Monthly Archives: May 2004

AzMan and Custom SIDs – Part 3

in this last part i’ll show you the code to do access checks against an AzMan store with custom SIDs. first, you authenticate the username/password against the database and get the SID in return. public string Authenticate(string Username, string Password){  string salt = … Continue reading

Posted in Uncategorized | Leave a comment

IEProxy

small tool to change the ie proxy from the command line. ieproxy.zip (3,04 KB)

Posted in Uncategorized | Leave a comment

Speaking at WinDev!

i am speaking at this years windev in boston. both talks are in keith brown’s security track. cool!   Designing Application Managed Authorization Authorization is a task which every programmer has to face sooner or later. While authentication is handled … Continue reading

Posted in Uncategorized | Leave a comment

Happy 1st Birthday OS/2 2.0

just found this shirt in a drawer (front – with the wonderful os/2 logo)Happy 1st Birthday OS/2 2.0March 31, 1993 (back)OS/2 2.0 First Year Milestone2,000,000+ Copies Sold10 International Awards1,200+ OS/2 Applications80+ OEM Hardware Vendors100+ User Groups250+ Bulletin Boards reminds me … Continue reading

Posted in Uncategorized | Leave a comment

AzMan and Custom SIDs – Part 2

Custom SIDs can be added to roles or to application groups. You will have to do that programmatically because the MMC snapin only gives you the usual User/Group picker for local/domain accounts. My aproach is to completely configure the AzMan … Continue reading

Posted in Uncategorized | Leave a comment

AzMan and Custom SIDs – Part 1

Ok – here’s the scenario: If you have an application which stores the principals in a sql database and you have an AzMan store against which you want to run access checks. How can you combine these? First of all … Continue reading

Posted in Uncategorized | Leave a comment

Reflector 4

Lutz Roeder’s new .NET Decompiler is out!!! Rocks as usual. download

Posted in Uncategorized | Leave a comment

AzMan and non-Windows Accounts

One question at the AzMan talk was about how to use AzMan with non-Windows accounts, e.g. with applications that roll their own user management (like Web Applications, SQL Server type user stores) or alternate authentication protocols like RSA SecureID. What’s … Continue reading

Posted in Uncategorized | Leave a comment

Arbeiten als non-Admin (german)

Der neue Newsletter der ERNW GmbH ist online. Das Thema ist diesmal “Arbeiten als non-Admin unter Windows”. download Auszug:“Das Problem Das Arbeiten als Administrator bzw. mit einem Account mit Administrator-Rechten unter Windows hat sich in vielen Firmen-Umgebungen und im privaten … Continue reading

Posted in Uncategorized | Leave a comment

IIR Windows Forum – Microsoft Authorization Manager

I gave a talk about Microsoft Authorization Manager at the IIR Windows Forum in Frankfurt. I was pretty suprised about how many people came to this session (even some more than to the iis 6 security talk directly before ;) … Continue reading

Posted in Uncategorized | Leave a comment