I'm writing an application using forms authentication, and have
implemented roles-based authorization using custom Principal and
Identity classes. This is all working fine, but now the client wants to
bypass the forms authetication when an intranet user is accessing the

Is there a way in .Net to specify that an embedded resource can only be
accessed from within the assembly?  
Or, in general, what is the best/most secure way of storing a client-side
cert without having to have a user profile?

I have a problem using the Authorization and Profile Application Block in
conjunction with the AzMan provider and an xml based store. While everything
works fine when the application is running as ASPNET, I need to run the
application under a fixed identity using

i use compact frameword and c# to program on pocket pc
is there a way to prevent user to examine constant in a .exe using ildasm ?
thanks in advance

I'm trying to use TripleDESCryptoServiceProvider to encrypt some data to
authenticate with a DESFire card, however, the default key is 16 zeros which
causes a CryptographicExecption to be thrown; it complains about weak keys.
The card also supports Key1 = Key2, which gives DES ...

I have been using AzMan for a security proof of concept and really like what
it has to offer.  Our company has over 3500 XP user workstations.  The new
version of software that we are building and preparing to roll out needs
some interesting security in regards to the user ...

What is the difference between Full Trust and Everything in .NET security
configuration?
I know there is a difference, because if I take the following steps, I can't
even get a simple winform app to run:

You mean the name of the caller??
That's in  SecurityCallContext.CurrentCall.DirectCaller.AccountName
---
Dominick Baier - DevelopMentor

I just applied 1.1 SP1 and I am seeing some changes in behavior wrt. security
If I set my security level to no trust, my .NET application will now actualy
execute until Application.Run (previously, it wouldn't even start up without
execute permission)

I have developed an application which all works fine, and runs under a normal
non secure connection, e.g. http://shop.domainname.co.uk .
I now want to run just a single page, that already exists in the
application, that asks user to enter credit card information, in a secure

I've written a license file generator in C# that generates a signed XML
file for use in another program. I need to give this generator to a
third party (ShareIt.com) so they can generate license files when a
purchase is made. I can to do this with a keys stored in a container,

I installed this update today on my Windows XP SP2, and mmediately
could not fire up and debug any web apps in VS.NET 2003.  As soon as I
hit debug, it immediately pops up a message box that says something to
the effect of Cannot debug this application.  Then when I compiled and

March 18, 2005
    I am trying to encrypt messages typed in a textbox by encrypting them
using RSACryptoServiceProvider. If the text is shorter than about 1/2 a
sentence, then it works fine. If it is longer, say: "This is my message. It

I noticed these intriguing classes have been introduced recently into
the .NET Framework 2.0. However, documentation for them seems to be
lacking, and google search turns up nothing.
I was wondering if someone could be generous and comment on the usage

I am creating a web page (asp.net) with AD authentication (LDAP), I
have few set of roles created for this project.
I have roles1, roles2, roles3, roles4
Based on the above roles, i have to pull the data from a database for