I have a custom code that I was planning to distribute as class dll. I would like to add Licensing logic to it so that my dll is not distributed freeely to others. In other words, I want to supply dll and licensing for each client. Is there a recommedation on how to do that?
I was thinking on hard coding some lookup value from client hardware and do such validation.. but not sure.
We have developed a small method that pulls a cryptographic key from a signed xml document and then checks the signature using the SignedXml.CheckSignature method.
When run from a command line app the key validates properly. However as soon as I call it from a web app it stops working. Anybody know what could be happening?:
// Verify the signature of an XML file against an asymmetric
// algorithm and return the result.XmlDocument Doc, RSA Key
public static Boolean VerifyLicenceFile(string xmlLicFilePathArg)
{
bool isVerified = false;....
Procedure or function 'Inser1' expects parameter '@CustoemrID', which was not supplied.supply a parameter for binding a gridview
View 4 RepliesI we have created a website that requires users to login. It used forms based authentication and sql server to validation the login credentials.
Should we need to purchase an external connector license from microsoft to be able to host this site on a windows .net platform.
Edit: More information about external connectors. In microsoft licensing world there are cals for users connecting to the windows server software, external connectors are unlimited cal licenses.
I am trying to find a solution to control the number of logins on asp.net application. I need to install the application in the client server, and set the number of licences. e.g. only 10 users are allowed to access the app.
Every time someone tries to login I need to check how many user are logged in, compare with the total allowed then authorize that user to proceed.
I tried with Certificate, but I couldn't see where to match the number of logged in users with the max number of allowed user.
Also I would like to use the IP address as identifier, then if I open 3 browser windows, it count only one user logged.
Basically this web application will be sold by licences. We need to control the logins per computer, and not per user, and block logins if the limit of logins are reached.
We have a web application that I've just enhanced (and gotten rid of the MsgBox in it , too!) It runs on our production web server. I have the solution loaded in VS2005 on my PC. It's been deployed before, but this is the first time I am deploying it and I want to make sure I know what I'm doing. So I will choose Publish from the Build menu, and I think I want to say Remote Site - is that what will plop all my new stuff over the old? And is the value that I supply for Remote Site the URL, or would I use the IP
View 21 RepliesI am working on project in VS 2008 (ASP.Net, C#).
When I view a page in browser it throws following error.
Could not load file or assembly 'Microsoft.Licensing.Permutation_f50a9_2.0(1907)' or one of its dependencies. The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Licensing.Permutation_f50a9_2.0(1907)' or one of its dependencies. The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))
Source Error:
[Code]....
i built a user control and i want to make one of its properties as a must, that's mean if you not supply this control when you create the control the project won't be compile, just like if you omit the runat="server" property.
View 17 RepliesJust looking for recommendations, we have a need to supply a chat-room for our customers. It will be small-mid scale usage, has anyone purchased any products recently that they recommend? Open to bundled, open-source, or SaaS implementations.
View 2 RepliesI am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
The <%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token"
====================CODE=======================
data["fiscalyear"] = fiscalyear;
data["subgeography"] = $(list).pa n
[code]....
I am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
<%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token
I have a form in formview which uploads data to my mssql databse fine. I want to send an e-mail after the data is uploaded to supply notification that someone has filled out the form. I am trying to use OnItemInserted to achieve this. This is the error message I get:
Compiler Error Message: CS0122: 'Personal_Loans.ClientappFormView_ItemInserted(object,
System.Web.UI.WebControls.FormViewInsertedEventArgs)' is inaccessible due to its protection level
linked to the line of code for the formview:
<asp:FormView ID="Clientapp" runat="server" DataKeyNames="Key" DataSourceID="ClientData" DefaultMode="Insert" OnItemInserted="ClientappFormView_ItemInserted" >
My code on the page behind is this:
void ClientappFormView_ItemInserted(Object sender, FormViewInsertedEventArgs e)
{
TextBox email = (TextBox)Clientapp.Row.FindControl("email");
DropDownList title = (DropDownList)Clientapp.Row.FindControl("title");
This is then followed by the e-mail sending code. The servers CAS level is set to "full" I have tried using capitals and all lowercase for OnItemInserted I get the same result.
I'm developing my first commercial server control and I was wondering how people manage licensing and piracy. Is there a product that will help with managing demo/paid version? Keep the license from being passed around and abused?
View 1 RepliesI finished watching MVC 2 Model Validation video and they added attribute:
[Required (ErrorMessage="Please supply a name for this product")]
public string ProductName{ get; set; }
This is ok if you want to display English but how do you handle Localization?
when I am trying to accept '<abc' as password in password field I am getting following error.
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$content$txtPass="<abc")
I want the login password to not be sent in plaintext (due to the risk of hijacking). I know that this can be achieved in principle using MD5 or the like, but is there a common implementation for use with Asp.Net? Of course, it's crucial that the resulting hash (?) isn't easy to decrypt. When I read various posts on this matter, some people say it's just to do a reverse on the encrypted string, so that in effect, this is totally useless.
View 6 RepliesI set up my web site to use SSL encrption and I set the settings in IIS to ignore client certificate. But when i access the web site from a client browser, it still shows "403" error.
View 1 RepliesI have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be".
It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage?
I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.
I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic
mode, and Vista/7 for advance mode).
Here's what I am up against:
I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.
The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.
These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and reopen the broser to navigate and render the asp.net app.
Problem:
It's a pain to ask the users to request and have issued a client certificate every 48 hours.
The IT staff of this company has asked if I can create some sort of certificate that they can load in the "local computer" certificate store, NOT the "Current User" store, that will be made part of their base image for all their servers, and that this certificate is then used to properly authenticate all users on these servers to my IIS with "require client certificates" selected.
Question:
Is this possible, and if so what can I do on my side to create the proper certificate to give to the IT staff at this business to put into their servers "local computer" certificate store? I assume either under the Personal->Certificates store, or under the "Trusted Root Certification Authorities"->Certificates store. Thus allowing any user of these servers in their thin client virtual environment to open I.E., navigate to my site and select a certificate from the "Choose a digital certificate" popup that allows them to render my Asp.Net application, or avoids this popup altogether.
If this is the wrong forum to post in, please advise and I will move. Probably due to vernacular on my part, I have been unable to find any resources on here, MSDN or Bing to help me solve this problem.
I need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
I would like to identify users that connect on a intranet web server (IIS) with client certificates.
I've set up a CA server on a Windows 2003 server pc. On my development pc, i've a windows xp with a web server (IIS) running.From my web server, i generated a certificate request (i specified the netbios name of my web server because this setup is for an intranet), i used that request to generate a web server certificate and i installed it on my IIS to allow SSL connection. . Now, i can connect with https to my web server from an internet explorer. I configured the web server to 'require client certificates'.
I would like to authenticate the users with a client certificate installed on each users pc. My CA server allows users to request a client certificate (domain user) from the CA server just by typing the url of the CA server and click 'User Certificate', 'submit' and then 'Install this certificate'.
In order to test my setup, i opened a Internet Explorer from a pc which resides in the domain and i requested and installed the user certificate. Then i connected to my web server and i get a window with the title "Choose a digital certificate". This window is always empty and never proposes the client certificate i previously installed on the user pc.
I've no idea of what i missed during my setup. I'm still wondering how the browser knows how to select which certificate must be displayed according to the url typed in the address bar.
I wonder if the value of Identity.Name is visible (any way) at the client side?
So, it is safe to use the userID as cookie name?
[Code]....
I was create a new website. I want to give some services and gifts about my cridentials. User add his/her website and get some comments. Every comment has a for example 5 points. Every 1000 points I will give some gifts. But if somebody change ip address they also add comment again. Same ip has only one comment in a day.
View 2 RepliesIm using forms authentication on a site. I have a requirement where I have to log the username of the user that is currently logged into the computer. It is not a public site. It is an intranet site at work. I have tried several different methods but they all return the username of the user that is logged into the site. The methods I have tried are below. Note: I would perfer to log the username without the domain.
[Code]....
We have a large extranet asp.net application that users forms authentication. In addition, for SCCM purposes, each computer in the company has a client certificate installed.
Now the question has been raised:
Is it possible for us to test for the presence of this certificate from our asp.net code behinds?
We don't want to switch our security to require client certificates to access the site, there are just parts of some pages that we'd rather not display if the person viewing the site is not using a company issued machine.