Stack Overflow
Stack Overflow

Questions tagged [.net-security]

Not a stand alone tag. Use with any relevant language, project type and specific security tags. For questions relating to the programming aspects of .NET framework and security. For security questions that are not specific to coding, consider looking at https://security.stackexchange.com/.

Not a stand alone tag. Use with any relevant language, project type and specific security tags. For questions relating to the programming aspects of framework and security. For security questions that are not specific to coding, consider looking at Information Security Stack Exchange.

For more information about see the docs at Security in the .NET Framework

44 questions
15
votes
2 answers

SecurityAction.RequestMinimum is obsolete in .Net 4.0

Recently, our .Net client libaray is upgrading to compile against Net 4.0. After change the target framework to 4.0, the application has some compilation error. In AssemblyInfo.cs: [assembly: SecurityPermission(SecurityAction.RequestMinimum,…
jeffery.yuan
  • 975
  • 1
  • 13
  • 24
14
votes
7 answers

How to forbid calling a method C#

I want to allow calling the method only from the particular methods. Take a look at the code below. private static void TargetMethod() { } private static void ForbiddenMethod() { TargetMethod(); } private static void…
Alexander G
  • 1,829
  • 3
  • 20
  • 30
7
votes
4 answers

Simplest way to prevent someone from loading my managed assembly?

.Net security noob here... What is the simplest way to prevent someone else from loading my assembly? Background: Although I am really looking for just 'good enough' protection (with enough time/money/smarts someone can successfully crack, hack and…
JohnZaj
  • 2,900
  • 5
  • 33
  • 50
6
votes
0 answers

Test a Controller decorated with [Authorize] attribute via TestServer

My application is an ASP.NET Core 1.0 Web API. I would like to test my controllers with the TestServer object. I have a controller class decorated with the Authorize attribute. How i get my testclient: protected HttpClient GetTestClient(){ …
Moritz Schmidt
  • 2,013
  • 2
  • 17
  • 43
5
votes
1 answer

Stopping integer overflow in ASP.NET

We use Acunetix at work to do security scans on our applications. Recently we came across the following Integer Vulnerabilities error below: From what I can tell, it looks like the report is telling us that we are not stopping integer overflow…
ryanulit
  • 4,783
  • 6
  • 36
  • 63
5
votes
2 answers

Remove the domain name from User.Identity.Name

I have he following method inside my action method:- repository.InsertOrUpdateRack(rj.Rack, User.Identity.Name, assetid); But the user name generated from User.Identity.Name will prefix the username with the domain name as…
john Gu
  • 10,469
  • 55
  • 189
  • 381
4
votes
1 answer

.Net Security Zone Permission Sets?

Can someone help me to find web-page or resource where can I see what permissions does each zone have?: Internet Zone My Computer and others. before .net 4.0 I was able to see them in .net configuration tool, but it is not included in .net 4.0 and I…
Zviadi
  • 731
  • 2
  • 8
  • 19
3
votes
0 answers

Dynamic Assembly/Types With ReflectionPermissionFlag.RestrictedMemberAccess

My FlatFiles project uses System.Reflection.Emit to generate deserializers/serializers at runtime to read/write CVS files, etc. Until recently, I was able to simply use DynamicMethod passing in true for the restrictedSkipVisibility constructor…
Travis Parks
  • 7,747
  • 9
  • 44
  • 83
2
votes
1 answer

Starting a .NET project with Membership and Roles. Guide please

Scenario : A web application with user login, roles and permissions. Question : Is it better to start with Visual Studio's / Visual Web developer Express edition's project wizard which contains the user management with it OR start an empty…
BlueBird
  • 6,855
  • 7
  • 31
  • 58
2
votes
1 answer

Not able to retrieve roles from GenericIdentity

I am setting up a GenericPrincipal adding a GenericIdentity & roles to it, but when I try to retrieve roles from it I am getting nothing. However, if I call Principal.IsInRole, it returns the correct value. What am I missing? Example:…
Sri Harsha Velicheti
  • 479
  • 5
  • 18
2
votes
1 answer

is it good to add columns in aspnetdb tables?

I m developing MVC3 application with SQL Server. For security I am using form based authentication (I need to provide authentication and authorization in application). Currently user are being managed in aspnet_users table by Membership api. I am…
user576510
  • 5,379
  • 18
  • 74
  • 137
1
vote
1 answer

Creating .net md5 using javascript

I have used microsoft "system.security.cryptography" to make md5 in c# application but I need something in javascript to make a similar md5 value at the client side, I googling and I found a site Paj's Cryptography that has been created using…
kamiar3001
  • 2,568
  • 4
  • 39
  • 77
1
vote
1 answer

Is the result of a RSA encryption guaranteed to be random

I use RSACryptoServiceProvider to encrypt some small blocks of data. For the solution I'm working on, it's important that if the same piece of source data is encrypted twice with the same public key, the result (the encrypted block of data) is not…
HCL
  • 34,231
  • 24
  • 150
  • 202
1
vote
1 answer

Do I need to validate JWT tokens in asp.net core 2 REST API?

I have the following code in my asp.net core REST API configuration: services .AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.Authority…
Allan Xu
  • 5,501
  • 4
  • 29
  • 66
1
vote
0 answers

Control flow guard C#

I've read an article about Control Flow Guard (https://docs.microsoft.com/en-us/windows/desktop/secbp/control-flow-guard). I'm tried to enable it in my C# application, but the way how it was done in article not working in my Visual Studio 2017. Can…
Hawex
  • 133
  • 11
1
2 3