How is Azure ACS authentication secured?
Thanks to Gaurav Mantri for answering my earlier question Azure ACS Set Up in C#.
security
How can I temporarily impersonate a user to open a file?
I would like to temporarily impersonate a domain user account to read in a file on a network drive from an ASP.NET site.
Can one cause Page.IsPostBack to be true independently of ASP.net?
If one is checking a user’s roles to determine whether they may access a page, is it safe to put this check only inside an if (!Page.IsPostBack) { ... }? Could it be possible for the client to cause Page.IsPostBack == true independently of ASP.net; that is, the client POST’s to the page and sets the right form fields? If that were possible, then I suppose best practice would be to check security on every page load, not just when Page.IsPostBack == false.
Encrypting web.config using Protected Configuration pointless?
I must be missing something…
How do you manage asp.net SQL membership roles/users in production?
How do you setup an asp.net sql membership role/membership provider on a production machine? I’m trying to setup BlogEngine.NET and all the documentation says to use the ASP.NET Website Administration tool from Visual Studio but that isn’t available on a production machine. Am I the first BlogEngine user to use it on a non-development box?
How to check if the user is already logged in or not using Cookie?
I want to know how can I detect if the user is already logged in or not? using a cookie. I am not using any log-in control. I have a db which checks the ID and PWD.
Also pls let me know if it can be done without using cookies.
Any code or links will help.
web.config:
Can someone explain ASP.NET trust levels to me?
I’ve heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.
Preventing Cookie replay attacks in ASP.Net MVC
I have been tasked with implementing point 4 in this article: http://support.microsoft.com/kb/900111
AspxErrorPath in Custom Error Page
We currently has a page that is used to display a generic error message when errors occur on our website. It has no functionality at all other than displaying a label that mentions there was an error.
Does sensitive ASP.NET Session data need to be encrypted?
Do ASP.NET Session[string key] data need to be encrypted to be secure?