C# Corner

Resources  
  • Writing Secure Code using C#Apr 06, 2001. Code access security is a mechanism that grants/denies access to resources within a method call. For example, code written by a person may be allowed to write to the disk while code from another one may be forbidden from accessing the disk. This control can be enforced even if the code written by both of them is used within a single application
  • Protecting IL Code from unauthorised DisassemblingApr 09, 2001. Microsoft .NET proved a mechanism where the code written in VB.NET, C# or any CLS compliant languages to generate MSIL (Microsoft Intermediate Language)code which targets the CLR and executes. This is an excellent mechanism to abstract the high level code from the underlying hardware.
  • Understanding How Assert Effects SecurityApr 25, 2001. Assert is a security action that is evaluated at run time. Code Access Permission classes and Permission Sets support a method called Assert. Using the Assert method to control access to resources or actions will allow your code to perform actions that it normally has permission to perform and will allow other callers up stream in the call stack to have access that they would not normally have.
  • Defining Custom Entry PointsApr 30, 2001. In this article i am going to demonstrate how we can manipulate the IL code to change the behaviour of how the .NET programme executes.
  • Viewing Assembly PermissionsMay 02, 2001. In this article I will show you how you can view the Code Groups that an assembly belongs to and what permissions belong to the assembly. I will demonstrate the Caspol utility supplied with the .NET SDK.
  • Xite EncryptionMar 25, 2002. This class contains methods/functions for easily decrypting and encrypting data.
  • XML Signatures in Microsoft .NETMar 28, 2002. In this article we will explore XML Signature specification from W3C and its implementation in .NET using C#.
  • .NET Security in C#Apr 22, 2002. This article shows how to make file I/O access be denied if the user running the application did not have administrator privileges.
  • User Management Utility for Web Form AuthenticationSep 06, 2002. This article deals with the management of user login and password information for a Forms Authentication in ASP.NET.
  • User Management Utility for Web Form Authentication.Sep 06, 2002. This article deals with the management of user login and password information for a Forms Authentication in ASP.NET.
  • Extracting Modules and Component(RSAParameter) from X509Certificate PublicKeyNov 04, 2002. In some applications, it might be necessary to extract the modulus and exponent from the X509Certificate PublicKey. The X509Certificate.GetPublicKey() returns a byte array that contains the ASN.1 Encoding information along with the modulus and exponent as described in the RFC2459.
  • Cryptography in Microsoft.NET Part I: EncryptionDec 12, 2002. Microsoft .NET has pre-built solutions to all of these in each application domain, viz., ASP. NET, Web Services, Serviced Component etc. It enables building secured application by simple configuration as in ASP.NET to full fledged programmable security as in code access security and Cryptography.
  • Cryptography in Microsoft.NET Part II: Digital Envelop and Digital SignaturesDec 18, 2002. Part-I of this article covered cryptography in the context of encryption. This part continues from where part-I left. It assumes that the reader understands the purpose of encryption, knows about the two types of encryption namely asymmetric encryption and symmetric encryption and the fundamental differences between them. It also assumes that the reader understands encryption-decryption classes in System.Security.Cryptography namespace and the stream based encryption model in. NET framework class library (FCL).
  • Hash Password GeneratorFeb 10, 2003. This visual tool generates the hashed password using either SHA1 or MD5 hashing algorithm depending on the choice you make. It will display the hashed password in the read only text box, it can also copy the hashed password to clipboard on your choice for easy paste operation.
  • Developing Secure Web Sites with ASP.NET and IIS: Part IMar 04, 2003. Developing security for a site is like paying tax. You know it should be done at the end of financial year. But you keep it for the last and some time expect you should never have to do it. It is a similar kind of situation when building a web site. There are some web sites available to general public that can be access by any one. The security for these sites can be minimum or none at all. There are some web sites that publish and hold important information that have to be secure one way or another.
  • Developing Secure Web Sites with ASP.NET and IIS - Part IMar 04, 2003. Developing security for a site is like paying tax. You know it should be done at the end of financial year.
  • Developing Secure Web Site with ASP.NET and IIS: PartIIMay 07, 2003. Authentication is a very important element of developing secure sites. It is the starting point of a secure environment for the protected resources. I have discussed several authentication mechanisms available in ASP.NET and how they join with IIS to provide a secure platform to develop sites in Part I of this article. I will be looking at Form Authentication and how to implement it in several sample web applications.
  • Authentication and Authorization in ASP.NETSep 09, 2003. There are two closely interlinked concepts at the heart of security for distributed applications - authentication and authorization.
  • FTP Server in C#Oct 13, 2003. The attached source project is a simple FTP server implementation. This version is very early release of FTP Server.
  • W23 ProtectorNov 24, 2003. The attached project is a W23 Protector. This program protects with a Windows registry code by applying 8 various types of protections. The program also has a security account with 3 types of user system accounts which are saved in an XML file.
  • Directory Services Vs RDBMSFeb 06, 2004. When storing user information, developers can have two choices to choose from - Active directory and a relational database. This article sheds lights on usefulness of each of these and when to use one over the other and vice versa.
  • Code Access SecurityFeb 06, 2004. Code Access Security represents a fundamentally different way of controlling access rights to protected resources. Traditionally, permissions such as access to the file system, databases or network were allocated based on characteristics of the user. All processes executed by the user would assume an equivalent set of permissions.
  • Configuring Publisher Policy FileFeb 20, 2004. Versioning in the Microsoft .NET Framework is managed at the assembly level and is only used when locating strong-named assemblies. By default, the common language runtime loads the assembly whose entire version number matches the version number in the calling assembly's metadata.
  • Implementing Security Access Rights in ASP.NET ButtonMar 24, 2004. In Web based Application, each of the users have different privileges and access rights based on their roles. Each of these roles can have read or write access for different Web pages.
  • Monitoring Remote Log Remotely using WMI in C# and .NETMar 31, 2004. WMI (Windows Management Instrumentation) is a component of the Microsoft operating system that allows you to monitor virtually every piece of the system (either locally or remotely) as well as control the windows operating system.
  • Portal Development in ASP.NET 2.0Jun 04, 2004. The new security controls make authentication a breeze and web parts provides the user the means to customize content. Personalization and Membership features give developers a ready made framework for personalizing the site to suit individual user needs.
  • Securing Your ASP.NET Web Applications Aug 31, 2004. Web application security is not just about attackers hacking websites, stealing sensitive information from websites, sending high traffic to websites with denial of service attacks, viruses, worms and Trojan horses. Are these are the only problems that we have? The answer is no. There are other problems that are frequently overlooked.
  • WS-Security Protocol with .NET – A OverviewOct 11, 2004. WS-Security is a security mechanism for web services coined by IBM, Microsoft and VeriSign. WS-Security introduces the concept of security tokens. These XML-based tokens contain claims about the sender of a SOAP message, and can include data sufficient to prove these claims.
  • Exploring Security in .NET: Part IJul 05, 2005. This article highlights some of the key concepts of .NET Security like Code Access Security, Evidence based Security and many more.
  • How to Maintain a CodeGroup in Security Policy at Runtime?Jul 05, 2005. Whenever protected resources are accessed by an assembly, it’s permissions are determined by the code access security system of CLR. Each permission set granted to an assembly is based on the assembly's evidence (such as its URL or publisher certificate, strong name), which in turn is based on configurable security policy.
  • Security in ADO.NETJul 16, 2005. This article gives a sound idea how to write secure code for ADO.NET . Data Access Layer (DAL) is a common and very curtail for your application. Its very important know some of the basic security points while writing ADO.NET program.
  • Membership ServiceAug 08, 2005. With every new version are added a bunch of new functionality which eases the development of web applications and keeps up to the required security measures to make the applications less susceptible to external threat.
  • Windows Forms 2.0 MaskedTextBox ControlNov 10, 2005. The MaskedTextBox control is a TextBox with mask feature, which allows you to set the format of the data of TextBox such as zip code, date, time, social security, and phone number.
  • Manage and Administer ASP.NET Web Sites in Visual Studio 2005Nov 16, 2005. ASP.NET Configuration Wizard is a new feature available in Visual Studio 2005, which takes care ASP.NET Web Application configuration and deployment problems and allows developers to set Web application settings using a visual interface.
  • Security Setting for ExcelJan 04, 2006. To run the excel report, security settings are required for excel application because while working with the excel application we are going to use some of the classes for manipulating the data inside the file. This article shows how to grant access or rights to those files.
  • Using the DPAPI through ProtectedData Class in .Net Framework 2.0Jan 05, 2006. The objective of this tutorial is to show how the DPAPI can be used to encrypt and decrypt data. Encrypt some data using ProtectedData Class in System.Security.Cryptography namespace and save it to a file. Show that the data can be decrypted using the same class but deferent method. Login as a different user,and show that the data cannot be decrypted.
  • Visual Guard for .NETJan 19, 2006. Novalys announces Visual Guard, which is aimed at setting up user’s profile and permissions for .net application (who is allowed to do what?). The tool easily integrates to any .net application and makes rights/permissions management easier thanks to its administrating console.
  • Authorization and Programmatic ImpersonationFeb 03, 2006. By default, ASP.NET applications usually do not impersonate the original caller for design, implementation, and scalability reasons. For example, impersonating prevents effective middle-tier connection pooling, which can have a severe impact on application scalability.
  • Code Access Security using C# in VS.NET 2005Feb 17, 2006. This article will focus on the definition and configuration of the Code Access Security Policy.
  • Security Steps for Strong AuthenticationFeb 20, 2006. Weak authentication increases the identity spoofing threat. If a user’s logon credentials fall into the wrong hands, an attacker can spoof the user’s identity and gain access to the application. The attacker shares all of the user’s privileges in the application. Credentials must be protected as they are passed over the network and while they are persistent
  • How to get Security UserId after windows Starts a Session Feb 23, 2006. This article explains how to get the security userid after a succesful login when windows starts the session for authenticated user.
  • Message-level Declarative Security Using WSE 3.0Mar 06, 2006. Web Services Enhancement version 3.0 (WSE 3.0) is a SOAP extension managed API (Microsoft.Web.Services3.dll) compatible with the .Net Framework 2.0. This article explores WSE 3.0 in terms of implementing message-level declarative security to Web services and Web service clients.
  • A Glance at Web Application SecurityMar 07, 2006. Web application security involves implementing protective measures against potential threats, malicious or unintentional, that exploit exposed vulnerabilities. Security is best implemented using the defence-in-depth technique by applying protective measures at network, host, and web application levels. This article will focus on security at the application level by exploring IIS and ASP.net authentication, authorization and secure communication.
  • How Easy Cryptography is in VS.NetMar 08, 2006. What can be done regarding the security issues? Part of the solution is to secure important data - more specifically, using strong encryption thats what we will see in this article.
  • Security in Microsoft .Net Framework: Part IMay 18, 2006. This article explain you, how to provide security to your applications.
  • Role Based Security Using Authorization Manager in Windows Server 2003Jul 10, 2006. Authorization Manager in Windows 2003 is the more flexible, scalable and easier administration tool for role based security. Using Authorization Manager we can define roles and the tasks that roles can perform.
  • ASP.NET Security With SQL Server 2005Jul 11, 2006. This article focuses on security concerm when using SQL Server 2005 in ASP.NET application.
  • The Realization of WS-Security Related Specifications by WSE 3.0.Sep 18, 2006. In this article, we are going to learn the basic concepts of WS-Security related specifications and how they are implemented by Microsoft Web Service Enhancements 3.0 technology.
  • Outlook Integration in C#Oct 31, 2006. This article describes how we can manipulate outlook from Visual Studio 2005.
  • Simple Password Encryption ProgramOct 31, 2006. This article shows you how to make a simple password encryption program.
  • WCF Application Implementing the Anonymous Client over Certificate WS-Security scenarioNov 17, 2006. This article explains the techniques, architecture and design strategies in order to address one of the most common scenarios of secure communication in Internet, the Anonymous client over Certificate WS-Security scenario using the message level security mechanisms.
  • Code Access Security - Implementing Publishers Based Security Using Digital CertificatesDec 04, 2006. This article explains how to implement publishers based security using digital certificates.
  • .NET SQL Authorization ManagerDec 15, 2006. .NET Sql Authorization Manager (AzMan x .NET 2.0) allows you to set Item-based permissions for Authorization Manager-enabled Microsoft.NET 2.0 applications. Storage reside on a MS Sql Server DataBase and can be administrated by a managed MMC 3.0 Snap-In.
  • Integrated Security with Web Application Jan 30, 2007. This article will give you an idea about how Integrated Security works with Web Application using Active Directories.
  • File Tampering DetectionMar 06, 2007. This article describes an easy approach to determining whether or not two files are exactly the same.
  • SHA-1 Bit Implementation in C#Mar 15, 2007. This is a bit implementation of the SHA-1. It supports messages 2^32 - 65 bits long.
  • Authentication Modes in ASP.Net for SecurityJul 24, 2007. In this article we will investigate the different types of authentication provided by Asp.net.
  • Impersonation with ASP.NET 2.0Oct 09, 2007. This article explain the impersonation in ASP.NET 2.0.
  • Using Symmetric Algorithms to Encrypt DataMay 20, 2008. In this article, I will propose a method of how to encrypt data and store it using symmetric algorithms whose are, in fact, four integrated classes within the .Net framework, namely DES,RC2,Rijndael and TripleDES but I will perform the task using the two last ones as they are the mostly used in real time cases.
  • Attaching a Digital Certificate (Public Key) to an HTTPS RequestAug 10, 2008. This article will guide you on how to post data to an HTTPS (i.e., secure connection) URL from a Windows application (.NET) by attaching a digital certificate from a certificate file and getting the response back.
  • Web.config file configures fundamental settingsSep 10, 2008. Every web application in ASP.NET includes a web.config file that configures fundamental settings from error message to security.
  • Test for User Group Membership in ASP.NET C#Oct 13, 2008. This article describes a simple approach to determining whether or not a logged in user is a member of a group within the context of an asp.net web based application.
  • Security in Database SystemsOct 23, 2008. In this article, I will cover the principles concerning security and its realization in Oracle database and Microsoft SQL Server.
  • Test for Desktop User Group Membership with C#Nov 10, 2008. This article describes a simple approach to determining whether or not a logged in user is a member of a group within the context of a desktop application. The approach shown relies upon the use of the user’s current Windows identity.
  • The Two Interceptors: HttpModule and HttpHandlersDec 23, 2008. Many times we want to implement pre-processing logic before a request hits the IIS resources. For instance you would like to apply security mechanism, URL rewriting, filter something in the request, etc. ASP.NET has provided two types of interception HttpModule and HttpHandler.
  • Faster Performance of Deployed ASP.Net SitesMay 14, 2009. This article provides a few tips to ensure your deployed ASP.Net always runs with the best possible performance and no security information leakages.
  • Windows Vista Security, Review of Data Execution Prevention Jun 03, 2009. Windows Vista introduces a range of new technologies that make the most secure desktop version of Windows to date. The following article provides an objective analysis of one of these improvements. Our goal is to help people better understand the true security climate that awaits them with Windows Vista, in this case with DEP (Data Execution Prevention).
  • 7 Simple Steps to Enable HTTPS on WCF WsHttp BindingsJun 23, 2009. When we talk about WCF security there are two ways one is the transport level security and the other is message level security. Transport level security is nothing but built in security by protocols itself. In message level security we need to encrypt the data, in other words security is injected in the data itself. In this article we will look in to how we can implement transport level security using WsHttp bindings. We do not need to do extra development for transport level security because it’s more of the protocols inherent security model. In this article we will implement WsHttp using HTTPS as transport security.
  • WCF FAQ Part 3 - 10 Security Related FAQJun 23, 2009. In this article we will start with transport and message security understanding. We will then see simple code samples of how to implement transport and message security using WsHTTP bindings. We will also see what is the difference between ‘BasicHttpBinding’ and ‘WsHttpBinding’ with the help of a simple source code. WCF security is a huge topic by itself, but we are sure with this article you will get a quick start of how to go about WCF security.
  • Transport level Security in WCFAug 10, 2009. This article will give a very brief introduction of transport level security in WCF.
  • Inserting records in a database using stored procedure and ADO.NET technology.Aug 13, 2009. In this article I will explain you how to use CommandType stored procedure to insert records in a database in a disconnected manner.
  • Requesting Admin Approval at Application StartOct 16, 2009. Learn how to make your application requests UAC elevation (in Windows Vista and later versions) at start.
  • ASP.NET Web Configuration FileNov 11, 2009. In this article I will explain you about ASP.NET Web Configuration File.
  • Security in .NET.Mar 02, 2010. In this article I will explain you about Security in .NET.
  • Security and Microsoft .NET Mar 03, 2010. In this article I will explain you about Security and Microsoft .NET.
  • Asset Encryption & XNB SecurityMar 03, 2010. In this article I’ll tell you how you can Encrypt your Assets - that ContentManager in XNA builds automatically - in a simple way.
  • Security Choices for Developers and Administrators Mar 07, 2010. In this article I will explain you about the Security Choices for Developers and Administrators.
  • Security Policy Levels Mar 08, 2010. In this article I will explain you about the Security Policy Levels.
  • 4 Steps to Enable Instrumentation in WCF Mar 14, 2010. Many times we would like to monitor events of WCF application in production environment. We would like to monitor events like errors, security audits, performance etc. This can be achieved by extending the ASP.NET health monitoring system in WCF. The health monitoring system is also termed as instrumentation.
  • Demystifying CLR: Part IMar 15, 2010. In this article, I am going to explain fundamentals of CLR.
  • .NET Framework Security Tools Mar 19, 2010. In this article I will explain you about the .NET Framework Security Tools.
  • Security Classes in .NET Mar 23, 2010. In this article I will explain you about Security Classes in .NET.
  • Authentication on Windows Azure using security certificatesApr 02, 2010. This article will talk about a work around describing how to implement certificate based authentication using the any version of Windows Azure released till date.
  • System.Security.Cryptography Namespace in .NET Apr 02, 2010. In this article I will explain you about System.Security.Cryptography Namespace in .NET.
  • System.Security.Principal in .NET Apr 03, 2010. In this article I will explain you about System.Security.Principal in .NET.
  • System.Security.Cryptography.Xml Namespace Apr 05, 2010. In this article I will explain you about the System.Security.Cryptography.Xml Namespace.
  • Custom WSE 3.0 Policy Assertion - Modifying the Security Header Generated by WSEMay 04, 2010. Recently I encoutered an issue in the WSE security header of an ASP.Net application consuming a Java web service using WSE 3.0 involving the automatic addition of a timestamp in the security header when the UsernameToken is added to the RequestSoapContext.
  • 6 Steps to Implement DUAL Security on WCF Using User Name + SSLMay 20, 2010. In the article we will try to apply DUAL security using transport plus message on WCF services. So we will first try to understand the basic concepts of WCF security i.e. transport and message. Once we understand the concept we will move step by step to how to implement SSL and user name security on WCF services.
  • Exception while creating the sub webJun 07, 2010. In this article you will learn how to resolve security validation exception while creating the sub web.
  • Global.asax in ASP.NET for locking web pages, security and license management systemJun 21, 2010. In this article we will see that global.asax file events. So we can use this every web application for application control, state and Application management , locking web pages , security of web application and license management system.
  • Exploring ViewFormPagesLockDown Feature and Anonymous site securityAug 09, 2010. In this article you will learn how to Explore ViewFormPagesLockDown Feature and Anonymous site security.
  • Random Number Generation and Windows Forms Encryption via C# Parallel ProgrammingSep 07, 2010. An article that describes Encryption and Random Number Generation in C# TPL Parallel code.
  • Focus on New ASP.NET VulnerabilitySep 21, 2010. A new ASP.NET Vulnerability is released by Microsoft. The security hole will allow the attacker to decrypt the ViewState data or retrieve the contents of web.config. We will see the workaround for this issue.
  • CAS (Code Access Security) & .NET 4.0 Security Model FAQ (With Full Video Demonstration)Oct 23, 2010. This article first starts with the basic concepts of CAS like evidence, permission, code groups and caspol.exe. It then moves ahead to demonstrate how CAS can be implemented in real world. This article further talks about ground up changes made in .NET 4.0 for CAS. In those regards it discusses about security transparent model and sandboxing.
  • Data Encryption and Decryption in SQL Server 2008Nov 09, 2010. Because of security concerns some of the data needs to encrypted and pushed across the Server. Here I just want to give a brief detail.
  • Password Policy/Strength JQuery plug-in ValidatorDec 20, 2010. Many a time, entities want to implement a password policy and/or determine password strength for their security purposes.
  • How to calculate total at the Backend using TriggerFeb 28, 2011. How to do Some Backend Calculations Using Triggers for Increased Security
  • Versioning Settings for SharePoint list using powershellMar 07, 2011. In this article we will be seeing how to configure versioning settings for SharePoint list using powershell.
  • Security improvements in SharePoint 2010 Mar 17, 2011. In SharePoint 2010 a variety of security methods has been introduced. In this article I am giving a small introduction of the new security improvement
  • Looking Inside Web.Config configuration file in ASP.NET 3.5Mar 21, 2011. The web.config file contains information that controls module loading, security configuration, session configuration, and application language and compilation settings.

About Security

In information technology the Security is set of restriction of information assets through the use of technology, processes and training. In Computer, Security is the process of preventing and detecting unauthorized use of your computer. It involves the process of safeguarding against intruders from using your computer resources for malicious intents or for their own gains or even gaining access to them accidentally. Security is a branch of Information Security and is often used interchangeably with the term. It encompasses several Security measures such as software programs like anti-virus suites, firewalls, and user dependant measures such as activating deactivating certain software features like Java scripts, ActiveX and being vigilant in using the computer and the network resources. Data present in a computer can also be misused by unauthorized intrusions. An intruder can modify and change the program source codes and can also use your pictures or email accounts to create derogatory content such as pornographic images, fake misleading and offensive social accounts.

SPONSORED BY

Spire.Doc - Free .NET Word API
Use Spire.Doc to create, read, write, print, and convert word documents to OpenXML, RTF, TXT, XPS, EPUB, EMF, HTML, Image and PDF.
European SharePoint Conference