Welcome to AspAdvice Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

Remote Web Administration Tool

Posted Thursday, July 06, 2006 1:34 PM by rjdudley
Recently, a question came up in the ASP.NET security forums about the lack of a remote membership/role configuration tool in ASP.NET 2.0. Being able to remotely manage users is important in pretty much any site where you have users. Fortunately, QualityData Read More...
2 Comments

Protecting Files in Shared Hosting Environment

Posted Monday, October 03, 2005 11:01 AM by rjdudley
In a previous post ( http://aspadvice.com/blogs/rjdudley/archive/2005/05/21/2595.aspx ), I showed one way to protect files from direct download by configuring IIS. In a shared hosting environment, this usually isn't possible, so I'll show another way Read More...
13 Comments
Filed under:

Know When To Quit

Posted Monday, August 15, 2005 8:31 PM by rjdudley
Today's NewsFactor Network showed up in my inbox, and the lead story was: ------------------------------------------------------------ 1. E-Mail Authentication: Holy Grail or Lost Cause? ------------------------------------------------------------ Originally, Read More...
0 Comments
Filed under:

A Simple Passphrase Generator - Latest ASP Alliance Article Published

Posted Wednesday, August 10, 2005 1:35 PM by rjdudley
My latest ASP Alliance article has been published: A Simple Passphrase Generator Passphrases have been receiving more and more attention as part of a strong security policy. When building secure web-based applications, assigning random passphrases to Read More...
0 Comments
Filed under:

Preventing Page Review after Logout with Forms Authentication

Posted Monday, July 11, 2005 1:01 PM by rjdudley
My latest ASP Alliance article has been published today: Preventing Page Review after Logout with Forms Authentication The inclusion of Forms Authentication in the .NET Framework has been a significant benefit to developers securing web-based applications. Read More...
0 Comments
Filed under:

Is Dynamic SQL in Your Stored Procedures Vulnerable to SQL Injection?

Posted Thursday, June 30, 2005 11:30 PM by rjdudley
We all should be familiar with the fact that concatenating user input directly into SQL statements is an open invitation to an SQL Injection attack. Code such as MySql = "Select * from Orders where Customer ID='" & txtCustomerId & "'" should be avoided. Read More...
1 Comments
Filed under: ,

Free Certificates for Encrypting E-mail

Posted Wednesday, June 22, 2005 2:32 PM by rjdudley
Microsoft MVP Susan "The SBS Diva" Bradley gives a short overview about sending encrypted e-mails . In her post, she says you have to purchase a digital certificate. From some certificate authorities, you may have to do so, but Thawte offers free certificates Read More...
0 Comments
Filed under:

My DPAPI Example

Posted Wednesday, June 15, 2005 6:26 PM by rjdudley
In a recent posting to the aspnet-security group at ASP Advice , Julie Lerman asked: Since the site is hosted on someone else's server, I don't believe that I can use DPAPI to encrypt the connection strings Actually, you can, and I use DPAPI on a number Read More...
2 Comments
Filed under:

Cool Idea To Thwart Phishing Attacks

Posted Wednesday, June 01, 2005 6:05 PM by rjdudley
The Wall St. Journal has an article today about one step Bank of America is taking to thwart phishing attacks: First, the bank allows customers to "register" frequently-used machines, such as a home or office PC, with its online system. When customers Read More...
0 Comments
Filed under:

How to programatically check if SSL is enabled

Posted Saturday, May 21, 2005 10:37 PM by rjdudley
I've seen this question a couple times in various forums, so here's what I know. There are a few ways to tell if SSL is enabled. This isn't a comprehensive list, I'm sure--just the ways I know of. If you have another method, please add a comment. Thanks! Read More...
5 Comments
Filed under:

Protect PDF, DOC and other file types with Forms Authentication

Posted Saturday, May 21, 2005 10:27 PM by rjdudley
Forms Authentication is a great methodology to use, but it is limited in what files it secures. The only files that are protected by Forms Authentication are those that are processed by aspnet_isapi.dll. This is limited to file types like ASPX, ASCX, Read More...
13 Comments
Filed under:

Forms Authentication - Redirect User to Another Page

Posted Thursday, March 17, 2005 8:44 AM by rjdudley
<note 2006-10-13> This post was written for ASP.NET 1.*. There were some changes in ASP.NET 2.0 which make this information unnecessary. If you're using ASP.NET 2.0, skip this post. </note> This question comes up several times a week on Read More...
4 Comments
Filed under:

Authentication and Authorization in ASP.NET - References

Posted Wednesday, March 16, 2005 3:36 PM by rjdudley
I see these questions come up time and again in the various ASP.NET forums, and I feel like I keep posting these same references as starters. Forms Authentication Using SQL - Part 1 (ASPAlliance.com) Have you ever wondered how sites authenticate users Read More...
1 Comments
Filed under:

How I Made Windows Authentication and Forms Authentication Work Together

Posted Thursday, March 10, 2005 9:33 AM by rjdudley
In response to my blog post Using Forms Authentication with Windows Authentication ("Mixed Mode") , I'm often asked how I made this work. I used two time-honored development methods to do so: Copied someone else's idea (thanks, Paul!) Cheat For the most Read More...
34 Comments
Filed under:

Using Forms Authentication with Windows Authentication ("Mixed Mode")

Posted Thursday, March 10, 2005 9:04 AM by rjdudley
[note: this entry was originally posted on DotNetJunkies.com. Since it invites a lot of comments, I had to repost it here, where it can receive comments and I don't get buried in blog spam.] Here are a couple of references for mixing Forms Authentication Read More...
2 Comments
Filed under:
More Posts Next page »