I'm quite new to the securit system of ASP .Net and I have a question
regarding the requriements on the password a user supplies.
On the web site I'm currently working on there ara two groups of users I
need to authenticate. One is the registered users and the other is the

While I'm fairly familiar with C# and .NET Windows Forms, I'm being
asked to retrofit/enlarge an existing intranet app with
ActiveDirectory-based user security - where I'm an admitted newbie.
In a nutshell, we want to:

Can anyone please comment on this ASP.NET 2.0 Membership error & how to get
the following code to run?
ERROR:

I have an ASP.NET2 web app, and I've created a small box where I show all
logged-in users; I use a simple iteration trough all registered users and I
check whether each user is online or not. The problems is: when a user logs
out, it still appears on the list! Is it possible to ...

we are unable to solve the following problem: Will the Membership Model
allow to restrict access on a control level. For example i have a form with
multiple buttons and i want only users in specific roles to access some of
them. How would this be accomplished using integrated ASP ...

I am building a site in which I would like to keep validateRequest turned on,
but I would like to either override it or scrub my inputstream. If the input
has potential for XSS, I don't want to throw an error, I want to clean the
data.

If we use forms authentication in our web application we need an initial
administrator account from which the first user can log on to create new
users and assign roles. How do others do this, use the member ship API to
create the first user as part of the installation process or ...

In ASP.NET 2.0 Membership (aspnet_Membership table) can anyone tell me
whether the web.config machineKey tag (with validationKey & decryptionKey)
actually controls how the  aspnet_Membership.passwordAnswer  column is
encrypted?

We have an asp.net 2 application that prints a file (integrated security and
impersonation is configured
for the application). The application is a non-windows version of:
http://msdn2.microsoft.com/en-us/library/system.drawing.printing.printdocument.aspx

My users often forget their passwords. Because of this, I have to go into the
Administration website delete and recreate them because I don't see a way to
change their password w/o knowing the existing password.
I realize that the stored procedure aspnet_Membership_ResetPassword ...

I'm using Forms Authentication to secure an admin area of a website.  In the
admin area, I have an .aspx file that updates an unsecured XML file which is
not inside the admin area.  This file should be have anonymous read but not
anonymous write access.

Guys,
Does anyone know the best way to implement both windows and forms based
authentication in the same web site?
I'd like intranet based windows user to be able to use single sign on and

I'm trying to better understand the role of the NT AUTHORITY\NETWORK SERVICE
and how it works with respect to SQL Server connections.
First some background and then the question.
I have a very simple test web page that does the following: