There are generally three types of security in enterprise applications: 1. Role based security - Which actions can a user do - aka role-based access control 2. Entity level security - A user can only perform an Action on certain objects/data - aka row level security 3. Field level se...

This topic shows how to programmatically select the membership provider when you call the ASP.NET authentication service by using Windows Communication Foundation (WCF). You can use a non-default membership provider when you have to authenticate users by using different membership providers, based o...

This is a follow-on update on how to implement non-Active Directory Integrated Smart Card / Client Certificate Authentication with ASP.NET using Http Modules. This long overdue version adds support for ASP.NET Membership, Roles, and Profiles.

Sample code to download file with authentication in .Net C#

In Session Attacks and ASP.NET - Part 1, I introduced one type of attack against the session called Session Fixation as well as ASP.NET's session architecture and authentication architecture. In this second post, I'll delve into a couple specific attack scenarios, cover risk reduction, and counter...

I’ve spent some time recently looking for updated information regarding session attacks as they apply to ASP.NET and am still not completely satisfied with how Microsoft has decided to implement session management in ASP.NET 2.0+. Part 1 explores ASP.NET session management, authentication, and ses...

I decided to share all my interesting reads and resources month by month with my blog readers. You can find these posts by searching on the label Links. I'll try to order the resources in logical categories. If you would like to see some interesting stuff added in the next month, don't hesitate to p...

Recently I ran into a problem with the automatic generated urls in SharePoint alert messages. For some users logging in using the Web-based form (and hence entering the Forms Based authentication Web Application, http://extranet url), the hyperlinks in the generated alert messages started wrongly w...

In this example i'll show how to detect the session timeout which occurs when user is idle for the time specified as Session.Timeout,using C# asp.NET and if it is than redirect the user to login page to login again, for this i've set time out value in web.config file to 1 minute I've created thre...

A reader recently asked me to expand on the ASP.NET Authentication + Silverlight concept I started.. Specifically they wanted to do know how they can have a web service that returns different results depending on who calls the service (and what role they are in). Here is my quick walk through of add...

The CKS:Internet/Extranet Edition has released a pre-beta release of a Forms Based Authentication Solution. This set of great features adds some missing out-of-the box functionality in Microsoft Office SharePoint Server 2007. The solution can be downloaded at Codeplex. The functionality I like t...

In this article, Masoud discusses the concept of Cross Application Authentication using ASP.NET authentication model consisting of Membership Providers, web.config configuration, encryption, and decryption of configuration files. At the end of the article he also examines the application of the conc...

This is my 9 page follow-up article on how to implement non-Active Directory Integrated Smart Card Authentication with ASP.NET using Http Modules.

In ASP.NET 1.1 we already had definitions of name and password credentials within the configuration file. We just didn't have a Login control. Now we have both but the Login control is set by default to use the default membership provider. How can we use both of them together?