.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Kaviya Balasubramanian
Imran Ghani
Post New Web Links

Password / Application Security.

Posted By:      Posted Date: August 25, 2010    Points: 0   Category :ASP.Net
 

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?




View Complete Post


More Related Resource Links

Update Active Directory attributes - Security Answer and Password - Console Application

  


Hi,

I need to update active directory properties(attributes) through console application like Title,mail,sn,passwordQuestion,passwordAnswer.

DirectoryEntry.Properties["passwordQuestion"].Value = "What is your Favorite Color?";
DirectoryEntry.Properties["passwordAnswer"].Value = "green";

after updating , i check the attributes in Active Directory. All its fine.

the "password answer" saved as plan text.

After logged into asp.net portal with user's credential, it is working fine. After logout, When i goto click forgot password link, it ask the email address after that display the security password question and need to be enter the security password answer.

when i enter the security password answer in the text box , after click submit, it throw the error.

Invalid length for a Base-64 char array. Exception Stack Trace: at System.Convert.FromBase64String(String s) at System.Web.Security.ActiveDirectoryMembershipProvider.Decrypt(String encryptedString) at System.Web.Security.ActiveDirectoryMembershipProvider.ResetPassword(String username, String passwordAnswer) at System.Web.Security.MembershipUser.ResetPassword(String passwordAnswer) at

 

But i update the passwordQuestion,passwordAnswer through web application(portal)

Security: Safer Authentication with a One-Time Password Solution

  

One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008


Security Briefs: Password Minder Internals

  

In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.

Keith Brown

MSDN Magazine October 2004


ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S

  

The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004


Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET

  

Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002


Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr

  

This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000


how do i create a windows form application login for to validate username and password from sql serv

  
 I would like to know how I can create a login form for my windows form application. The login form must be linked to a SQL server 2005 express edition database (in which the username and passwords are stored). The login form must validate the user using the database and allow them to access the program. 

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

How list all of the Actions in an MVC application for security audit?

  
Hi, We are developing a big MVC application and the numbers of published end-points (Controller Actions) -audit properly assigned authorization attributes - are getting out of hand. In WinForms, each aspx file is the end-point, so I can easily audit files and folders. Things in MVC are different.  I am looking for a tool based on reflection that searches actions in all controllers available in the solution and give me a list with assigned [Authorize] attribute. Is such tool or technique available? If such tool is not available, how can I audit the security attack surface of an MVC application? A new developer can easily add an action to a controller class (we have many controllers, can't inspect them manually) and the action become available to public. Thank you, Max

Get Login in Application without Entering username and password in Digest Authntication.

  
Hello Frd'si am using Form authntication and Digest authntication mode. Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??For IE i have added website into trusted zone but still it's asking for username and password.R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.If you give me some hint or articals link then i m very thnak ful to you.Thank you.

web application asking server user name password

  

Dear friends,

                   I have been using a asp.net2005 application for one year. Every thing was working fine . Last night i just changed a picture in image folder. Now my application is working fine on server but when i am runing this application on client side , it is asking server's user name and password as soon as  newly added image is going to upload on client.


Plz help  ASAP.

Thanks is advance

vickyjha


Microsoft .NET Application Security

  
Hi,

i am trying to install sql server 2008 Enterprise Edition X86 on a Windows XP x86. At the Configuration Checker it says that "Microsoft .NET Application Security" is not applicable. I can however install everything.

What does this message mean please?

I heared that SQL 2008 only available on Vista and higher, because of this .

Now I even cant uninstall sql normally. When I used add remove it does not uninstall everything.

Difference between EXE and WEB application using Web.Security?

  

I have a C# 4.0 WinForm application that creates new Membership users using Membership.CreateUser(). I've created 1,000+ users. I run into problems when I access those same users from my Web application specifically MembershipUser.GetPassword(). I'm able to get the user in the Web app but when I try to get the password using MembershipUser.GetPassword() I get the "Unable to Validate data" error everytime. If I use the MembershipUser.GetPassword() method in the WinForm application it works fine. I'm using the same MachineKey in both applications. Does anyone have any idea what might be the issue?

 

I'm already past my dealine and in desperate need of help. Thank You!

 

WinForm App.config:

  <system.web>
    <machineKey validation="SHA1" validationKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" decryptionKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" />
  </system.web>

 

WebApp Web.config:

  <system.web>
    <machineKey validation="SHA1" validationKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F11D50A3AB03F5F7F11D50A3C,IsolateApps" decryptionKey="B03F5F7F11D50A3AB03F5F7F11D50A3A123F5F7F1

How to hide SQL Server password from user in an Windows Forms Application?

  

Using - VS 2005, SQL Server 2005 Express, Windows Forms Application

Problem-

I am unable to find a way that hides the password to connect to database in case of a Windws Forms Application.

- app.config is accessible to the user, so connection strings an be read.

- app.config can't be encrypted as in case of ASP.NET applications

- hardcoding the password in the application in connectionstring still makes it possible to be discovered by a user


Vibhor Agarwal

Default application min password lenght

  

Hi


Anyone know why the minimum password length is 6 chars?

I can't find any reference to this anywhere.


An exception occurred when trying to issue security token: The security token username and password

  

Hi,

  I get a problem authenticating people in Sharepoint 2010 LDAP provider.

  Right now, I can successfully config the central admin for LDAP provider, (I can search people that in LDAP server,assign ldap people without problem). Also I can search LDAP people in my site. Then I tried to login using ldap username and password, it shows "An exception occurred when trying to issue security token: The security token username and password could not be validated.."

  First, I thought maybe there were some typo in my site web.config, so I enabled the windows login, log into my site using my windows account, there, I can search LDAP user in my site with no problem. So I believe that my site web.config is alright. The only thing left is the STS.But I am not sure what could be wrong , because membership and role part are just simple copied and pasted from my site web.config.

  Here is the web.config for STS. Please Help. Thank you.

<?xml version="1.0" encoding
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend