Browse by Tags
All Tags »
Security (
RSS)
Few year ago, when I was being an ASP.NET enthusiast, I had to deal with the problem known as hop the credential over servers. It looks that this problem still is the major pain for the most of ASP.NET developers, because many of them so often asks me...
Whenever you are going to map user identity to a Windows identity using the certificate in WCF development, there's no active mapping from the client certificate to a Windows account. You can enable it by setting mapClientCertificateToWindowsAccount...
Microsoft Patterns and Practices Group has published a nice guidance for WCF security. Excellent set of Questions and Answers, separated in different categories such as: Design Considerations, Auditing and Logging, Authentication, Authorization, Exception...
Everyone who knows Kerberos will agree that it is still one of the most secure authentication mechanism but at the same time it is the dubious task to configure Kerberos authentication because his complexity and presents a difficult task to undertake...
A common scenario for developers is that they create an assembly that needs to be hosted by application with permission given to it by default from Internet or LocalIntranet zone code groups. Typical example for this scenario is any hosted assembly in Internet Explorer....
Windows Server 2008 Security Guide is available on Microsoft TechNet site and my favorite subject inside is actually IIS7 related chapter ( Chapter 6: Hardening Web Services ). This chapter focuses on how to harden Web servers running Windows Server 2008...