Retrieve a user's password
Hello!I'm pretty new with this asp world. Actually I'm hired to work with a system made in asp and update this. That system was already installed in our lan server and works pretty well but I need to...
View Articlesubdomain application auth
Hi i have the same code base under different subdomains.I have a new requirement that the same user must register under each domain as they should appear as different applications.The question:is is...
View Articleauthenticate or register hashed password in aspnetusers table in...
i have already created database on mvc website which i authenticate user login data (username and password) using asp.net identity owin , you know the password is hashed in the database , now i have...
View ArticleASP.Net Core MVC Content Security Policy
I am developing a MVC core web application and i am in the process of hardning the security of the application. My current question is , is it usefull to implement the CSP ( Content Security Policy )...
View ArticleBest and Hard encryption algorithm with c#
suppose i want to encrypt some data which will be hard to decrypt by hacker. so tell me which encryption algorithm i should chess ?should i go for Triple DES Encryption or SHA256 ?please suggest me few...
View ArticleASP.Net Secure Connection String in Cloud Hosting
BackgroundIn a normal bare metal hosting (IIS) we can use Integrated Security(eg : With AD) and hence, the config entry do not contain the connection string's plain text password. Or we can encrypt the...
View ArticleMIxed authentication and Internet Explorer
Hello, everyone.I am trying to implement both windows and forms authentication in a ASP.NET web application by following the instructions from this article. The idea is to enable Windows auth only on a...
View ArticleUse msxml for the https requests
All kind time of day. I count on Your help in the next question. There is a small website written in VBS using pure ASP on IIS 6.0 Windows server 2003 The script uses msxml6.dll With the usual code...
View ArticleDevelop CORS Policy in the ASP.Net Core Application
What is the most preferred way to implement the CORS( Cross Origin Policy ) in ASP.Net Core MVC Application ? If we alter request/response headers is it enough or do we have any code level...
View ArticlePrevent Clickjacking attacks in ASP.Net Core MVC Application
How we can we prevent a Clickjacking attack conduct using iframes etc.. in .Net MVC core application ? Thanks In Advance !
View ArticleKerberos Double Hop Delegation with ASP.NET Core (4.5.2)
Our dev, test and production environments all have similar setups using windows authentication and separate VMs for IIS 10 server and SQL Server 2016. Both VMs running Windows server 2016. All that...
View ArticleSecurity in ASP.Net machine.config
In ASP.Net, the normal way of encrypting an object ( as an exmaple a user cookie in the server side ) is read the shared key located in the machine.config file. The machine config file contains...
View ArticleIIS Impersonation
My web application hosting:1. Setup as separate web site(Not under default web site)2. Enabled Impersonation & Windows authentication3. DNS is setup 4. Kerberos authentication enabled.If I host it...
View ArticleDPAPI Master Key management
In .Net DPAPI, all child keys are managed by the DPAPI Master key. Hence, we need to make sure about the security of this Master key. Where and how the .Net Core (or Framework) secures this master key ?
View ArticleCore Idenity Framework
We are porting an application to .NET Core. In the process we are moving from our proprietary security framework to Identity. We need to create roles for our application. Can someone point us to some...
View ArticleForms Authentication SQL DB connection
Hi, I am using the ASP.Net forms authentication method for authenticating users and have installed the SQL package on my SQL server database. While developing my application the connection string has...
View ArticleWhat is client side certificate
i have seen people bind certificate when they host their web site or service in IIS but when client call their service then client may not use any certificate but some time client also use certificate....
View ArticleIs it right to use your "old school username" instead of...
We use old shool way to logging in users to our system, we do not set or use Context.User.Identity.Name, can I change my code set the username I have after authentication to achieve the same result or...
View ArticleAuthorize attribute not working
I have an ASP.NET MVC (version 5.2.3) web application using Individual User Accounts and .NET Framework 4.5.1. For some reason the Authorize attribute on my controller classes no longer works. I can...
View ArticleImplement User Lock manually
Hi,I am using Asp.Net identity with WebAPI and n-tier Architecture, where the WebAPI has no access to Asp.Net Identity features directly but through a service layer.In my business logic, i have to send...
View Article