I’ve blogged some days ago on Securing the password in build definition. I want to make a disclaimer on this subject. The technique described in that article permits you to use encrypted password in a build definition, but this password cannot be decrypted only if you have no access to the build machine. If you […]

Continue reading about Make easy storing secure password in TFS Build with DPAPI

I’ve stumbled upon this funny comic   I usually use long Random generated password, that I store in KeePass for all services that I really care about, (home banking, amazon account that has my credit card, etc), and tend to use easy to remember password for services I do not care very much (stupid online […]

Continue reading about Is there a reason to put restriction on password?

This question is really simple to answer… or no? Suppose you need to verify, in a service, if the user belongs to the xxxx group, and then take a different path of execution if the condition is true. if (Roles.IsUserInRole("xxxx")) { … } Ok, this seems such a piece of innocent code, but actually it […]

Continue reading about How to check if a user belong to a certain role in ASP.Net

Today I was working a little bit on Dexter, and I’m trying to update the security system, the actual login system is based on a membership provider quite old, but I’d like to update it to be CryptoAgile. First of all here is the class UserDto (the name Dto should be changed because it is […]

Continue reading about Desiging a authentication layer with cryptoagility.

In last article I explained how to configure WCF to secure a service with https, with no authentication, now I want to show you the configuration needed to enable role and user membership using a standard asp.net provider. Here is the service definition on the server <service behaviorConfiguration=”WsHttpWithAuthBehavior” name=”MyProject.DoSomethingService”> <endpoint address=”https://mydomain.it/DoSomethingService.svc” binding=”wsHttpBinding” name=”MyService” bindingConfiguration=”wsHttps” contract=”MyProject.IDoSomethingService”> […]

Continue reading about Wcf over https, authentication with asp.net membership