|
|
|
|
|
|
|
May 2006 - Security Briefs
-
My friend Dominick responded to my query by pointing to this post where he's shared his thinking: ASP.NET 2.0 ships with three role providers - one for SQL Server, one for AzMan and one for Windows tokens... The Windows token provider is special - it...
-
Anybody actually using this role provider in ASP.NET 2.0? What problem is it solving for you? Given that the new WindowsIdentity.Groups property allows you to enumerate groups, I don't see why using RolePrincipal is any more functional than WindowsPrincipal...
-
I'm posting this in the hopes that it'll help someone who has the same problem I've had over the last few weeks. At some point, after getting the latest iPod updater, my iPod stopped being recognized by iTunes. I finally sat down tonight and solved the...
-
Spelunking around with ASP.NET forms auth I got a bit of a surprise this morning. The last time I checked, in 1.x ASP.NET assigned a persistent forms cookie an expiration date that was 50 years in the future. But the code looks very different in 2.0....
-
As I'm wrapping up the security chapter for Essential ASP.NET 2.0 , I'm putting together some guidance for using SqlMembershipProvider. One of the things that really bothers me about this class is the ease of which one can reset a users password by answering...
-
I've been wanting to do a class like this for years. Get a bunch of developers in a room for a couple days of intense security training, everything from the basics of input validation (SQL injection, XSS, canonicalization issues, etc.) to building identity...
-
Lots has been happening lately, and I've really let my blogging slip, sorry readers. After getting the Longhorn Server Ascend training wrapped up last month, I got caught up with MSDN articles, writing a couple pieces on InfoCard (one of which is already...
|
|
|
|
|