Creating a Trace event log
I am trying to create a scenario whereby any time there is a exceptional error or hacking attempt on my web application. I could log all sort into a file. So as an administrator I could also see all...
View Articlesecuring sessions
How can I encrypt and decrypt my session id and session content. how can i also prevent a session hijack. My security is just generally based on how to use session securely to prevent hackers from...
View ArticleServer ignoring my webcofig settings
I have a folder called reports with sub folders. Each folder has a webconfig file which specifies user access. This webconfig work on my local machine but not the server. Any ideas?<?xml...
View ArticlePreventing abuse by anonymous users
I am building a website that allows visitors to vote. It is important that visitors do not have to sign up to the site to use it, this opens up the site to abuse. How could I prevent an anonymous user...
View ArticleHow Discovery vulnerability
Hello, everybody!Want Consult Everybody ,How Discovery And Learning vulnerability?Request Answer!Thank you
View Articlefolder browser not working with client
Hi experts,I download folderbrowser.dll (Shellfolderbrowser ,CP.windows.foms)and add in my aplication thats working fine in my machine but when i host the same its not woking in the client machine...
View ArticleWhat should I know about security?
Hi everyone, I am in the process of developing a subscription based website and use asp. Net's membership as the control over authenticating and logging in users to the members area. However, having...
View ArticleNot able to access a folder from a web application and able to access it...
Hi,I have a web application. In that we can upload a file to a location in two ways.1. We have a Fileupload control from which user can upload a file to a location(eg:\\testmachine\share) which is...
View ArticleMy website is not responding sometimes.
My website is not responding sometimes. After restarting the IIS it will work. What will be the problem. I tried restarting the website itself. but didnt work. Only after IIS restart it works. It is...
View ArticlePreventing multiple log in of a single user id without using session
Hi,I have a scenario wherein I have to prevent multiple log in of a single user without using session variable. If a user is logged in from system A then he/she should not be able to log in from system...
View ArticleSecurity update MS11-100 breaks page output caching (Refer: KB2656351)
Environment: ASP.Net 4.0, IIS 7, Windows Server 2008 SP1, 64 bit Operating systemIn our ASP.Net application, we are adding cookies to HTTP response in Page_Load() event using the following code...
View ArticleSNORT VS .NET
I appreciate your good work in this forum...I am developing an application in ASP.NET C# 2010 version for "NETWORK INTRUSION DETECTION SYSTEM"The program is meant to detect network attacks like:...
View ArticleIs AspNetActiveDirectoryMembershipProvider secure?
I wrote a authentication form through ActiveDirectory using AspNetActiveDirectoryMembershipProvider. In the docs related to the provider, there is no mention of security concerns. Is it safe against...
View ArticleBasicHttp authentication for ApiController
Working on an MVC4 ApiController, not yet on the Web which I wish to secure.I have seen the standard of passing to an MVC4 ApiController a hashed parameter starting with "Basic" and an encoded string....
View ArticleDisable menu till valid login
I am new to asp.net. I am using visual tudio 2010 membership provider for security reason. I am using built in master page of asp.net web application. In this aaplication I done a some master forms amd...
View ArticleOAuth 2.0 Provider for my website
hi guys , I want to create OAuth2.0 Providers & service for my own website. how can i do this? any working example/sample would be appriciated.
View ArticleDataProtectionConfigurationProvider
Hi folks,I am getting the following error when i copied the web.config file from the webserver to my dev server.Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message...
View ArticleWebmail Helper Hacked? (base64 encode tampering)
Hi all,I have been using the webmail helper recently but have noticed a number of "spoofed" IP's posting (testing holes?). The strange thing is I am using the anti forgery token as well as html...
View ArticleDigitally Sign Web Form Data
Hi, I am in a project in which I have to get data from the user through webform and submit it to the server after attaching the Digital signature from the user.Can anybody help me, how to digitally...
View ArticleAvoid directory access from URL
Hi,When user tries typing any folder from URL (www.mydomain.com/foldername), browser throws following server error "403 - Forbidden: Access is denied.". With this message, attacker can get an idea that...
View Article