Monthly Archives: August 2006

Very detailed read: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetserv/html/AzManApps.asp On a related note, I can recommend Keith’s roadmap article for the big picture: http://msdn.microsoft.com/security/identityaccess/default.aspx?pull=/library/en-us/dnnetserv/html/DotNetIdM.asp  

In this post I explained why you have to use absolute URLs when you switch to SSL. I showed the GetAbsoluteUrl method which allows to pass in a relative URL and a protocol and returns an absolute URL. By using … Continue reading →

Browsers cache pages. We all know that. But most browsers also cache SSL secured pages. Such pages potentially contain sensitive data and you don’t want that anybody who has file access to your computer (administrator, remote attacker, virus or trojan) … Continue reading →

Recently I have been revisiting several ways to implement web apps that are partially secured by SSL. That means that only parts of the application use SSL transport security whereas other parts transmit data over clear text. This can be a requirement … Continue reading →

…and really just a test of LiveWriter… (which works really well)

I just came across this blog entry from Martin. Seems that on Vista the functionality for setting ACLs on URIs for HttpListener is now included in netsh (makes sense). Netsh allows to simply specify the account name and doesn’t force you … Continue reading →

I get this question from time to time. Most often because you have to set ACLs on the private key file to allow access for worker process accounts. There is no clean way to do that in managed code. The … Continue reading →