We are starting a new ASP .NET development project and I have a question
about the best way to handle security.  I have been reading about ASP .NET
2.0 Membership and Role Management and am a little confused, deciding if this
is how we want to manage security.  Our users will ...

I need to modify the .NET 2.0 CAS (create a code group, etc) in my
installer. I'm using VS.NET 2K5 and I can't seem to find a good example
that does this. I can barely understand the general flow.
This is what I understand:

What is the difference between :
<Assembly: FileIOPermission(SecurityAction.RequestOptional, Read:="C:\")>
and
<Assembly: FileIOPermissionAttribute(SecurityAction.RequestOptional,

I am trying to run a windows application (smart client) from a web
page. The problem is that I get this errormessage:
--
System.Security.SecurityException:

I am bit confused with CAS declaration and Role BAsed Security.
As I understand, CAS is apply as an assembly attribute and apears only in
the module Assembly.vb (for VB class) compare to Role based Security which is
applied for method or code itself.

I'm using an algo to encrypt/decrypt an xml file using Rijndael. However,  
SOMETIMES (yea that's right, it does not happen all the time) the decrypt  
algo fails when I try to read the data in cryptostream:
    'Read the data out of the crypto stream.

Whenever I need a test certificate, I ask my network admin to make them for
me.  He uses the open ssl library that comes with Redhat to create x509 and
SSL certs.  Is there a windows tool that I can use to do this myself?  
Recommendations appreciated

I have a few UNC folders with username & password protection. Now with my
VB.NET program I need to access those. I can access them without
username&pwd but that is not an option. How can I login to those UNC folders
(in VB.NET)?

I am studying .NET security and I am confused on the point, whether to use
the GenericPricipal and GenericIdentity or create custom classes by
impleenting IIDentity and IPrincipal interface.
I get when sample saying that custom users and groups are stored in a

I' ve following problem in a terminal server environment
(w2k sp4, en, .NET ver 1.1) :
An assembly-DLL is hosted  via COM interop. Zone security
ist on "full trust", same same the assembly security settings.

Friends,
How to read the key to digital sign your data and later to validate the
digitally sign data.
for that sake we need to first extract private key and public key from the

Can I use code access security to ensure that only local applications can
access my service?  My understanding is that code access security is
controlled by the administrator.   What attributes do I need to build in to
my service.

Can some one set me straight on how these security issues work?
I've got a UserControl that I run from within a web page hosted in IE. The
UserControl does some stuff that Partially Trusted Callers (like IE) aren't
usually allowed to do (get environment variable values, create log ...

I am somewhat new to .Net and Web Services.  My question lies in how to
properly secure a Web Services application which sends sensitive information
from one site to another across the Internet.  
Can anyone give me some suggestions as to best practices to secure a Web

    I am currently planning to write a distributed application where a Windows
application will be installed on the client and they will talk to the server
via Web services. I am planning to use Microsoft Certificate services to
issue x.509 certificates to my clients as well as the ...