Set relaxedUrlToFileSystemMapping true Does it pose a security risk?
Hi, we are having a problem with a url parameter that contains the string "AUX", looking for possible solutions indicate that you should set relaxedUrlToFileSystemMapping to true, but I am in doubt if...
View ArticleHTTP Strict Transport Security (HSTS) and 301 Redirect in Global.asax
Hi,I have recently moved my entire site over to HTTPS. I use rewriting in the Global.asax file to do this, inside the Application_BeginRequest block. The code basically checks if the request is http...
View ArticleLdapConection using LDAPS port 636 and OU?
Hi all,the code below works but I need to use LDAPS (on port 636) and OUpath="UsersPath".What do I need to change to get LDAPS and OUPath working?try { using (var ldapConnection = new...
View Articleanother weird IIS authentication issue
I have been working on a C# web service that someone else created and I feel like I have an understanding of how the authentication works, however, I always manage to find some weird issue that isn't...
View ArticleIdenty not authentication webforms project.
I am trying to implement asp.net identy in a web forms project but the usermanager is returning null even though there is a active record in the system. protected void SignIn(object sender, EventArgs...
View ArticleEdge problems with web config authorization rules
Hi. I Have ASP.NET Webforms application. I want, that all users, even unauthorized would access some page "AllowAccess.aspx"In web config I have<location...
View ArticleIE 11 Issue
Hi,We have an asp.net MVC 3 C# web application, application is working fine on chrome and Firefox and some versions of Internet Explorer like IE9,IE10.But on IE11 after successful login when we click...
View ArticleAm I on the right track for LDAP querying?
Hi, Brand new to MVC and LDAP. I'm having problems understanding how to go about a project. Reading past submissions mainly deal with Authentication. Something I don't need to do. What I need to...
View ArticleString in memory
I have this code:Char[] secretKey = "theSecretKey".ToCharArray();My question is, am I exposing the string "theSecretKey" in the memory or it wont and just create a char array in the memory? Thanks!
View ArticleSecurity Implementation For MVC web and web API
I want to develop the security module for authorization and authentication for my MVC web site and web api. Currently we have only one web site, but in future we have more web site and APPs. Both the...
View ArticleRestrict a user to one page or folder only
Hi All, this is my first post for a LONG time!I am having some difficulty understanding Authentication/Authorization and could do with some help... I have tried looking in various forums and found...
View Articlechanging from aspnet identity security model to OpenId
I initially setup my web app to use asp.net identity so my database had the necessary AspnetUsers, AspnetRoles, AspnetUserClaims tables, etc, etc.After changing the model to use single sign on (Azure...
View ArticleFormAuthentication + MVC
Has any one implemented FormAuthentication in mvc.. in my implementation User.Identity.Name becomes blank after redirect. my app is hosted on shared hosting and issue arises on server only. Looking...
View Articleoverride AD login authentication
I am making some changes to a web application (C#, MVC) that currently uses AD authentication to login. The startup.auth.cs determines that an account/login page loads initially and the controller...
View ArticleClick once application and false positive
I have some click once application published using the publish wizard on a network folder.Those application work fine, no problem. But where I also have TrendMicro Office Scan installed it report the...
View ArticleImplement HPKP in ASP.Net MVC Site
Hello,I have learned about the HPKP recently and I wanted to know how to correctly implement this in a MVC application. Thanks in-advance.
View ArticleDMZ account app pool identity from web server to SQL Server
We have a very strange problem on our production web app. Our web application is external facing and uses impersonation for app pool identity using a DMZ account. However randomly we see our...
View ArticleWays to reduce dependency on Thread.CurrentPrincipal.Identity.Name in service...
Hi all, I have inherited a rather, shall we say, organic project that I have been asked to improve authroization and authentication to the web.api for which I have used Oauth2 and Identity2 which is...
View ArticleAllow access to specific pages based on role.
Hello All,I have a current project that is working as expected. I use ADFS to authenticate the users to a simple asp.net site. This is not a MVC. I used an empty site and then created the pages. After...
View ArticleNeed help with Mixed Authentication
Dears,Greetings,I have issue with my application when i tried to use Mixed authenticationI create page to allow user authenticated via Active directory and got Employee ID (attribute stored on AD) and...
View Article
