for example- if you want to use WCF and windows integarted security you will need to conifgure the IIS for windows integrated authentication. even when you do that you can get an execption like: System.ServiceModel.ServiceHostingEnvironment+HostingManager...

WCF security http://msdn2.microsoft.com/en-us/library/ms732362.aspx WCF with x509 http://msdn2.microsoft.com/en-us/library/ms733137.aspx Using client credentials http://www.theserverside.net/tt/articles/showarticle.tss?id=SecuringWCFService...

Since the v1.1 release of Silverlight includes a slimmed down version of the CLR, you might be wondering what the managed security story for Silverlight is and how it compares to CAS on the desktop version of the CLR. read more here: http://blogs...

A lot of errors are coming up while working with X509. there is a lot of confusion of where do I need to store the certificate ? where is my private key ? the common error is that developers installs the private key to a location that the program not...

are we at the time when IT pro's will start talking to the dev team about security ? it's seems like now dev teams and IT pro's CAN and hopefully WILL work together. Applications can be developed to take advantage of the most common type of policy...

you can effect the way that .NET 3.0 will be. you have three main spots where you can report a bug or even report a wish list. .NET Framework 3.0 WCF: http://connect.Microsoft.com/wcf/Feedback WF: http://connect.Microsoft.com/wf/Feedback Visual studio...

http://www.microsoft.com/technet/security/guidance/disasterrecovery/computer_investigation/default.mspx

You might will be interest to read this RFC if you need to develop applications that need to handle encryption. for an example if you have a legacy system (e.g. MF) and you need to write your own low level procedures to handle encryption then this RFC...

Includes a preview of the new Policy Injection Application Block, and release candidate of all other application blocks. can be downloaded here: http://www.codeplex.com/entlib/Release/ProjectReleases.aspx?ReleaseId=2081

The Supporting Tokens sample demonstrates how to add additional tokens to a message that uses WS-Security. The example adds an X.509 binary security token in addition to a username security token. The token is passed in a WS-Security message header...

From .NET Remoting to the Windows Communication Foundation (WCF) http://msdn.microsoft.com/library/en-us/dnvs05/html/NETremoteWCF.asp?frame=true ASP.NET Web services to the Windows Communication Foundation http://wcf.netfx3.com/content/TheFutureofASPNETWebServicesintheContextoftheWindowsCommunicationFoundation...

using X509NameType Enumeration you can extract all the fields from a x509 certificate. this enum is new for .net 2.0 here is the code: using System; using System.Security.Cryptography; using System.Security.Permissions; using System.IO; using System...

http://blogs.ittoolbox.com/security/dmorrill/archives/billy-hoffman-on-ajax-security-11141 some videos can be found here: http://www.asp.net/learn/videos/#ajax

in order to know how do detect and attack and protect you should first understand the attack ! a very useful link for that: http://www.attacklabs.com/

Network monitor 3.0 has a command line tool as well to capture traffic. You can use the ‘Nmcap.exe’ tool to capture frames without the GUI. This tool is available in the Network Monitor 3 installation directory. I'm looking for a way now to intercept...

just copy and paste to implement an XSS. sources can be found here : http://ha.ckers.org/xss.html

S eamless The more integration work that has to be done to get a component to work, the more opportunities to introduce unintended errors which can result in security vulnerabilities. Secure code should therefore not require any special skills to incorporate...

Download Microsoft Network Monitor (netmon) 3.0 Microsoft Network Monitor 3.0 is a brand new protocol analysis tool. It has been under development for about 2 years at Microsoft. You are welcome to try it out and provide feedback to us. Key features...

check out the new version of reflector here

Great tool from P&P that can help you to implement security issues in your code and servers. the tool can be download from http://channel9.msdn.com/wiki/default.aspx/GuidanceLibrary.GuidanceExplorer and include a lot of how to's that refer to...

Hi, My Name is Nimrod Luria and I'm a consultant at the ACE team. at the next few days i will transfer all my posts to here from my old blog. more about the ACE team can be found here: http://blogs.msdn.com/ace_team/ my old blog can...