can u plz point me to some good books and/or articles on managing user
authentication and authorization w/ IIS 5,6 and IE 5,6

I have a web application which calls a web service, which calls a method in
an assembly of it's bin directory.
The web application and web service use windows authentication with windows
impersonation set in the web.config files.  In IIS, these virtual

I'm using Forms Authentication.
When the user logins for the first time, i create a persistent cookie,
so the user will login automatically every time he browse the site.
But suppose after I a week, i deleted the user from my DB.

I need to create custom forms authentification using SqlMembershipProvider.
I want to place authentication ticket into query string (or use sessionID in
query string instead ticket).
How can I do this?

Hi, looking for a pointer to how I can programmatically add/delete
users/group and memberships on a win2003 server (I'm NOT running active
directory).
I'm being forced to use windows integrated security as I am also

I have a website (ASP.NET 1.0) that is attaching a Principle to Context.User
(and checking autnetication in the Authenticate_Request event.  
I am planning on deploying another site (ASP.NET 2.0) and want respect the
authentication from the first site.  Is it possible to do this?  ...

Basically put I am trying to get the disk-space used of a directory from a
web application.
The problem arises when the application (more the user that the process runs
as) doesn't have access to one of the subdirectories (in this case the logs

I've got a problem with an LDAP query submitted from my ASP.NET application.
Configuration: Windows 2003 Server Standard Ed., the application uses
Windows Integrated Authentication and is configured with <identity
impersonate=”true” />

I occasionally get a view state error (below).  It appears to be someone
trying to send email using my asp.net pages. Does this pose a security risk
and is there anything I can do to prevent attempts of this nature.
System.Web.HttpUnhandledException: Exception of type

Scenario:
 1.  IIS anonymous authentication turnned on
 2.  Web.config contained:
        <authentication mode="Windows" />

 First off, sorry for the cross-post...
 I am developing a site (ASP.NET) in which the root will be set with
Anonymous AND/OR Basic permissions.  Past that I will have an application
(directory) in which I will be developing applications, which will have IIS

I've integrated my ASP.NET website with a portal on web. My website opens in
a frame provided by the web portal. The portal uses https protocol. Now when
i open my website IE displays a security warning saying "This page contains
both secure and un-secure items. Do you want to ...

I'm a bit confused as to how to have windows authentication / integrated
windows authentication with allowing anonymous access.
for example, i have an app where pages A,B,C i want to allow anonymous
users.... but, pages D,E,F, i want to use Windows Security (user must provide

Hi, hope you can help
I have multiple asp.net sites running on the same physical server,
each with its own sql server database. There is a root folder on the
server called 'websites', and under that one folder for each site, eg