Monthly Archives: October 2005

HttpCfg GUI Tool

Steve started writing a nifty GUI tool for HttpCfg. Good work. Now, Keith convinced him to incorporate his ACL dialog helper, maybe I can convince him to add support for well known SIDs – like here. cool!    

Posted in Uncategorized | Leave a comment

Security Audit of the TSA Network

This is the kind of stuff I did in my “former life” – and sometimes I miss it. http://www.dhs.gov/interweb/assetlibrary/OIGr_05-31_Aug05.pdf  

Posted in Uncategorized | Leave a comment

ShowContexts – updated again (and again)

I guess this is the final update for ShowContexts.aspx – it now shows: authentication & impersonation configuration settings type of Membership and Role provider type of current IPrincipal/IIdentity on Context.User  process identity thread identity (if impersonating) Context.User IIS authentication outcome … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Provider Architecture

Lots of information if you want to understand and extend the provider model. here.  

Posted in Uncategorized | Leave a comment

Reserving HTTP.SYS Namespaces programmatically

I posted a little command line tool here. Keith wrapped the unmanaged API here.  

Posted in Uncategorized | Leave a comment

More on protecting static Resources with ASP.NET 2.0

I forgot to mention that there are also special directories in ASP.NET that generally cannot be browsed, e.g. App_Data and App_Code (there are more). App_Data seems to be the “designated” directory to put files that should under no circumstances be … Continue reading

Posted in Uncategorized | Leave a comment

Protecting non-ASP.NET resources with ASP.NET 2.0

A common problem I see in audits is, that people throw all kinds of files into their ASP.NET vdir (like .xml, .mdb etc) and just assume that these files will be protected by ASP.NET authentication & authorization. This is not … Continue reading

Posted in Uncategorized | Leave a comment