Monthly Archives: March 2006

Two Goodies from Microsoft

The ACE Team recently released some useful tools: The AntiXSS LibraryEnhanced version of Server.HtmlEncode and friends. recommended (currently this library demands full trust – but I heard this might change soon :) Threats Analysis & Modeling V2.0 BetaReally nice tool that is very … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Custom Validation Controls

Passend zu meinem neuen Artikel über die Erweiterung der Validation Control Infrastruktur auf MSDN, finden Sie hier ein Beispiel für ein Validation Control, dass die Komplexität eines Passwortes überprüft. Dies ist für alle Formulare interessant, in denen Benutzer-Passwörter erfasst werden, die … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET and Shared Hosting

ASP.NET Security through the eyes of an ISP. here. Diniz wrote about that topic before and indeed the situation has changed to the better in ASP.NET 2.0, but it is really terrifying how insecure a lot of this shared hosting … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Extensibility Code and Security Context

Whenever you write infrastructure code in ASP.NET, e.g. a module or a provider, that accesses external resources (files, databases etc) you heavily rely on the security context of the current request. And since modules or providers are made for re-use, … Continue reading

Posted in Uncategorized | Leave a comment

Secure Remoting Configuration Settings

The ability to use NTLM/Kerberos and a secure channel in Remoting 2.0 makes this technology suddenly interesting again (for server-to-server communication).I couldn’t find any documentation on that on MSDN – so I fired up good old Reflector to figure out … Continue reading

Posted in Uncategorized | Leave a comment

ExceptionFiltering and Impersonation

In the RTM version of .NET 2.0 there is a built-in mititgation technique for the problem with impersonation and exception filtering. excellent. Read more at Shawn’s blog.  

Posted in Uncategorized | Leave a comment

Custom ASP.NET Validation Control

Passend zu meinem neuen Artikel über die Erweiterung der Validation Control Infrastruktur auf MSDN, finden Sie hier ein Beispiel für ein Validation Control, dass die Komplexität eines Passwortes überprüft. Dies ist für alle Formulare interessant, in denen Benutzer-Passwörter erfasst werden, die … Continue reading

Posted in Uncategorized | Leave a comment

Password Complexity ASP.NET Validation Control

In 2004 (!) I posted a custom validation control to check passwords for complexity requirements. At that time I only implemented the server side validation. Now I finally found some time to add the client validation, too. MinimumEntropyValidator.zip (17.71 KB)  

Posted in Uncategorized | Leave a comment

Response to ClickOnce Post

I just saw that Saurabh from Microsoft responded to my ClickOnce post (well – without specifically mentioning me…) Update: Brad Abrams picked it up, too I guess I don’t have to comment on that, as I have expressed my feelings in … Continue reading

Posted in Uncategorized | Leave a comment