Hi;
This appears to be working but I want to make sure I am doing it right.
I want to be able to run where it passes my Windows Identity to my ASP.NET
app. But I want the ASP.NET app running as whatever user is the default for

Hi;
My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
the correct user for strictest security? I thought best was "NETWORK SERVICE"
or something like that.

If I call
IntPtr tokenHandle = new IntPtr(0);
bool returnValue = LogonUser("dave", "windward", "bogus",
LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref tokenHandle);

Hi;
Ok, I've almost got my system to handle opening files using any uname/pw
setup. One item remains.
If a share and file is set to allow "Everyone" then I want to allow any user

I have a test http url that allows a connection from any domain user.
I am using the following code to test access to it:
XmlReaderSettings readerSettings = new XmlReaderSettings();
readerSettings.ProhibitDtd = false;

I am doing Forms Based Authentication using the built in tools of .NET.
Authenticating off a database with some code a wrote and using login.aspx,
web.config, etc etc... the usual deal..
I have it all working fine and pages I want to protect show a login page

 I was wondering if there are any samples that uses the new ASP2.0
Login Controls which authenticates NetworkUserName / DomainName /
NetworkPassword ?
 Both on workstation and actual network domain environment.

I have implemented a .NET 2.0 app which uses Forms Authentication, sets
a cookie upon succesful validation from DB etc. Everything works as
expected and all pages go to the login page before being sent to the
requested page etc.

I have been reading some example on how to protect a folder via
web.config file. The question is that I wish to protect an audio
directory which contains various audio files (mp3, wav, mov, etc.) and
the web.config folder protection does not protect these file format.

This problem has become a "show-stopper" for us.
I have defined a custom section for my web application that contains
sensitive data. Because of that, I want to have it encrypted in the same way
I encrypt the "connectionStrings" section using the ASPNET_REGIIS tool.

I've tried to run a VBscript with elevated privileges, but with no success.
My code works fine, except if I try to run it using impersonation.
Have anyone made it work ? Will you try it on your installation to see if it
works? Shouldn't take more than a few minutes.

Hi;
I had assumed that what I am asking here was a common request - but I am not
finding anything on this.
In my ASP.NET app a user can enter an xml file that we then pull in as data.

I am looking for some feedback on an approach and if anybody has some
documentation to point me to that would be great....So here is the
scenario:
I have 2 .net apps on running on the same web server. Both apps have

I am new to web admin and security.
Made a certificate server out of the development Win2k server and created a
root certificate.
The same machine is also the web server for now.

I'd like to access the information in a membership provider from
another application. Currently I have an ASP.NET 2.0 application in
which I use SQLMemnershipProvider. Everything works fine within the
ASP.NET and I may use constructs like Membership.GetUser("name") when I