.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Easy Web
Imran Ghani
Post New Web Links

FIPS compliance on web app; no workaround

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net
 

We recently had FIPS Compliance enforced through Group Policy on our production servers.  In our development environment, we are setting the registry key to enforce FIPS, and we inserted the <machineKey> setting found elsewhere to use MD5 encryption in the ViewState.

However, the web application, which has been working for years, suddenly gets this error:

 

Server Error in '/' Application.

Parser Error

Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.

Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Source Error:

Line 1:  <%@ Application Codebehind="Global.asax.cs" Inherits="MyWebApplication.Global" %>

Source File: /global.asax    Line: 1


Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.40


View Complete Post


More Related Resource Links

SSAS FIPS compliance encryption

  

I am trying to find out if SSAS processes are encrypted to FIPS compliant standards. We have been able to implement FIPS encryption for MSSQL but we have found no way of determining if SSAS standard encryption is FIPS compliant. As is my understanding SSAS files are encrypted by default but we are not aware that this encryption is FIPS compliant.

Does anyone know if SSAS encryption is FIPS compliant? and if so do you know how we could prove this to auditors? If SSAS standard encryption is not FIPS compliant does anyone know what we need to do to implement encryption at the FIPS compliance level?

The version of SSAS is 2008 x64. MSSQL is Enterprise 2008 x64.

much appreciated :-)

 

 

 

 


Fips Compliance of Analysis Services and Encryption of Cube Data

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.

 

 Colin Robinson

 


Encryption and FIPS Compliance of Analysis Services 2008

  

We have SQL Server succesfully set up for FIPS Compliance, But require to setup the same Compliance for the Encryption of Data in Analysis services 2008 enterprise on the same Win 2008 server.

If we browse to the SAS Data Folder for our Project on the Fips Compliant  Instance We can view the Data Files and the Data is Visible in Plain Text. Depite the security setting being set to DataProtectMode 1 (Encryption).

So my Questions:

1. Is Analysis Services 2008 enterprise Fips Compliant ?

2. if it is How do we set it up

3. how do we prove to security Auditors that it is Set up and Working in Compliant Mode.

We have done Exaustive Searches of msdn Google blogs, sql-cat etc and found no relevent articles to Answer these specific Questions and are reluctant to Go to Chargeable support until we have exausted other available avenues.


Security Briefs: Security Compliance as an Engineering Discipline

  

Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.

Brad Hill

MSDN Magazine February 2010


WCAG Compliance

  

I know its an old chestnut, but this is of great importance to us in the Public Sector and with many commercial clients too.  How close will the kit be to compliance with the current WCAG 1.0 AA level of the standard?


Stacked Column Chart: Workaround for busted InsertEmptyPoints

  
I had to struggle with this a bit so I'm gonna share what I figured out. To make a stacked column chart from a SqlDataSource you need to use DataBindCrossTable like this... CHART1.DataBindCrossTable(SqlDataSource1.Select(DataSourceSelectArguments.Empty), "proceso_estado_nombre", "max_fecha_final", "valor", "") Now, each series created needs to be converted to StackedColumn type, which you do like this... For Each series As DataVisualization.Charting.Series In CHART1.Series    series.ChartType = DataVisualization.Charting.SeriesChartType.StackedColumnNext The problem at this point is that the chart wont work if you don't have the same number of points in each series and each set of points should have the same X values. So to fill in the empty points in each series you can use InsertEmptyPoints like this... CHART1.DataManipulator.InsertEmptyPoints(1, DataVisualization.Charting.IntervalType.Months, series.Name.ToString) However, when I did this I got inconsistent results. See below... <Series>    <Series Name="Terminado" Legend="Default" XValueType="Date" ChartType="StackedColumn" ChartArea="ChartArea1" ToolTip="Terminado: #VALY{C0}">      <Points>      

Trying to make a workaround for animated GIF in WPF

  
Hello. I'm trying to make a workaround for displaying, with (semi-)correct delays, an animate gif with partial frames into an Image control from a ReadOnlyCollection<BitmapFrame> (from BitmapDecoder) What I've done so far was load the same file as a System.Drawing.Image, get the delays using GetPropertyItem(0x5100), and trying to recompose the frames. The whole thing runs on a separate Task, which then calls another Task with a TaskScheduler.FromCurrentSynchronizationContext() to update the UI. Here's the relevant code as of posting:         private void AnimateTaskMethod(ReadOnlyCollection<BitmapFrame> bi, CancellationToken ct) { int count = bi.Count; int[] delay = new int[count]; int i = 0; System.Drawing.Image img = null; try { img = System.Drawing.Image.FromFile(FileList[(int)index]); System.Drawing.Imaging.PropertyItem prop = img.GetPropertyItem(0x5100); for (int x = 0; x < count; x++) { delay[x] = 10 * BitConverter.ToInt32(prop.Value, x * 4); if (delay[x] == 0) delay[x] = 100; } } catch { for (int x = 0; x < count; x++) { delay[x] = 1000; } } finally { if (img != null) img.Dispose(); } while (true) { ct.ThrowIfCancellationRequested(); Thread.Sleep(delay[i]); Task UIAnim

Hardware backbutton on Droid only semi-functional for browsing -- any workaround?

  
I have just completed my first mobile website. It works beautifully with an iPhone, and ALMOST does likewise on a Droid.That "almost" is an ultra-frustrating bug that I'm afraid is hardware-based and will not permit a software solution. Allow me to state my hypothesis:"When you perform a software redirect to another page on your website, you cannot return to a functional version of the page you were on when the redirect was launched via Droid's hardware backbutton. You'll have the graphics, but the code behind the form will be gone and it will be nonfunctional. The ONLY functional route back from a redirect to the originating page on a Droid is via software switching.I've experimented endlessly with redirect option parameters, page cache settings and the pagestatepersister class in Visual Studio. Nothing works.  And I HAVE to use the redirect method to open the second page, because I have to derive some complex information before I'm ready for it to open -- onclientclick and navigateURL aren't options.This is NOT an issue with an iPhone . its backbutton always returns from a redirect to a still-functioning originating page. Is my hypothesis correct, or does somebody know some workaround that will enable me to offer iPhone functionality to Droid users?  If I could open a new window after processing data, that would solve my problem (Droi

common criteria compliance enabled

  
I'm working on SQL sever 2005 product version = '9.00.3042.00' I'm trying to run the script: exec sp_configure 'common criteria compliance enabled' but I keep getting the error: Msg 15123, Level 16, State 1, Procedure sp_configure, Line 51 The configuration option 'common criteria compliance enabled' does not exist, or it may be an advanced option. I have already enabled advanced options and reconfigured: EXEC sys.sp_configure 'show advanced options', '1' RECONFIGURE WITH OVERRIDE but the error persists. Any help will be greatly appreciated.

Could not load file or assembly 'Compliance, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'

  
We recently upgraded from .NET 1.1 to .NET 3.5. The project was running fine until yesterday when I tried to create a set up project. When I add a new Websetup project and rebuild solution I get error :  Error 79 Could not load file or assembly 'Compliance, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417) Y:\Development_Sites\Development_Server_RW\QMComet\SGEN Compliance Now when I run the project  , I get : Server Error in '/QMComet' Application. Parser Error Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately. Parser Error Message: Could not load type 'Jennison.Compliance.Global'.Source Error: Line 1: <%@ Application Codebehind="Global.asax.cs" Inherits="Jennison.Compliance.Global" %> Source File: /QMComet/global.asax    Line: 1     Please help. I wwas able to run the project before I tried to create a set up.   Thanks,Rohit

workaround?

  
Hi, I just started using AjaxControlToolKit. For starter, I added the CalendarExtender to an existing page. Things were fine until I tried to open the page and I got the following error:"This page is missing a HtmlHead control which is required for the CSS stylesheet link that is being added. Please add <head runat="server" />" Is it obsolutely required the header tag to have runat="server" attribute? Any workaround? We are using a base page class which is derived from System.Web.UI.Page, so if I modified said class (which renders the header from the code behind), it will affect all of our existing pages. The thing is I am not sure if there will be any side-effect and if the others will approve of this approach.

Do we have to apply the workaround on each website on IIS?

  
I am maintaining hundreds of websites, is there a way to do this workaround in one place such as machine.config?thanks

PCI compliance - Transparent Data Encryption

  
I have been researching PCI compliance and SQL Server 2008.   I need to store credit card details in the database for a short period until the batch is closed.  One feature of SQL 2008 that keeps coming up over and over is Transparent Data Encryption.  One down side I see to Transparent Data Encryption is that we would need to bring in 3rd party software to manage the EKM and store the Asymmetric key(s).  I wanted to see what software people are using to manage their keys and get some general feedback on Transparent Data Encryption.  Thank you in advance for your time.   Cheers Ryan  

Workaround not working

  

 Hi there,

I tried the workaround as explained on http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

but when testing I still get the normal: 

Server Error in '/' Application.
The resource cannot be found.Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
Requested URL: /dummy.aspx

 my app is asp.net 3.5 and I put the following under <system.web>

<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/error.aspx" />


Setting customErrors mode="remoteOnly" didn't make a difference eith

Compliance Details missing from Ribbon?

  

Hello,

In a Document Library that allows manual declaration of records, it is possible to manually declare an item as a record by selecting the item and then choosing Declare Record from the Manage group in the ribbon, or from the list item’s ETB menu under Compliance Details. However, to undeclare the record, you can only do this from the Compliance Details in the item’s menu. There does not appear to be the ability to undeclare a record from the ribbon?

 

Has anyone located how a record item can be undeclared from the ribbon? The reason I require this is because I have a list where I have disabled the Edit Item menu, and now as a result items that are declared as records via the ribbon menu cannot be undeclared?

 

Web Services Workaround

  

Does the recommended error page workaround also work for an asp.net web service? 


Need help implementing the workaround for the oracle padding exploit

  

Moved from the MVC forum to the dedicated one about the vulnerability one by moderator XIII to keep people and the ASP.NET team at Microsoft focussed on one reporting area:

I'm trying to implement the workaround for the oracle padding exploit described on ScottGu's blog.  Here's the workaround:

<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/Home/ErrorPage" />

When I add that to my web.config, I'm not redirected to the error page when I try a bogus URL.  I get the regular 404 error page.  That's not what I expected.  When I visit http://www.example.com/Home/ErrorPage, I can see it just fine.

I can't use the script on Scott's page to test my server since I deploy to Az

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend