I am trying to create a custom authentication scheme in ASP.NET MVC using form authentication. The idea that I might have different areas on the site that will be managed – approver are and general user area, and these will use different login pages, and so forth. So this is what I want to happen.
I am attempting to do something simple (I thought) – securing my application using roles-based security using Active Directory groups in our Domain.
I am refactoring a working ASP.NET Web Application to expose Web Services interface using ASP.NET Web Service. According to Web Services authentication – best practices, Basic Auth over https is the way to go. Let’s assume it is, as opposed to doing WS-Security, X509, etc..
Is it generally a really bad idea to not use the built-in asp.net membership provider?
I have a scenario inwhich users of a site I am building need the ability to enter some basic information into a webform without having to logon. The site is being developed with ASP.NET/C# and is using MSSQL 2005 for its relational data.
After deployment of new version of our ASP.NET 2.0 application, it started to raise security exception: „System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.“.
I have a question about User-Defined Table Types in SQL Server 2008.
Here’s my scenario. I created an application which uses Integrated Windows Authentication in order to work. In Application_AuthenticateRequest(), I use HttpContext.Current.User.Identity to get the current WindowsPrincipal of the user of my website.
What security protection does HTML.Encode() afford me when I’m dealing with user input, specifically scripting problems?
I’m using A createuserwizard control. On the CreatedUser Event I placed this code to add the user to a role.