security
when there is an error on the site i am notifyed via email and the user see an custom error message .... in the last few days i have received over 3000 enmail with same error message.as follow Invalid...
View ArticleSecuring Cookies
Hello,I am really new to ASP and i have a problem1. how can i setup a secure session without SSL ( I have taken a look at the microsoft site but didnt get much information)2. how to create a secure...
View ArticleDecrypt Membership Hashed password saved in Database
HiI have a database of old developer, who left the team, he was using the Asp.net Membership for User Registration and for userLogin.all password are saved in aspnet_Membership table in Hashed...
View ArticleExplanation Of Certificates
Hi Guys,I'm studying for my WCF exam and I'm at the point of certificates. I understand the general concept of certificates, in terms of it proves who you are (or your service) and can be used to...
View ArticleWhy is my complete menu disappearing when Security Trimming is set to "True"
When I have security trimming set to "False" ~ my menu works fine, but whenever I set it to "True", the complete menu dissappears.My Web config file is as follows ...<siteMap...
View ArticleUnable to fetch js and css file from resource folder in asp.net mvc 4.0...
I'm using form authentication in my project, I've placed all my css and js files in resource folder, but when I try to fetch these files, or any image files from resource folder, It is notable to fetch...
View Article401 Status Code in AJAX called .asmx Web Service on Load Testing in VS
Hello,My application is using forms as authentication method and some .asmx web services to retrieve some data from the DB. One of the parameters passed to the DB is the name of the current user...
View ArticleXSS attack on XML input
Hi,In my application we have an input box, which accepts XML. Means User can copy and paste XML in that box.few days back our QA team riase a bug that this Input box is not Cross Site Scripting safe....
View ArticleNot keeping me logged in
I found this code online and it claims it sets a persistent cookie that will keep you logged in for an extended period of time (which is set in the forms timeout area of the web.config file), but it's...
View ArticleAccessing 'HttpContext.Current.User.Identity.IsAuthenticated' with PHP
I am using a php page in my .Net 3.5 app. Is there anyway to access 'HttpContext.Current.User.Identity.IsAuthenticated' in my PHP code so that I can protect my PHP page??
View ArticleIIS (7.5) setting for mixed mode authentication
Hi, Can anyone please confirm the IIS settings for mixed mode authentication of an ASP.net (version 4) site?I have been following this example on stackoverflow and all worked fine on my local...
View ArticleASP.NET APP Security
Hello Community, What are best practices which can help to build and enable robust web applications with respect to various aspects of securities that need to be taken care while designing a system...
View ArticleWCF using Transport, Username & Custom Authentication
I have a requirement to use http Transport security with a username & password. I cannot use soap/message security. I found this article:...
View ArticleResult of not executing Marshal.ZeroFreeBSTR after Marshal.SecureStringToBSTR
I have a code in my program that appends characters to a SecureString (secureConnStr) variable in a foreach loop of connectionString.ToCharArray(). For simplicity sake:private static SecureString...
View ArticleIs Application Table still used in aspnetdb
Hi Is the Application table used at all in Microsoft.AspNet.Identity?In the AspNetUsers table that Microsoft.AspNet.Identity uses (as opposed to System.Web.Security) there is no Application field and...
View ArticleWindows Authentication
How to use Windows Authentication in existing SQL Server Authenticated ASP.NETWeb Application.Please resolve my problem.Thank you.
View ArticleHandle invalid postback or callback argument - Removal of form post parameter.
I wanted to address one of the vulnerability in the application – if a user use a proxy tool like fiddler and modify the form post parameter name or remove it on reissue of request it gives following...
View ArticleNo Authorization fields passed in Http Request Header
I have an ASP.net forms website hosted on IIS 7.5I have two ad accounts from the same domain, rob.bowman and sys.rob.bowman.I logon to the host webserver via rdp using my sys.rob.bowman account.When I...
View ArticleForce Provider Username and Password in External Login Provider page
I am using Google and Facebook authentication providers from the sample project from VS 2013 and from Katana also and have found a problem when I have successfully logged-in with Google or Facebook...
View Articleprevent accessing unauthorized users to hyperlinks
In my website I wanna show download links but when users click's on it redirect him to Login page. what should I do?
View Article