Monthly Archives: April 2006

ASP.NET Server Side Comments

This is nothing new, just something I wanted to blog for a long time but always forgot. Part of a web application penetration test/audit is to inspect the HTML for all kinds of interesting information, e.g. comments. You would not … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Background Threads and Unhandled Exceptions

Tess has a great blog! She is an escalation engineer for ASP.NET and having worked with some of the PSS guys in the past – I can tell you – they see the really dark sides of .NET every day…but … Continue reading

Posted in Uncategorized | Leave a comment

Neue Security Artikel in Deutsch

Folgende Artikel sind jetzt online: “ASP.NET Logging und Instrumentierung mit dem Health Monitoring Framework”Events und Konfiguration / Custom Provider / Source “Sichere Kommunikation im Internet mit SslStream”Artikel / Source “Überlegungen für sichere ClickOnce-Bereitstellungen” (das ist die auf RTM ge-updatete und übersetzte Version … Continue reading

Posted in Uncategorized | Leave a comment

TracePoints and Security Information

Just today I discovered the trace point feature in Visual Studio. Wow – this is cool. Trace points allow you to emit information to the output window or even start a macro when a certain line of code was hit during … Continue reading

Posted in Uncategorized | Leave a comment

The Developer Highway Code

“The drive for safer coding” Never saw this before. This document combines information about SDL, new security features in 2.0 and all the security checklists from PAG. In general I am not a big fan of “checklist security” - but if … Continue reading

Posted in Uncategorized | Leave a comment

ShowContexts ASPX & ASMX

ShowContexts ist ein Diagnose-Tool für diverse Authentifizierungs- und Autorisierungs-Settings in ASP.NET. Es zeigt folgende Informationen an: Authentifizierungs & Impersonierungs Einstellungen Membership und Role Provider Typen Trust Level IPrincipal/IIdentity Typen in Context.User Name und Authentifizierungs-Typ in Context.User IPrincipal/IIdentity Typen in Thread.CurrentPrincipal … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Security Context and Extensibility Code Pt. 2

Here I wrote about how important it is for extensibility code like providers or modules to be aware of the current security context when you want to access external resources. You can streamline a lot of the code I showed … Continue reading

Posted in Uncategorized | Leave a comment

My web.config

When you write a lot code in ASP.NET, it is tedious to always change some files to the format you like them to be, e.g. my default web.config (to start with) always looks like this: <?xml version=“1.0“?>   <configuration>     <system.web>     … Continue reading

Posted in Uncategorized | Leave a comment

Source Code der ASP.NET 2.0 SQL Provider

Super zum lernen! http://download.microsoft.com/download/a/b/3/ab3c284b-dc9a-473d-b7e3-33bacfcc8e98/ProviderToolkitSamples.msi  

Posted in Uncategorized | Leave a comment

Even more Provider Resources

Brand new: source code for the built-in Sql providers. Not so new, but still useful: provider based features code template  

Posted in Uncategorized | Leave a comment