By default .cs files are protected from downloading by adding ".cs" to
the HttpForbiddenHandler in machine.config.
How to ALLOW (exclude from HttpForbiddenHandler) a specifig file
(myfile.cs) to download ???

I am implementing an ASP.NET Web application that requires client certificates.  I have a standalone certificate server (Windows 2000, SP4).  I used it to generate a server certificate and a client certificate.  The client certificate is installed in the Trusted ...

Currently I have succesfully implemented role-based folder security using
roles and web.config in each folder. This works great - if a user is not
authenticated or a member of an allowed role, that user cannot access the
resource (woohoo!). When the disallowed user tries to access ...

Hi People,
I know in IIS Admin you can tick the box to request a client certificate
(over an SSL connection), but does anyone know of a way, programmatically,
to force this to happen for a particular page for a particular user?

I am working on an intranet application. I am using windows integrated authentication. Now since the authentication is done by active directory can I use a specified user name and password in my connection string and not SSPI? You see I created a user/login in sql server with ...

We recently installed our web application on Windows 2003 and found that our ASPX pages are not coming up correctly.
We are using sessionstate=StateServer  and cookieless=true for Web.config. Applications run perfectly in Windows2000 or XP but in Windows2003 under IIS6 we do not ...

hi,
i am using 3des encryption with a secret key to send information between 2 aspnet applications. they both know the key, which is a hard-coded string.  i have read about using aspnet-setreg to securely store such a value in the registry, but i have a different query.
if i open ...

Configuring Windows Auth & Forms Auth in Asp.Ne
Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that demonstrates both in the same web.config ...

I wonder if the great and the good of this esteemed forum might shed
some light on a problem of mine...
Three servers in a domain: one Active Directory server, one SQL Server
and one IIS. IIS hosts an ASP.NET Web Application which requires that

i created a user in sql server under login then i went to the database and under users i added the user and them gave the user permissions to select from the tables and execute the stored procedures but when i try to pass the user in my connection string i ge
Access to the remote ...

I have aproblem.
I develop my asp.net site at my pc (named PCMANOS)(running IIS) and I have the SQL Server at another pc (named ATHDC).
I've already created an IUSR_PCMANOS user account at ATHDC and I've given the appropriate priviledges to read and write from the database.
When I ...

Hello; having similar ASP.NET security issues.
Upgrading a number of ASP classic apps to .NET and have everything done but cant figure out how to get the security to work correctly.
Under the ASP Classic implementations security was NT Groups based. Various Groups were created for ...

I hope to get some of your advice on an authentication question that
came up during the planning of web app.  I'm a bit new to asp.net, so if
you can offer some experience, I'd greatly appreciate it!
I like form-based authentication because the usernames and passwords can

I posted this message in dotnet.framework.security, and was told to repost it her
Alright, I've been trying to figure out the solution to this problem for a few days and I'm officially stumped.
My web app server, Machine A, needs the ability to create a file(xml) on my db server, ...

I am looking for a way to ensure that an asp.net site (using forms authentication) performs a sign out automaticall after a period of time where there has been no activity by the user
Any ideas would be appreciated
Jonathan.