ASP.NET 2.0 Security FAQ / Wiki Released


J.D. Meier and team have been busy creating the ASP.NET 2.0 Security FAQ: an easy to use Q&A format entry-point to the broader ASP.NET security guidance.  It is in Wiki form so you can easily read, comment, update, and contribute.  Find all the great content at: https://channel9.msdn.com/wiki/default.aspx/SecurityWiki.ASPNET2SecurityFAQs — (example questions/answers: how to use forms authentication with Active Directory, how to create custom trust levels, how to implement single-sign on, etc).


This is a must see for everyone building applications using ASP.NET.

Comments (9)

  1. Anonymous says:

    I have a problem when creating an ASP.Net Wep Application with Visual Studio .Net, I got the error message.

    "Visual Studio. Net has detected that the web server is running ASP.Net version 1.0,web the application you are creating or opening can be configured to be compliant with ASP.NET 1.0."

    Please could you help me to solve this problem.

  2. bgold says:

    Misson,

    What version of Visual Studio are you using? what version of the .NET F/X do you have installed? VS is hard bound to a specific version of the .NET F/X — if you have VS2005 then you need .NET F/X 2.0 — for VS.NET 2003 you need .NET F/X 1.1 and for VS.NET 2002 you need .NET F/X 1.0

    in the c:windowsmicrosoft.netframework folder you will see the different installed versions — if you go into the appropriate version you can run "aspnet_regiis -i" to configure IIS for that version of the framework — you can have IIS using all 3 and with 2.0 installed it is easy with inetmgr to confgure which version of the F/X a specific v-root is bound to using the properties on the v-root and the ASP.NET tab. Hope this helps.

  3. Anonymous says:

    I’m creating websites using visual web developer express edition and the pubs database in sqlexpress. All is fine when I run the web from the environment which creates the local web server host.

    But when I try using the IIS server, it never works, complaining about

    "The process account used to run ASP.NET must have read access to the IIS metabase"

    What do I need to do to get my programs running on IIS?

  4. bgold says:

    James:

    can you see if you can run a simple ASPX page in IIS (that does not use SQL Express)? If that works, this is likely a permissions issue between IIS and SQL Express. We might have some troubleshooting docs to help you with this, I’ll investigate once I hear back about the simple scenario.

    Thanks, Brian

  5. Anonymous says:

    I am not able to get the Wizard page if i try to administer my web application using the Administration tool. It allways gives the message unable to choose datastore. and if i try to click on the button showeed to choose the data store it gives tool timed out error. I tied to set it up manually using Aspnet_regsql command line tool and it showed completed but still i am not able to see the wizard page or administer the site .

  6. bgold says:

    Arun — try posting your issue to forums.asp.net/ you’ll get someone who can work with you to track down the problem… I can’t tell from the description — do you have SQL Express installed? Is the connection string in web.config setup right?

  7. Anonymous says:

    Web site administration tool not working. I have Sql2005 installed. The instance name is m<mymachinename>SQLExpress. I also have SQL2000 instance running in my machine. My OS is WindowsXP. The connection string is fine in machine.config. The problem is whether is configure manually or use the Web site administration tool the wizard through which you can set security and create users roles etc is not visible at all.

  8. bgold says:

    ArunKMS: the team suggests the following next step —

    Have them try out a simple aspx page that has:

    Membership.CreateUser("foo","baz");

    Do this with a brand new file-based website that was just created in Visual Studio.

    That will at least trigger a stack dump and exception message if there is something screwy going on.