Monthly Archives: March 2007

One way to overcome the problem I described in this post would be to run in partial trust. This way you could factor out the code that does the encryption while the rest of your application doesn’t even have file … Continue reading →

If you want to open a listen URI with HTTP.SYS you either need administrative privileges or an administrator that reserves the URI for normal users. I wrote about this here and here – and even wrote a tool to make … Continue reading →

One of my favorite database guys wrote a whitepaper about my favorite topic: security. Check out “SQL Server 2005 Security Best Practices” – interesting read!

While it is (technically) easy to CardSpace enable a web application or service, there are some implications regarding certificates and keys you should be aware of. Let’s focus here on the web application scenario as I think this is what … Continue reading →

Enno asked me yesterday why Googlemail is using clear text HTTP by default – WTF?! I didn’t want to believe him and tried it out myself – and yes – if you go to http://www.googlemail.com they use SSL only for the … Continue reading →

It is not often that I rant on this blog. But this really pisses me off. At least in Europe, hotels think they have to “proxy” my SMTP connections – well a better word than “proxying” would be “man in … Continue reading →

This week I ran into a nasty bug in the Windows Process Activation Service (WAS or WPAS?) on Vista. Here is what happened… I fired up my little WAS application to verify some behavior with non-HTTP WCF endpoints hosted in … Continue reading →

With the new session isolation features in Vista you cannot easily debug services like you used to do. Here is a good writeup.  

This week I spent some hours troubleshooting a problem with IIS7 (more on that in another post) and came across a gotcha you can run into when using user profiles. This is something I knew and I just forgot about … Continue reading →

So this was the last of my 5 part mini series on ASP.NET Security. Find the samples for partial trust ASP.NET here. Thanks to all attendees!