|
|
|
|
|
Total Hits: 275 | Today: 0
|
Author: Jason Clark
|
Rating:
|
|
In this article, Jason Clark enumerates the pertinent features of .NET that will allow you to build safe, easily deployable controls. The features discussed include managed code, code access security, versioning control, Windows Forms classes, and isolation.....
|
|
|
|
Total Hits: 162 | Today: 0
|
|
Rating:
|
|
When you install Microsoft .NET Framework Service Pack 1 (SP1), this automatically sets a new default security policy, replacing the previous security policy that was in effect. The change in default security policy disallows managed code downloaded from the Internet zone from running (as configured on the Security tab under Internet Options in Microsoft Internet Explorer). Previously, this code was allowed to run with a limited set of permissions roughly analogous to the permissions that script...
|
|
|
|
Total Hits: 186 | Today: 0
|
|
Rating:
|
|
How to configure your machines to work with Microsoft .NET Passport in a development environment; includes using Microsoft .NET Framework classes to perform .NET Passport single sign-in....
|
|
|
|
Total Hits: 22 | Today: 0
|
Author: Mike Downen,Shawn Farkas
|
Rating:
|
|
The XML Signature and XML Encryption standards are being used extensively as building-block technologies. Microsoft® Office InfoPath™ uses XML signatures to sign partial or whole forms. Web services use XML signatures to sign SOAP messages and XML encryption to encrypt them. The XML manifests for ClickOnce®-based applications, new in Visual Studio® 2005, also use XML signatures. The .NET Framework 1.x includes an object model for the XML Signature standard, and the .NET Framework 2.0 adds additi...
|
|
|
|
Total Hits: 27 | Today: 0
|
Author: Microsoft Corporation
|
Rating:
|
|
This How To shows you how to create and handle GenericPrincipal and FormsIdentity objects when using Forms authentication.
This How To describes how to create a Forms-based Web application that authenticates users and creates a custom Forms authentication ticket that contains user and role information. It also shows you how to map this information into GenericPrincipal and FormsIdentity objects and associate the new objects with the HTTP Web request context (HttpContext), allowing them to be ...
|
|
|
|
Total Hits: 145 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
Over the years I've had many people ask me to write about GINA, the Graphical Identification and Authentication component that serves as the gateway for interactive logons. This month I'll begin my coverage of this topic to help you get started if you're tasked to build such a beast. I'll build a sample called KIOSKGNA, which is the simplest possible GINA implementation I could think of. Next time I'll introduce a sample called FULLGINA, a more fully featured GINA. The examples and code snippets...
|
|
|
|
Total Hits: 257 | Today: 0
|
Author: Michael Howard, David LeBlanc and John Viega
|
Rating:
|
|
Each chapter in this book tells you one of the most common programming flaws that leads to a security exploit and how to solve it. Chapter 2 focuses on format string problems. This essential book for all software developers—regardless of platform, language, or type of application—outlines the "19 deadly sins" of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, ...
|
|
|
|
Total Hits: 363 | Today: 0
|
Author: Paresh Joshi
|
Rating:
|
|
In a typical high-tech organization, often there is a need for engineers to visit client sites for installation or on-site support for periods of days or months.In such scenarios there are requirements for a means to track job requests, check existing schedules, allocate human resources for sales-service-installation visits, check resource utilization, timely reminders and so on. In this article, Paresh Joshi will develop a system using ASP.NET that addresses these needs with an in-built work fl...
|
|
|
|
Total Hits: 832 | Today: 0
|
|
Rating:
|
|
This tutorial is a step by step examination of what you need to do to secure a directory in your application with Forms Authentication....
|
|
|
|
Total Hits: 48 | Today: 0
|
Author: Mansoor Ahmed Siddiqui
|
Rating:
|
|
Security has always been a top issue for all kinds of applications, especially Web applications. Web apps are accessible to almost the entire universe and are open to attack.
Web Services is a current hot topic because of its interoperability, ease of consumption, use of standard Web protocols, seamless integration with heterogeneous systems, etc. Therefore more platforms are now incorporating Web Services into their architecture. And with that greater amount of use, the need for security...
|
|
|
|
Total Hits: 174 | Today: 0
|
Author: Darryl K. Taft
|
Rating:
|
|
Microsoft chairman and chief software architect Bill Gates and Ray Ozzie, a Microsoft chief technology officer, spoke on a wide range of issues, but they singled out security as among the key focuses of the company. The two spoke in a fireside chat format at the Microsoft Financial Analysts Meeting here Thursday.
"If you look at our whole R&D effort, security would be the biggest thing," Gates said....
|
|
|
|
Total Hits: 1 | Today: 0
|
Author: Mike Downen and Shawn Farkas
|
Rating:
|
|
The XML Signature and XML Encryption standards are being used extensively as building-block technologies. Microsoft® Office InfoPath™ uses XML signatures to sign partial or whole forms. Web services use XML signatures to sign SOAP messages and XML encryption to encrypt them. The XML manifests for ClickOnce®-based applications, new in Visual Studio® 2005, also use XML signatures. The .NET Framework 1.x includes an object model for the XML Signature standard, and the .NET Framework 2.0 adds additi...
|
|
|
|
Total Hits: 3 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
This is a follow-up to an earlier column on the Security Support Provider Interface (SSPI), the Windows® equivalent of the GSSAPI interface. It's extremely unfortunate for developers trying to write platform-neutral code that they are not equivalent, but back when SSPI was developed, platform neutrality was not a priority. Way back in August 2000, I explained the need for the SSPI interface; namely, it abstracts the differences between various authentication protocols. I also showed how you can...
|
|
|
|
Total Hits: 6 | Today: 0
|
Author: Mark Novak
|
Rating:
|
|
Like many developers of managed code, I frequently interact with system internals. One day, while working on the managed access control list (ACL) class library for the Microsoft® .NET Framework 2.0 (see my article in the November 2004 issue of MSDN®Magazine), I had to implement support for changing a security descriptor on an object. In some situations, this operation requires enabling Take Ownership and Security privileges. I poked around and discovered that there was no existing support in th...
|
|
|
|
Total Hits: 6 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
A while ago I did some research trying to figure out how security works with handles in the face of interprocess communication, impersonation, handle inheritance, and the powerful DuplicateHandle API. This month I'll present my findings along with a program that you can use to explore the issues further. I used to speculate about how security works with built-in operating system objects (processes, semaphores, registry keys, files, window stations, and so on). But only after I wrote a program to...
|
|
|
|
Total Hits: 9 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
The three traditional pillars of computing security are confidentiality, integrity, and availability. Often when I speak of availability, I talk about obvious threats such as denial of service attacks, but there's more to it than that. An application that requires high availability must be resilient to abnormal situations. If something goes wrong, an administrator must be able to sort out a solution quickly. Applications designed with management in mind tend to be more highly available, partly b...
|
|
|
|
Total Hits: 10 | Today: 1
|
Author: Eric Brown
|
Rating:
|
|
One of my favorite new features in Windows Vista™ is Windows® Speech Recognition, which allows you to operate your computer using only your voice, including dictating text into e-mail messages or other documents. Windows Speech Recognition uses the Text Services Framework (TSF) to insert, select, and correct dictated text. TSF is a scalable framework for the delivery of advanced text input technologies. It provides a standardized method for text services—such as voice recognition, handwriting re...
|
|
|
|
Total Hits: 4 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
Over the years I've had many people ask me to write about GINA, the Graphical Identification and Authentication component that serves as the gateway for interactive logons. This month I'll begin my coverage of this topic to help you get started if you're tasked to build such a beast. I'll build a sample called KIOSKGNA, which is the simplest possible GINA implementation I could think of. Next time I'll introduce a sample called FULLGINA, a more fully featured GINA. The examples and code snippets...
|
|
|
|
Total Hits: 3 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
The vast majority of managed applications run with full trust, but based on my experience teaching .NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code. So I've pulled together a number of examples where fully trusted code can skirt around common language runtime (CLR) security features, starting each with a question that seems to have an obvious answer....
|
|
|
|
Total Hits: 3 | Today: 0
|
Author: Don Box
|
Rating:
|
|
The common language runtime of the .NET Framework has its own secure execution model that isn't bound by the limitations of the operating system it's running on. In addition, unlike the old principal-based security, the CLR enforces security policy based on where code is coming from rather than who the user is. This model, called code access security, makes sense in today's environment because so much code is installed over the Internet and even a trusted user doesn't know when that code is safe...
|
|
|
|
|
|
