.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Easy Web
Imran Ghani
Post New Web Links

Difference between EXE and WEB application using Web.Security?

Posted By:      Posted Date: October 22, 2010    Points: 0   Category :ASP.Net
 

I have a C# 4.0 WinForm application that creates new Membership users using Membership.CreateUser(). I've created 1,000+ users. I run into problems when I access those same users from my Web application specifically MembershipUser.GetPassword(). I'm able to get the user in the Web app but when I try to get the password using MembershipUser.GetPassword() I get the "Unable to Validate data" error everytime. If I use the MembershipUser.GetPassword() method in the WinForm application it works fine. I'm using the same MachineKey in both applications. Does anyone have any idea what might be the issue?

 

I'm already past my dealine and in desperate need of help. Thank You!

 

WinForm App.config:

  <system.web>
    <machineKey validation="SHA1" validationKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" decryptionKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" />
  </system.web>

 

WebApp Web.config:

  <system.web>
    <machineKey validation="SHA1" validationKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" decryptionKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F1


View Complete Post


More Related Resource Links

Difference Btw Website vs Web application and Virtual directory in IIS 7

  

May i know what is the Differenc that they actually make in IIS7 .

Please tell me at a low level as i am still a novice in Asp.Net

 

Thanks in Advance.

Balaji


ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S

  

The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004


Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET

  

Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002


Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr

  

This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000


Password / Application Security.

  

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?


Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

How list all of the Actions in an MVC application for security audit?

  
Hi, We are developing a big MVC application and the numbers of published end-points (Controller Actions) -audit properly assigned authorization attributes - are getting out of hand. In WinForms, each aspx file is the end-point, so I can easily audit files and folders. Things in MVC are different.  I am looking for a tool based on reflection that searches actions in all controllers available in the solution and give me a list with assigned [Authorize] attribute. Is such tool or technique available? If such tool is not available, how can I audit the security attack surface of an MVC application? A new developer can easily add an action to a controller class (we have many controllers, can't inspect them manually) and the action become available to public. Thank you, Max

What is difference b/w web application and web site?

  

Hi Dude,

I have few dobut in visual studio environement. i opened the vs and then we have to created the application. i have seen the two type of application. they are web site and web application. I need to know the difference between web site and web application. Please let me know if anyone know this. plz help me as soon as possible.

Thanks in Advance.


Update Active Directory attributes - Security Answer and Password - Console Application

  


Hi,

I need to update active directory properties(attributes) through console application like Title,mail,sn,passwordQuestion,passwordAnswer.

DirectoryEntry.Properties["passwordQuestion"].Value = "What is your Favorite Color?";
DirectoryEntry.Properties["passwordAnswer"].Value = "green";

after updating , i check the attributes in Active Directory. All its fine.

the "password answer" saved as plan text.

After logged into asp.net portal with user's credential, it is working fine. After logout, When i goto click forgot password link, it ask the email address after that display the security password question and need to be enter the security password answer.

when i enter the security password answer in the text box , after click submit, it throw the error.

Invalid length for a Base-64 char array. Exception Stack Trace: at System.Convert.FromBase64String(String s) at System.Web.Security.ActiveDirectoryMembershipProvider.Decrypt(String encryptedString) at System.Web.Security.ActiveDirectoryMembershipProvider.ResetPassword(String username, String passwordAnswer) at System.Web.Security.MembershipUser.ResetPassword(String passwordAnswer) at

 

But i update the passwordQuestion,passwordAnswer through web application(portal)

Microsoft .NET Application Security

  
Hi,

i am trying to install sql server 2008 Enterprise Edition X86 on a Windows XP x86. At the Configuration Checker it says that "Microsoft .NET Application Security" is not applicable. I can however install everything.

What does this message mean please?

I heared that SQL 2008 only available on Vista and higher, because of this .

Now I even cant uninstall sql normally. When I used add remove it does not uninstall everything.

Difference between web Site & Web Application

  

Hello friends,

Is there any differenece between Web Application and Web Site. where I can get the details about this?
One more thing I amusing Visual Studio 2005, now if I select File > New > Project I dodn't found any option for Web Application there. So ultimately I have to select File > New > Web Site.
Is it normally like this only or I have to do something to include Web Application option into New > Projects.

Please let me know

Thanks & Regards
Girish Nehte


WSS 3.0 FBA Security Issue with "Full Control" in "Policy for Web Application "

  

I just set up form based authentication using Active Directory.  I set the following parameters in the web.config:

  <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://mydomain.com/DC=mydomain,DC=com" />
  </connectionStrings>

    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName"/>
      </providers>

I then open the central admin, select “Policy for Web Application”...and I add the users that I want to give access from the outside.  So I grant “Full Control” and my problem arose:

When I give the user “full control” access....they can now see everything across the entire sharepoint site?

Where are all the windows permissions I set across SharePoint?

In other words, mydomain\user1 ha

Security Briefs: Web Application Configuration Security Revisited

  

Bryan Sullivan follows up on configuration security with some relatively obscure-but important-web.config settings that should be addressed, and discusses a new free tool to help you find potential problems.

Bryan Sullivan

MSDN Magazine November 2010


Difference between Web Application and Web Site

  

What is the difference between a Web Application and a Web Site?

These are the steps i am following crating the both:

File - new  Project - Visual C# - ASP.NET Web Application
FIle - New Web Site - Select "ASP.NET Web Site" 

I know this a simple doubt but i want to know.

Thanks


Microsoft.Net Application Security Warning

  

Hi,

 

I am installing SQL Server 2008 R2 Enterprise on a Windows Server 2008 R2 Datacenter.

The setup generates warning:

Rule "Microsoft.Net Application Security" generated a warning.

The computer cannot access the Internet. There might be delays 
in starting a .NET application like Managment Studio. If navigate 
to http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl file you should not have .NET security validation issues. It is not necessary to download the MicrosoftRootAuthority.crl file.

But the computer really has no access to the I-net. And will not have.

 

What does this warning mean?

Is it critical?

 

Thank you for your time.

Evgeniya


Application attempted to perform an operation not allowed by the security policy - medium level trus

  

Sorry about posting this one here but not sure where else to place it, I've read a number of other threads on this but none seem to give the answer I'm looking for...

 

I have done something very simple, added a SqlDataSource ScriptManager and AJAX Update Panel. My database is currently inside App_Data folder.

 

When I run the page I get the following error:

 

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

 

 

Now in the Web.Config file I have set       <trust level="Medium"/>

 

but I don't want to change this because when deployed it is unlikely that I will be able t

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend