We have a Winform application which uses x509 user certificates to
connect to .net 1.1 web services.
We are actually writting a new GUI in aspx.net 2.0 to host it on
different server of the Webservices.

I am trying to Impersonate a user in a .NET Windows Application running in
Windows 2000 SP4.  Whenever I try to do the impersonation, I get an
exception which states "A required privilege is not held by the client."
The user that the application is running under has the following ...

When in a method of an assembly i need to ensure it is being called via
a specific method of another specific assembly.
Any idea how to do this ?
Regards

I've posted this problem in a number of places, but haven't been able
to get to the bottom of it, so I'll try again here.
I have been trying to work out ways to allow a partial trust web
application limited access to perform sensitive operations (like

I'm working on a ASP.NET app and as part of the app I'm uploading some
pictures to the web server and these pictures can then be accessed by
authorized users by clicking on a link.
All the aspx files a protected by a custom security solution that checks if

I'm reading O'Reilly's .NET Security right now and it is very informative.  
The book is filling me in on the various classes in the Security namespace
and teaching me the very basics on how to use it.
Once I'm done with that book; however, I'd like to read something a bit more

Hey NG,
We have a LabVIEW application that uses a .NET 1.1 assembly.
It was all working good for a long time until we installed .NET 2.0 together
with .NET 1.1

I am trying to restrict an application I am writing to a single
directory (not known until run-time) to prevent any possible directory
traversal attacks (the application needs to deal with
untrusted-user-supplied paths).

My app runs fine when it's in a folder on any given user's machine on the
network. However, when I move the app to a location on the server, I get
this error: Request for the permission of type
System.Security.Permissions.SecurityPermission, ..., failed. I'm looking

How can i limit the access to file IO?
Im using C#, the code is executing on the local machine
i can enable access to file IO with:
PermissionSet ssc = new PermissionSet(null);

The "secure" cookie option dictates that the value of the cookie should only
be sent over (unspecified) secure means.  In practice this has come to mean
over SSL.  This is critical in keeping session cookies safe from prying eyes.
If the user-agent does not send a sensitive ...

I'm developing a web application (ASP.NET, VB.NET) with client
authentication based on personal certificates. My web server (IIS 5.0) is
configured correctly to perform the authentication but here it is my
problem:

I'm trying to run my app from a server. I've given it a strong name using
sn.exe and have put the AssmeblyKeyFile("mypath") attribute into the
AssemblyInfo.vb module. Now I get the error, "Unable to emit assembly:
Referenced assembly 'Interop.Office' does not have a strong name." ...

Ok,
Anyone got any reference implementations of how one might store cc's
securely?
I was looking at AES encryption of the everything but the last 4 digits,

I can't believe this, now I have to write the whole RSA library by
myself, just because someone at Mircosoft thinks, it is unsecure, to do
my own padding.
Why? Take a look at HBCI, the german standard für banking transactions.