Does anyone know where I can find the 64-bit
Microsoft.Samples.Security.SSPI.dll ? I installed .Net Framework SDk 2.0 64-bit on my machine but cannot find the dll.
View Complete Post
I am using a wcf service that I created, when both hosting machine and
the client machine are on the same domain everything works just fine.
When I publish the client app to the webserver in the DMZ I am getting
the following error:
SOAP security negotiation with 'http://10.0.0.14:3790/Bullfrog/QBService/QBService' for target 'http://10.0.0.14:3790/Bullfrog/QBService/QBService' failed. See inner exception for more details.The Security Support Provider Interface (SSPI) negotiation failed.
Here is my service main where I set up the service
Uri baseAddress = new Uri("Http://10.0.0.14:3790/Bullfrog/QBService");
ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);
Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.
MSDN Magazine March 2010
In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process.
MSDN Magazine November 2005
The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.
MSDN Magazine March 2004
MSDN Magazine August 2000
With the recent
security advisory issued by Microsoft for all ASP.NET applications it was highlighted by
Scott Gu that SharePoint applications are at risk also. Scott provided a link to a script which would run on your web-server to determine if there are ASP.NET applications installed on it and if it was vulnerable or not. I ran this script on my SharePoint
server and noticed the following web.config files highlighted as being vulnerable:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\layouts\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\images\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\isapi\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\web.config
Could I follow the instructions provide by Microsoft in the alert and modify these files? If not, how do I protect my web applications from this threat or are they at risk at all?
In "Microsoft Security Bulletin MS10-039" there is a workaround wich describes how to deny access to "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx.
Does this mean that when applying the now available security updates (in my case KB979445 and KB983444) one should expect that this file gets replaced with a newer version?
I´m wondering because it struck me that I forgot to remove the workaround before applying the patches wich should lead to that the account used for applying them had no permission to change this file, I also noticed that the file in question
is still last modified 2006.
My title describe the problem which I'm currently in at the moment Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
Download size: 13.7 MB
You may need to restart your computer for this update to take effect.
Update type: Important
A security issue has been identified that could allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain access to information. You can help protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
Help and Support:
I'm using FtpWebReuqest, SSL enabled, to connect and upload files to an FTP server.
During testing of the module i'm developing, I've encountered an unhandled exception indicating,
"System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid"
Now before I decided to post this question here, I've searched the net and found several posts related to this. However, most them were not really helpful and not that clear. Hence, the post. :)
Additional info, I've already over ride the validation part of the SSL connection using the codes below:
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(MyCertValidationCb);
public static bool MyCertValidationCb(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
What I can't really figure out is the root caus