Browse by Tags

All Tags » Authentication » Security   (RSS)
Security Code Review – String Search Patterns For Authentication Vulnerabilities
This post contains string search patterns that can help identifying authentication vulnerabilities during security code inspection for your ASP.NET application . Most common vulnerability is about insecurely manipulating credentials in the code. The question Read More...
Posted 21 July 08 03:39 by alikl | 0 Comments   
Filed under , ,
Avoid Manipulating Passwords In Memory - It Is Easy To Reveal
Revealing clear text passwords in memory seems to be a trivial task. This post describes how to reveal clear text passwords and what countermeasures to apply. Summary of steps: Install WinDbg Attach to process or open dump file Load SOS .Net extensions Read More...
Posted 08 December 07 05:55 by alikl | 3 Comments   
Filed under , , , ,
Authentication And Identity Flow When ASP Page Consumes ASP.NET Web Service
"Classic" ASP has application isolation that is different from ASP.NET. Here is one of the real world scenarios where it might matter. There is a legacy web application written in ASP and hosted on Win2K3 box (IIS 6.0). It is of course in the process Read More...
Posted 05 September 07 05:04 by alikl | 4 Comments   
Filed under , , ,
Client Certificates Authentication - Dirty Trick To Disable CRL Check. For Demos Only!
My lab domain has MS CA installed in it so I am able to issue certificates to the left and to the right. Recently I spent some time to understand why client certificates authentication does not work. More precisely the certificates dialog box was offering Read More...
Posted 14 August 07 04:12 by alikl | 1 Comments   
Filed under , ,
Web Services Over SSL - Is It Really That Slow Like They Say?
My answer is "no" . I am working on solution where there is no Windows Active Directory Domain so we cannot utilize our beloved Kerberos and Windows Integrated Authentication saving big on configuration and management while taking advantage of increased Read More...
Posted 01 August 07 03:35 by alikl | 2 Comments   
Filed under , , , , , ,
T-Shooting Kerberos
I was delivering "Authentication Explained" session for Security User Group. First off - thanks for attending the session! The session was based on "Authentication Explained" workshop . During the session I was demoing the following topics: Identity Flow Read More...
Posted 04 July 07 10:16 by alikl | 2 Comments   
Filed under , , , , ,
SOA, Strong Authentication, Standard Authorization - Cool Solution
reposted from here I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web Read More...
Posted 30 May 07 01:45 by alikl | 7 Comments   
Filed under , , ,
Adding Shared SNK File In Visual Studio 2005
“Prior to Microsoft Visual C# 2005, you specified the key file using CLR attributes in source code. These attributes are now deprecated . Beginning in Microsoft Visual C# 2005, you should use the Signing Page of the Project Designer or the Assembly Linker Read More...
Posted 16 April 07 03:24 by alikl | 1 Comments   
Filed under , , , ,
Authentication Hub
Windows Authentication Identity Flow Through Physical Tiers Identity Flow Through Physical Tiers - Impersonation Identity Flow Through Physical Tiers - Delegation Identity Flow Through Physical Tiers - Protocol Transition Certificates Different Ways To Read More...
Posted 11 April 07 09:04 by alikl | 8 Comments   
Filed under , ,
Identity Flow Through Physical Tiers - Protocol Transition
If these articles: How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0 Using Protocol Transition—Tips from the Trenches are your friends then do not waste your time on this post, please. The scenario is the same where user sits behind Read More...
Posted 10 April 07 01:27 by alikl | 3 Comments   
Filed under , , ,
Basic Steps To Make ASP.NET Web Site CardSpace Aware
From short investigation and a lot of information from Richard Turner's screencasts Here is what I get. To make my ASP.NET app I need: Write ASP.NET server side code to validate the token that holds end user's data, further processing might include checking Read More...
Posted 09 April 07 01:26 by alikl | 1 Comments   
Filed under , , , , ,
Identity Flow Through Physical Tiers - Delegation
If these articles: How To: Implement Kerberos Delegation for Windows 2000 How To: Use Impersonation and Delegation in ASP.NET 2.0 Credentials and Delegation are your friends then do not waste your time on this post, please. I have still the same scenario Read More...
Posted 08 April 07 05:53 by alikl | 3 Comments   
Filed under , , ,
Identity Flow Through Physical Tiers - Impersonation
There are scenarios where actual windows identity of end user needs to be flowed to the server so that server can perform action on end user's behalf - that is in nutshell Impersonation. In previous post Identity Flow Through Physical Tiers - one might Read More...
Posted 06 April 07 07:54 by alikl | 7 Comments   
Filed under , , ,
Identity Flow Through Physical Tiers
Identity story with .Net really rocks, but along with great extensibility it also brings a lots of confusion ( One Identity - Many Faces :IIdentity ). I am building now workshop for developers that concentrates on authentication only. It talks about concepts, Read More...
Posted 05 April 07 10:23 by alikl | 4 Comments   
Filed under , , ,
Who Access My File?
In my post File Access Auditing - I Am Not Afraid Of GPO I've digested technet documentation on how to set Active Directory Group Policy Object (AD GP) to enable file access auditing as security measure to prevent repudiation. It is heavy weight techniques Read More...
Posted 03 April 07 07:02 by alikl | 7 Comments   
Filed under , , , , ,
More Posts Next page »

Search

This Blog

. My Personal Blog .

.Net Performance How To's

.Net Security How To's

Design Patterns

Impactful

Lifecycle Phases

Popular

Tools

Syndication

Page view tracker