I want to create a "member zone" with restricted access to registered
members only.
I already succeeded to restrict access to ASPX files in a particular
directory using ASP.NET security.

   [ Background ]
I've been asked to look into network security where an IIS virtual directory
is configure to not have anonymous access, but rather to go with the windows
authentication (what the user signs in as at client). This is in the context

I'm having a problem with the forms-based authentication. The user is
getting timed out before long before the timeout period has passed.
The forms-based authentication timeout is set to 10 hours and session
timeout to 2 hours.

I use windows based authentication for my ASP.NET web app. I have
disabled anonymous access of my web application too from the IIS console.
From my own machine, the webapp works perfectly.
But when someone else tries to access it, they get error message

By default VS.NET generates just one DLL contains all code behinds and
userconrols.
Is it possible to have VS.NET partitione them in their own assemblies for
granular security?

I have found a problem with form authentication method that I can't
solve. The problem is:
I want to use a form authentication in my application, so i set :
<authentication mode="Forms">

My web application has the following structure
RootFolder
 - file1.aspx
 - file2.aspx

In Architecture and Design Review Security Checklist at following link:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/CL_ArchDes.asp?frame=true&_r=1
I don't underestand following two items:
1) Session state is protected from unauthorized access.

When I run my ASP.NET on my computer it works fine, even in medium trust which is what mt webhost uses. However on the webhost it generates this exceptio
SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0 ...

My application uses forms authentication. On the sign-in page is a form (with takes a username, a password, and has a button [SignUp]) that allows for the creation of new user accounts
I'm trying to get it so that when the SignUp (not SignIn) button is clicked, a user account is ...

Hey group,
I would like to be able to write a ASP page and on it have a link to another
ASP page. I would like to be able to have a Access Database or similar with
Username and Password and be able to allow users to enter there detail it to

I have web site setup with client certificate for user authentication
mapping the client certificate to an existing NT user account.
I would like to use the web user client certificate private key from the
request object to decrypt information that has been encrypted using that

I have a code PASTED below.Its validate(login) against a database SQL
SERVER.
But i have a problem with the LINE:-  "cmdQuestion.ExecuteReader(out dr);"
below

I'm after some general pointers about best practice.
I've used TripleDES to encrypt the connection string of a web app. How do I
go about securing the keys in the app?
Many thanks for any advice.

All,
I have a WEBPAGE that needs to pass the current credentials to a .NET
remoted object so this can pass the credentials to a SOAP WEBSERVICE (All
written in C#)