Active News 15 Seconds Weekly Newsletter • Complete Coverage • Site Updates • Upcoming Features More Free Newsletters Reference News Articles Code Samples Components Tools FAQ Feedback Books Links DL Archives Community Messageboard List Servers Mailing List WebHosts Consultants Tech Jobs 15 Seconds Home Site Map Press Legal Privacy Policy internet.commerce internet.com IT Developer Internet News Small Business Personal Technology International Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers Compare products, prices, and stores at Hardware Central!

Previous Next   email this FAQ to a colleague Q: How do I enable user password authentication? A: IIS finds the list of users from NT Server. Ideally, create a global group called Internet Guests, give that group the required permissions to your web directories that you wish to protect (ie remove the Everyone Full Control permissions and add Internet Users Read Only)... Anyone you wish to give permission to, add then as a user and make them a member of Internet Guests. Then when people access the web, if a page doesn't have Everyone access, it will ask for a username and password from the user. This username and password should be stored on the web browser untill it is closed, so you will not get asked every time you access a restricted page. (Dean Cleaver - Dean Cleaver Articles Feb 3, 2005 - ASP.NET Mixed Mode Authentication In many web applications it is desirable for both intranet users and external parties to be able to seamlessly log onto the system. The problem this raises is that it is not easy to allow intranet users to log in via Windows integrated authentication while also allowing external parties to log in to the same application using standard forms authentication. This article will show you one way to achieve the best of both worlds when it comes to authentication. [Read This Article]  [Top] Dec 8, 2004 - Designing Role-Based Security Models for .NET In this article, Michele Leroux Bustamante discusses authentication, authorization and role-based security in .NET. Along the way, he provides some best practices for implementing role-based security in some typical .NET application scenarios including rich clients, Web applications, and Web services. [Read This Article]  [Top] May 11, 2004 - SharePoint Security and .NET Impersonation When implementing custom components that require access to restricted resources, implicit impersonation must be used. Jay Nathan shows how to create a class that makes using .NET Impersonation a snap. [Read This Article]  [Top] Mar 10, 2004 - Intellectual Property Protection and Code Obfuscation Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] Feb 24, 2004 - How to Send Secure Mail in ASP-Based E-Commerce Applications - Part II Businesses that utilize encrypted e-mail may find Secure Multipurpose Internet Mail Extensions (S/MIME) to be somewhat restrictive. This article shows how to use security features in PDF as an alternative to S/MIME. [Read This Article]  [Top] Feb 2, 2004 - Fighting Spambots with .NET and AI Bill Gates, in a recent interview, predicted the end of spam by 2006. One of the methods he mentioned involved a challenge only a real live person could handle. Adnan Masood shows how to use AI and .NET to create a user verification scheme that incorporates similar concepts Gates alluded to. [Read This Article]  [Top] Jan 21, 2004 - Configuring .NET Code Access Security Code Access Security (CAS) is the .NET Framework security model that grants code permission to resources based on "evidence" pertaining to the encapsulating assembly. In this article, David Myers examines CAS and explains different configuration methods. [Read This Article]  [Top] Mar 10, 2003 - Platform Neutral and Transparent Encryption of Sensitive Customer Information Zhenlei Cai combines an open source C++ encryption library with SQL Server extended stored procedures to create a platform neutral, transparent encryption solution that resides at the database layer. [Read This Article]  [Top] Jan 15, 2003 - Exploring Machine.Config - User Security and More Christopher Spann offers a .NET configuration tip that should help ease system administrators' fears of security compromise and thus assuage growing developer demand for a .NET environment. [Read This Article]  [Top] Dec 10, 2002 - Encrypting Cookie Data with ASP.NET You don't have to be a cryptography expert or spend lots of money on third-party components to secure sensitive data in .NET. In this article, Wayne Plourde shows just how easy it is to encrypt cookie data using encryption classes in the .NET System.Security.Cryptography namespace. [Read This Article]  [Top] Aug 21, 2002 - Web Application Error Handling and Logging For ASP One of the most important aspects of an application is how well it responds to the user, and this includes response to errors. In this article, Adam Tuliper shares techniques for catching ASP errors and shows how to create a notification system that is sure to keep customers at bay. [Read This Article]  [Top] Jul 15, 2002 - Securing SQL Server for Web Applications If your SQL Server is exposed to the Internet, then hackers are probing it. This article shows how to secure a SQL Server database that's being used with a Web application [Read This Article]  [Top] Jul 1, 2002 - Protecting Your Web Application Against Dangerous Requests Enrico Di Cesare provides a solution for hiding and securing querystring values that pass through a url. [Read This Article]  [Top] May 14, 2002 - Complying with IT's Security Requirements for Web Applications The application is done. It's been tested, documented and is ready for deployment or sale. Finally, you can relax and start working on version 2. Well, not so fast ... [Read This Article]  [Top] Mar 12, 2002 - Web Services Security in The .NET Framework The proliferation of Web Services on the market and their universal acceptance on the Internet makes them more vulnerable to security threats. Therefore, we need to tighten security for our Web Services and pay attention to it. With ASP.NET, Microsoft has provided the necessary features for securing our Web Services and other Web resources. In this article, Mansoor Ahmed Siddiqui explains how to unleash the power of ASP.NET security. [Read This Article]  [Top] Mar 5, 2002 - Using Forms Authentication in ASP.NET - Part 2 Creating custom authentication schemes just became easier. Jeff Gonzalez continues to explain Forms Authentication, this time using a custom XML file. [Read This Article]  [Top] Feb 20, 2002 - Using Forms Authentication in ASP.NET - Part 1 Creating custom authentication schemes just became easier. Jeff Gonzalez shows us how to use Forms Authentication in ASP.NET. [Read This Article]  [Top] Oct 30, 2001 - Protecting Your IIS Server and Web Application Internet viruses such as Code Red and Nimbda have brought down numerous IIS Web servers recently. Fortify and defend your system with this comprehensive strategy authored by 30-year industry veteran, Andrew Novick. [Read This Article]  [Top] May 2, 2001 - Storing Sensitive Data Securely Members of the 15Seconds discussion list provide some general ideas on how to secure credit-card numbers stored in SQL Server. [Read This Article]  [Top] Jan 31, 2001 - Using MS Certificate Server To Create SSL Read what advice members of the 15Seconds Discussion list had to offer on using Microsoft's Certificate Server instead of a third-party SSL solution. [Read This Article]  [Top] Jan 22, 2001 - Eliminating Some Credit Card Risk for E-Business Creator of the SC Profanity Check ASP component explains how Webmasters can take a proactive approach to eliminating some online credit-card fraud. [Read This Article]  [Top] Jan 4, 2001 - JavaScript Protection With An ISAPI Filter This article by Itay Weinberger describes how to use an ISAPI filter to prevent unauthorized access to your JavaScript or VBScript files. [Read This Article]  [Top] Dec 5, 2000 - Random Passwords Want to Create a random password and mail it to the person who tried to register at your site? Here is a quick and easy example of how to do this task. It is fairly straight forward. [Read This Article]  [Top] Aug 16, 2000 - The Wonders of the File System Object The file system object (FSO) is a wonderful tool that few web developers know about. You can do nearly anything with the FSO, from making databases, to message boards, to content management. The FSO is an essential block in an ASP developer's foundation. We'll discuss the basic operations of the FSO here, along with some examples on creating a guestbook, and some more complex features. [Read This Article]  [Top] Aug 11, 2000 - Servers-Side Validations on the Client Side Servers-side validations on the client side...isn't that an oxymoron? Maybe, but Pandurang Nayak shows us how to accomplish a type of remote scripting using a mix of Javascript and ASP. [Read This Article]  [Top] Apr 13, 2000 - Web Applications: Securing Access to Your Pages Edward Mason examines how to secure access to your Web pages, specifically pages that are intended to be displayed in a set order. He offers sample code from one of his custom Web applications that includes a folder structure and an ASP file structure. The article also addresses bookmarking, special cases, adding or changing page links, and adding more process screens. [Read This Article]  [Top] Feb 17, 2000 - Protecting Passwords with a One-way Hash Function Peter Persits’ article shows that the path to a password-protected Web site involves using one-way hash functions. The hash-based password-protection method uses an encryption algorithm that does not require a key and produces an irreversibly encrypted cipher-text. Even if your site’s password database is compromised, it’s still tough for an intruder to recover the original passwords because they are stored by their one-way encrypted values. Persits also demonstrates a third-party component that is necessary to compute the one-way hash function of a string in the ASP environment. [Read This Article]  [Top] Dec 17, 1999 - How to Send Secure Mail in ASP-Based E-Commerce Applications Peter Persits' article explains how Secure Multipurpose Internet Mail Extensions, or S/MIME, has come to rescue of e-commerce Web sites that need some order information to be contained in encrypted E-mail. Customers don't want to use automatic on-line credit card authorization, so order information instead is sent over an SSL-protected HTML form and credit card numbers are sent via encrypted E-mail for manual processing. [Read This Article]  [Top] Dec 16, 1999 - Crash Course in Cryptography Peter Persits' article "Crash Course in Cryptography" explains encryption so that you can grasp secure multipurpose Internet mail extensions, or S/MIME. [Read This Article]  [Top] Feb 11, 1999 - Programming a Visual Basic Component to Change NLTM Passwords The application we will develop in this article is a browser-based Windows NT domain account password-changing utility that runs as a component in an MTS package on IIS and is accessible via the Internet. While IIS 4.0 provides native account password-changing functionality through the use of .htr files and an Internet Server API (ISAPI) extension, it does not provide for easy modification and does not run as an MTS component by default. The application we will develop demonstrates an extensible framework that could be easily enhanced to provide additional account-maintenance functionality specific to your individual requirements. [Read This Article]  [Top] Jan 14, 1999 - Easy Application State Securely This article by Dmitry Khanine shows how to make your web site 100-percent secure when maintain your application state. [Read This Article]  [Top] Nov 4, 1998 - ASP Authentication Using IP Address This article by Alain Trottier explains how to control web application access by validating the user’s login and password against a database using Active Server Pages. Once validated the IP Address of the user is ensure that the user has access to the database. [Read This Article]  [Top] Nov 30, 1997 - Advanced Security Concepts This article is a reprint of chapter 19, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers advanced security concepts. Including: how to secure content Enforce security permissions for sensitive and private content and configuring user authentication understand and use authentication methods for securing content. [Read This Article]  [Top] Code Samples Authenticate in ASP without NT Checking NT Group for User Permissions Related Topics IIS 1.0 IIS 2.0 IIS 3.0 Knowledge Base Articles IIS Execution File Text Can Be Viewed in Client Q164059 - 1997.06.23 INFO: Security Ramifications for IIS Applications Q158229 - 1997.08.28 PRB: Accessing SQL Database Fails on Second Att... Q166659 - 1997.09.06 IIS: Authentication & Security Features Q142868 - 1997.09.07 File Upload Does Not Work with NTLM Authenticat... Q169546 - 1997.09.07 Can't Connect to SSL-Enabled Site and/or Server... Q184321 - 1998.05.08 IIS: Certificate Security Affected By Schannel.dll Q184055 - 1998.05.08 How to Set IIS 3.0 Authentication from the Regi... Q178232 - 1998.05.08 How to Use Personalization Server w/ Anonymous ... Q177505 - 1998.05.08 FILE: Authentication and Security for Internet ... Q174811 - 1998.02.10 Require Secure SSL Channel Not Available Q174779 - 1998.05.08 INFO: Security Issues with Objects in ASP and I... Q172925 - 1998.05.08 Secure Sockets Layer (SSL) Options Q172023 - 1998.05.08 Security Certificate Doesn't Match Internet Add... Q172424 - 1998.05.08 How to Grant/Deny Access to a Group of Computer... Q166003 - 1998.05.08 NetScape Navigator Hangs Connecting to Secure I... Q165670 - 1998.05.08 ASP Queries When SSL Enabled Gives Incomplete R... Q164073 - 1998.05.08 NTFS Alternate Data Stream Name of a File May R... Q188806 - 1998.09.28 FTP Passive Mode May Terminate Session Q189262 - 1998.09.28 Problems Remotely Accessing W3 or FTP Perfmon C... Q185349 - 1998.09.28 FIX: ASP Incorrectly Delivers SSL Data in 32K S... Q170985 - 1998.09.28 Password Synchronization and Local User Account... Q183722 - 1998.09.29

Support the Active Server Industry Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers Solutions Whitepapers and eBooks Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version? Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits 30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES