Monthly Archives: September 2005

One upside of being ill (I brought a flu virus from the last conference with me) is, that at some point you are so fed up with “recovering”, that you start looking around for new technologies (don’t do something work … Continue reading →

Leider hat mich ein Grippe nach der BASTA dahingerafft…deswegen die versprochenen Slides und Demos etwas später…danke an alle Teilnehmer. Viel Spass! Neue .NET 2.0 Security Features:BASTA_20Security.zip (641.44 KB) ASP.NET Provider Modell:BASTA_Provider.zip (270.63 KB) Entwickeln von sicheren verteilten Anwendungen:BASTA_PostCon.zip (823.12 KB) … Continue reading →

I just spotted that AzMan under Vista (build 5219) now support three types of authorization stores. Active Directory/ADAM, XML and …tada.. SQL Server.  

this was sitting in my outbox for longer – a sample showing how to encrypt/sign files using the .NET 2.0 X509/PKCS classes (updated to beta 2). CrypterPK1.zip (11.82 KB)  

In ASP.NET you have to juggle with a number of identities, e.g. The account of the worker process The account of the client (= Context.User / Thread.CurrentPrincipal) The Thread identity (when client/application impersonation is used) The outcome of IIS authentication … Continue reading →

UPDATE:Thanks to Keith for pointing out a much simpler way (doh!). Removed my bad source code, added a new, good one. Given the complexity of today’s Active Directory installations, the only safe way of getting all Windows groups a user … Continue reading →

As I stated earlier, I am in the process of writing a course and book about the above topic. The rough outline will be: Threats & Mitigation Techniques & Guidelines IIS6 & ASP.NET Architecture Input Validation Storing Secrets Authentication & … Continue reading →

This is a follow up to an earlier post. I found a much easier way to lock down trust levels for individual applications. Still the scenario is that you have multiple web applications on a server, some should run in … Continue reading →