Monthly Archives: September 2005

Common Log File System

One upside of being ill (I brought a flu virus from the last conference with me) is, that at some point you are so fed up with “recovering”, that you start looking around for new technologies (don’t do something work … Continue reading

Posted in Uncategorized | Leave a comment

BASTA 2005

Leider hat mich ein Grippe nach der BASTA dahingerafft…deswegen die versprochenen Slides und Demos etwas später…danke an alle Teilnehmer. Viel Spass! Neue .NET 2.0 Security Features:BASTA_20Security.zip (641.44 KB) ASP.NET Provider Modell:BASTA_Provider.zip (270.63 KB) Entwickeln von sicheren verteilten Anwendungen:BASTA_PostCon.zip (823.12 KB) … Continue reading

Posted in Uncategorized | Leave a comment

Authorization Manager and Vista

I just spotted that AzMan under Vista (build 5219) now support three types of authorization stores. Active Directory/ADAM, XML and …tada.. SQL Server.  

Posted in Uncategorized | Leave a comment

CrypterPK (Beta 2)

this was sitting in my outbox for longer – a sample showing how to encrypt/sign files using the .NET 2.0 X509/PKCS classes (updated to beta 2). CrypterPK1.zip (11.82 KB)  

Posted in Uncategorized | Leave a comment

Updated ShowContexts and Request.LogonUserIdentity

In ASP.NET you have to juggle with a number of identities, e.g. The account of the worker process The account of the client (= Context.User / Thread.CurrentPrincipal) The Thread identity (when client/application impersonation is used) The outcome of IIS authentication … Continue reading

Posted in Uncategorized | Leave a comment

Getting all Groups for a Windows Account in .NET 2.0

UPDATE:Thanks to Keith for pointing out a much simpler way (doh!). Removed my bad source code, added a new, good one. Given the complexity of today’s Active Directory installations, the only safe way of getting all Windows groups a user … Continue reading

Posted in Uncategorized | Leave a comment

Writing Secure ASP.NET Applications

As I stated earlier, I am in the process of writing a course and book about the above topic. The rough outline will be: Threats & Mitigation Techniques & Guidelines IIS6 & ASP.NET Architecture Input Validation Storing Secrets Authentication & … Continue reading

Posted in Uncategorized | Leave a comment