Runtime (CLR) is Microsoft's next-generation component technology. The CLR is a replacement for COM, but not for COM+. COM+, now called .NET Enterprise Services, is the Microsoft object runtime environment for scalable system development. This article explains how to implement and deploy COM+ configured classes using the CLR, how to access object context and call context, and the rules for managing context-relative object references. Also discussed are ways to manage precious resources such as data connections and pooled objects, and the relationship between COM+ and the new .NET remoting architecture.

Tim Ewald

MSDN Magazine October 2001

Video: Security and Deployment: Office Applications in SharePoint

Many times deployments are much more than a single Office Add-in. When additional items like Lists, Content Types, Workflows, etc. need to be deployed as well, you need a package that can be deployed by an administrator. This video discusses deploying complete applications to SharePoint. (Length: 9:30)

How to distribute web applications among web front end servers

I have a three WFE and a SQL server in my farm. I have 9 web applications.  (every web application has its own app. pool & web site on IIS) When I create a web application on CA it creates it on all 3 WFE servers. (I can see on their IIS manager) Is there a way to separete them? I mean I want 1 web application to be separeted on a WFE, I want to dedicate 1 wfe for that web application. Is there a way to do that? Or at least is there a way to divide/distribute  web applications between servers? (3 pairs, each on one)

How to get all Secure Store Service (SSS) applications in the farm

Hello everyone, I am trying to use SharePoint 2010 Secure Store Service (next SSS) in my application to get credentials to external system. Is there any way to get all possible applications (IDs) from API provided. Currently I am using next code to get all applications: SecureStoreProvider provider = SecureStoreProviderFactory.Create() as SecureStoreProvider;             provider.Context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);             if (provider != null)             {                 foreach (var app in provider.GetTargetApplications())                 {                     Console.WriteLine(app.Name);                 }             } However it depends on SPServiceApplicationProxyGroup.Default and SPSiteSubscriptionIdentifier.Default parameters. So in case I remove SSS from

Secure channel cannot be opened because security negotiation with the remote endpoint has failed

Please help me to pinpoint what's wrong with the configurations. CoreClient client = new CoreClient(); client.ClientCredentials.UserName.UserName = "test"; client.ClientCredentials.UserName.Password = "test"; string msg = client.SayHello(); //==== ERROR Happens here Error message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. Configurations: Host: <behaviors> <serviceBehaviors> <behavior name="DefaultBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Promotion.Services.UsernameValidator, LibraryIIS" /> </serviceCredentials> </behavior>
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend