I’ve stumbled upon this funny comic   I usually use long Random generated password, that I store in KeePass for all services that I really care about, (home banking, amazon account that has my credit card, etc), and tend to use easy to remember password for services I do not care very much (stupid online [...]

Continue reading about Is there a reason to put restriction on password?

This question is really simple to answer… or no? Suppose you need to verify, in a service, if the user belongs to the xxxx group, and then take a different path of execution if the condition is true. if (Roles.IsUserInRole("xxxx")) { … } Ok, this seems such a piece of innocent code, but actually it [...]

Continue reading about How to check if a user belong to a certain role in ASP.Net

Today I was working a little bit on Dexter, and I’m trying to update the security system, the actual login system is based on a membership provider quite old, but I’d like to update it to be CryptoAgile. First of all here is the class UserDto (the name Dto should be changed because it is [...]

Continue reading about Desiging a authentication layer with cryptoagility.

In last article I explained how to configure WCF to secure a service with https, with no authentication, now I want to show you the configuration needed to enable role and user membership using a standard asp.net provider. Here is the service definition on the server <service behaviorConfiguration=”WsHttpWithAuthBehavior” name=”MyProject.DoSomethingService”> <endpoint address=”https://mydomain.it/DoSomethingService.svc” binding=”wsHttpBinding” name=”MyService” bindingConfiguration=”wsHttps” contract=”MyProject.IDoSomethingService”> [...]

Continue reading about Wcf over https, authentication with asp.net membership

Wcf over secure transport
on November 25th, 2009
On category: .NET framework

In some older posts, I dealt with wcf configuration to manage authentication of a service with the asp.net membership provider. Now I need to modify configuration, because in another project, all the site is forced over https, and the configuration I used in the other project cannot be used anymore. In older post in fact, [...]

Continue reading about Wcf over secure transport