I am facing a problem of failure to assert unrestricted permissions for a
resource from asp.net.
The scenario is like this:
I have a custom assembly which connects to windows active dicrectory using

Guys,
I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to those users and map them to roles.

When accessing our web sites, users must enter their smart card, type in a
PIN, and then a third party site authenticates and sets a server variable if
they are valid. My apps take this value
(request.ServerVariables("HTTP_OURUSERS")) and then compares it to values in

I used the WindowsTokenRoleProvider and i was able to input my username and
i retrieved all the GROUPS i belong to on my PC.
I'm thinking  of doing the same but against Active Directory.
How can i do the same against AD?

I have a web app running on a local PC that can start and stop windows service on a remote machine, but only when I browse to it locally. If I browse to it from my other PC and try to start/stop the service, it gives me "Cannot open Service Control Manager on computer 'xxx.xxx ...

Here's my configuration:
- ASP.NET application
- Windows XP Pro running IIS
-Vdir is configured to allow anonymous access

I was asked today if setting textmode="password" of a textbox control
was secure over http.  I assumed that the browser does encryption before
sending it over the wire.  Why aren't most login screen forms sent over https?
Is my assumption about the browser providing encryption on ...

Hello. I use forms authentication and it's work except one thing.
I want push users make relogin (insert login and pass) when they
close browser.
I have those settings in Web.config :

I'm a little unclear on when exactly I would need to use
FormsAuthentication.Encrypt. If I have the cookie protection in the
web.config set to All (i.e. <forms loginUrl="login.aspx" protection="All">),
shouldn't my cookie already be encrypted and tamper-proof even if I don't

Hi;
In one portal we have people can request a free demo of our portal product.
To give them a login I need to create a user for them in the membership
database for our portal product.

I've been researching using Domain Groups within our application. I found a
code sample that I've been experimenting with, but need confirmation on one
behavioral thing that I've noticed.
My web.config contains the following:

I 'm quite new to asp.net and trying to accomplish a web that gives 'admins'
some extra options in an aspx page.
I have a local group called admins at the dotnet server. In this group I
have domain users/groups.

Ok, when I first started to play with the Provider model for all things
membership in ASP.NET 2.0, I have to say I was pleased... but I must
have missed something here...
I've got two questions...

Hello, friends,
We developed a web site using asp.net 1.1 and Form Authentication. It works
ok.
However, when our users use our website through internet to login, it

I have a Windows Application that I am successfully using
Membership.ValidateUser to validate a user against the same database I use
for the Web App part of the system.  My question is, how do I use the role
based security similiar to IsInRole function that is available in a Web ...