www.leastprivilege.com

AddIns • ASP.NET • CardSpace • Conferences • For Your Favourites • FX Security • IdentityModel • IIS • Microsoft Deutschland Security Portal • Misc • Publications • Samples • Security in Whidbey • Tools • Tools for Thinktecture • WCF • Whidbey General • Work in Progress • No Category •

AddIns (1)

1/11/2008 6:57:09 AM UTC System.AddIn Pipeline Builder

ASP.NET (26)

4/19/2008 7:44:05 AM UTC Custom Basic Authentication is now on Codeplex
4/16/2008 4:02:36 PM UTC InfoCardSelector is now on Codeplex
4/12/2008 5:56:02 AM UTC Developing ASP.NET Applications in Medium Trust
3/30/2008 8:49:07 AM UTC Using Information Cards in ASMX Web Services
3/22/2008 1:54:39 PM UTC Using IdentityModel: Some Samples
3/20/2008 6:54:32 AM UTC Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)
3/19/2008 7:23:49 AM UTC Using IdentityModel: Adding ASP.NET Support Part 1 (Authentication based Claims)
3/19/2008 12:22:10 AM UTC Using IdentityModel: IdentityPrincipal
3/18/2008 7:23:35 AM UTC Using IdentityModel: Adding Claims Support to ASP.NET (Spoiler)
2/19/2008 3:45:28 PM UTC Using IdentityModel: Claims
2/12/2008 8:33:01 AM UTC Extending IIS 7 Configuration
1/31/2008 8:26:51 AM UTC UserName SupportingToken in WCF
1/18/2008 6:19:02 PM UTC ASP.NET Internals Spelunking II
1/18/2008 9:50:03 AM UTC ASP.NET Internals Spelunking
1/12/2008 8:49:51 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS7
1/12/2008 7:48:22 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Adding WCF Support)
1/12/2008 5:29:31 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Setting up IIS6/ASP.NET)
1/12/2008 10:42:42 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 2 - The HTTP Module)
1/11/2008 6:13:57 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 1 - Basic Authentication)
1/11/2008 8:24:39 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 0 - Intro)
1/3/2008 10:02:22 AM UTC Some new IIS7 Resources
12/7/2007 8:36:48 AM UTC Extension Methods for AntiXss
10/23/2007 9:02:29 AM UTC ValidateRequest does not mitigate XSS completely
10/20/2006 10:09:22 AM UTC WCF proxies in partially trusted ASP.NET Apps
9/27/2006 10:47:46 PM UTC RolePrincipal vs. RoleProviderPrincipal
9/25/2006 9:35:51 PM UTC Hosting WCF Services in ASP.NET - The Survival Guide

CardSpace (11)

4/16/2008 4:02:36 PM UTC InfoCardSelector is now on Codeplex
3/30/2008 8:49:07 AM UTC Using Information Cards in ASMX Web Services
3/22/2008 1:54:39 PM UTC Using IdentityModel: Some Samples
3/11/2008 6:32:45 AM UTC STS? Available!
2/2/2008 10:43:23 PM UTC Information Cards and PPIDs (again)
12/27/2007 9:52:24 AM UTC The Future of the ASP.NET InfoCardSelector Control
12/19/2007 6:23:13 PM UTC Demo Site for InfoCardSelector ASP.NET Control
12/16/2007 9:29:37 AM UTC Updated InfoCardSelector ASP.NET Control for No-SSL Scenarios
11/20/2007 12:04:28 PM UTC STS? Coming soon!
6/23/2007 2:40:34 AM UTC MSDN UK CardSpace Nuggets
3/17/2007 9:43:13 AM UTC CardSpace and decrypting Tokens

Conferences (32)

6/7/2008 4:44:43 AM UTC Software Architect 2008
3/16/2008 8:56:42 AM UTC Troopers08
10/4/2007 7:13:31 AM UTC TechEd:Developer 2007 Security Track
6/23/2007 3:43:00 PM UTC Recorded Sessions from IMTC
5/23/2007 9:43:50 AM UTC "Hello {0}: {1}", "Dublin", "Irish Microsoft Technology Conference"
4/16/2007 6:17:56 PM UTC TechDays IIS7 Talk
12/1/2006 9:52:17 AM UTC TVP Slides
10/25/2006 8:23:54 AM UTC TechEd 2006
9/22/2006 11:21:44 AM UTC BASTA Nachtrag
7/20/2006 9:14:32 AM UTC BASTA 2006
4/13/2006 10:56:55 AM UTC MSDN Ireland Slides and Demo
4/12/2006 9:36:36 AM UTC Back from Ireland
4/8/2006 7:58:45 AM UTC ASP.NET Security in Ireland
3/29/2006 8:38:17 PM UTC Security DevDays 2006
2/25/2006 10:08:46 AM UTC DevWeek 2006
2/17/2006 7:38:26 AM UTC Spring BASTA 2006
11/29/2005 3:10:24 PM UTC Advanced Developers Conference
11/14/2005 5:35:27 PM UTC DevWeek 2006
9/26/2005 11:50:52 AM UTC BASTA 2005
3/25/2005 7:33:15 AM UTC CompuWare Security Checker/Fault Simulator Roadshow
2/25/2005 7:09:00 PM UTC DevWeek 2005 Post Conference
2/22/2005 5:12:01 PM UTC DevWeek Slides and Demos
2/22/2005 4:12:23 PM UTC Arrived at DevWeek
12/13/2004 11:23:53 AM UTC CompuWare Keynote
11/10/2004 8:21:10 PM UTC ADC Slides
11/9/2004 8:49:31 PM UTC Advanced Developer Conference
10/31/2004 7:58:24 AM UTC Speaking at DevWeek 2005
10/30/2004 7:15:18 AM UTC WinDev: Improving Application Security through Penetration Testing
10/30/2004 7:02:26 AM UTC WinDev : Designing Application Managed Authorization
10/28/2004 7:35:34 PM UTC WinDev and Slides
8/23/2004 12:31:43 PM UTC Advanced Developers Conference
5/6/2004 6:20:57 AM UTC Speaking at WinDev!

For Your Favourites (125)

5/28/2008 8:39:37 AM UTC SQL Server Security Best Practices
5/26/2008 8:02:32 PM UTC OpenID Phishing Demo
5/18/2008 3:22:24 PM UTC How to change validity period of issued certificates in Windows Certificate Services
5/2/2008 4:09:01 AM UTC P2P and WCF: Some Resources
4/20/2008 7:15:28 AM UTC Token Kidnapping
3/16/2008 8:56:42 AM UTC Troopers08
2/10/2008 9:47:02 AM UTC PowerTab
2/9/2008 6:57:28 AM UTC My +1 List
2/2/2008 10:43:23 PM UTC Information Cards and PPIDs (again)
1/26/2008 8:34:39 AM UTC Web Deployment Projects for Visual Studio 2008
1/24/2008 8:13:29 AM UTC LeastPrivilege on RunAs Radio
1/11/2008 6:57:09 AM UTC System.AddIn Pipeline Builder
1/8/2008 6:54:20 AM UTC Configuration Section Designer
12/7/2007 11:15:45 AM UTC Least Privilege, WCF and Named Pipes
11/20/2007 12:04:28 PM UTC STS? Coming soon!
10/25/2007 6:04:41 AM UTC Try XSSDetect
10/23/2007 9:02:29 AM UTC ValidateRequest does not mitigate XSS completely
9/27/2007 9:01:45 AM UTC Details of CardSpace RP Identity Generation
9/25/2007 1:29:39 PM UTC CardSpace in 3.5 doesn't require SSL
8/26/2007 9:38:37 AM UTC Good Article on System.IdentityModel
8/25/2007 10:45:10 AM UTC Live ID and Information Cards - just good friends...
8/20/2007 8:07:56 AM UTC Guidance on User and Password Management
8/9/2007 7:17:24 AM UTC Extend Your WCF Services Beyond HTTP With WAS
7/21/2007 4:42:48 AM UTC Excellent ASP.NET Information
7/12/2007 7:49:50 AM UTC Windows Integrity Mechanism
7/11/2007 6:38:04 AM UTC New WCF Security Samples
6/28/2007 3:55:55 AM UTC Information Card Kits for ASP.NET and HTML
5/3/2007 9:47:50 AM UTC Orcas, WF, WCF and CardSpace
4/3/2007 9:40:50 PM UTC Making my Visual Studio better
3/23/2007 5:42:29 PM UTC SQL Server 2005 Security
3/7/2007 12:49:38 PM UTC Debugging Services on Vista
2/22/2007 9:15:50 AM UTC New (and finalized) CardSpace Resources
2/14/2007 11:07:19 PM UTC My 1st MSDN Magazine Article
2/6/2007 7:52:26 PM UTC CardSpace and OpenID
2/6/2007 11:08:11 AM UTC SPNs and IIS
2/5/2007 8:35:40 PM UTC Certificate Revocation and Status Checking
1/5/2007 4:34:09 PM UTC Protocol Transition Revisited
12/9/2006 8:19:32 AM UTC Known Differences Between IIS7 Integrated and Classic Mode
11/20/2006 8:49:55 PM UTC AntiXss 1.5
11/2/2006 5:51:38 PM UTC SecureString Redux
10/10/2006 9:47:08 PM UTC New ASP.NET 2.0 Vulnerability
10/8/2006 8:06:50 AM UTC FXCop Rules for WCF Security
7/31/2006 8:08:27 PM UTC Joe Kaplan is blogging
7/21/2006 5:14:35 PM UTC ASP.NET 2.0 Security Reference Implementation
7/18/2006 3:42:04 PM UTC Dark Room
7/7/2006 7:44:08 AM UTC UAC Screencasts
5/24/2006 9:03:15 AM UTC IIS 7
5/3/2006 6:57:15 AM UTC Consolas for Download
4/28/2006 8:40:58 AM UTC ASP.NET Background Threads and Unhandled Exceptions
4/24/2006 11:09:14 AM UTC The Developer Highway Code
4/14/2006 9:46:42 AM UTC Even more Provider Resources
4/1/2006 6:25:17 PM UTC Two essential productivity Tools
3/22/2006 9:44:34 AM UTC Attacking Windows and Web Applications
3/17/2006 10:03:11 PM UTC Dick did it again
3/11/2006 3:47:37 PM UTC Two Goodies from Microsoft
1/18/2006 9:00:00 PM UTC IIS Diagnostics Tools released
1/12/2006 2:50:33 PM UTC C++/CLI Webcast
1/10/2006 4:53:54 PM UTC ADFS Resources
12/17/2005 7:57:11 PM UTC NegotiateStream and NTLM
12/16/2005 6:56:14 AM UTC New Security Features in 2.0
11/26/2005 6:53:54 AM UTC Dinis is blogging again
10/28/2005 6:14:40 AM UTC HttpCfg GUI Tool
10/18/2005 1:42:49 PM UTC ASP.NET Provider Architecture
10/17/2005 5:12:16 PM UTC Reserving HTTP.SYS Namespaces programmatically
10/11/2005 5:24:58 PM UTC ShowContexts - updated again
10/5/2005 4:43:18 PM UTC Identity 2.0
10/4/2005 7:35:40 AM UTC Monad Documentation
8/27/2005 6:42:36 AM UTC ASP.NET Web Project System
8/25/2005 12:22:32 PM UTC Credentials and Delegation
8/24/2005 4:09:34 PM UTC Shawn's What's new in .NET 2.0 Security
8/9/2005 9:38:51 AM UTC IIS6 Documenation
8/6/2005 8:19:04 AM UTC ASP.NET 2.0 Configuration
7/26/2005 6:22:08 AM UTC Bootstrapping AppDomainManagers
6/19/2005 6:47:44 AM UTC Monad Beta 1
6/11/2005 11:12:20 AM UTC Peter Gutmann
6/11/2005 11:09:32 AM UTC Interesting Read about XML Security
6/8/2005 8:42:01 AM UTC Channel 9 Security Wiki
6/6/2005 8:06:12 AM UTC ASP.NET 2.0 Cache/Control Debugger Visualizer for VS2005
5/31/2005 1:39:34 PM UTC EventLog as RSS Feed
5/12/2005 5:03:39 AM UTC ASP.NET Development Helper
5/9/2005 5:24:14 AM UTC Authorization Manager Table of Contents
5/7/2005 8:02:33 AM UTC ADFS Overview
5/7/2005 7:50:58 AM UTC Windows Server 2003 R2 Trial
5/6/2005 12:31:26 PM UTC Slowing down automated Attacks
4/28/2005 3:37:50 PM UTC Turning CAS off in Whidbey
4/27/2005 9:32:56 AM UTC New Blogs on the Block
4/23/2005 8:18:58 AM UTC LogParser Update Available
3/23/2005 10:17:40 AM UTC The Subtleties of Impersonation
3/22/2005 9:07:44 AM UTC The Future of AzMan?
3/19/2005 8:12:14 AM UTC Partial Trust ASP.NET on MSDN TV
3/14/2005 9:55:15 PM UTC Pierre Nallet
3/5/2005 2:26:39 PM UTC Custom ASP.NET 2.0 Provider
2/19/2005 11:41:12 AM UTC WSE Policy Advisor
2/15/2005 7:26:56 PM UTC Samoa: Formal Tools for Securing Web Services
1/21/2005 6:11:37 AM UTC LogParser 2.2
1/18/2005 6:52:31 PM UTC WMI Scriptomatic 2.0
1/5/2005 2:47:23 PM UTC www.logparser.com
12/29/2004 8:35:06 PM UTC Windows Auditing Blog
12/26/2004 9:22:53 AM UTC XPath Injection
12/24/2004 10:12:08 PM UTC Troubleshooting Kerberos Delegation
12/13/2004 10:26:07 AM UTC XSS through dynamic Colors
12/7/2004 9:38:40 AM UTC WSCF 0.4 released
11/26/2004 10:47:19 PM UTC IPSEC Front-End
11/21/2004 5:47:10 PM UTC .NET Delegates: A C# Bedtime Story
11/20/2004 11:09:09 AM UTC Hosting ASP.NET/ASMX in an arbitrary process
11/17/2004 12:01:45 PM UTC Another "security guy"
11/7/2004 10:23:40 AM UTC Common ASP.NET Security Issues
8/17/2004 6:55:07 PM UTC ACL Support for .NET
8/3/2004 9:37:20 AM UTC Keith's Book-In-A-Wiki
7/25/2004 9:40:17 AM UTC The PrivBar and more on Non Admin
7/24/2004 12:22:07 PM UTC Whidbey Watch
7/24/2004 9:22:46 AM UTC LookOut
7/24/2004 8:20:39 AM UTC A First Look at SQL Server 2005 for Programmers
7/21/2004 5:17:21 PM UTC Session Hijacking
7/17/2004 9:03:33 AM UTC ASP.NET Security KB Articles
7/1/2004 6:18:49 AM UTC What's new in .NET 2.0 Beta 1 ASMX
7/1/2004 5:12:23 AM UTC VS.NET and non-Admins
6/19/2004 8:31:35 PM UTC XP SP2 Changes - New Document
6/18/2004 6:39:52 PM UTC Network Ports Used by Key Microsoft Server Products
6/7/2004 3:07:24 PM UTC A .NET Developers Guide to Windows Security
6/6/2004 10:36:34 AM UTC XMLSpy for Free
5/26/2004 7:24:13 PM UTC PluralSight
5/26/2004 5:49:23 AM UTC New Toys this week
5/25/2004 11:00:02 AM UTC WSE2 is out!!!
5/3/2004 5:28:49 AM UTC Reflector 4

FX Security (2)

5/15/2008 6:53:45 AM UTC Two important Security changes in .NET 3.5 SP1
1/16/2008 6:15:28 AM UTC Simplified Impersonation Model

IdentityModel (25)

IIS (11)

6/12/2008 10:55:59 PM UTC Advanced Extensions to IIS 7 Configuration
6/5/2008 9:16:30 AM UTC Writing IIS 7 Manager Extensions
5/14/2008 6:34:10 AM UTC Improved IisRegMgmt
4/20/2008 6:50:57 AM UTC Installing an IIS 7 Extension
4/19/2008 7:44:05 AM UTC Custom Basic Authentication is now on Codeplex
4/3/2008 8:04:24 AM UTC Beware of Whitespaces in WAS Configuration
2/29/2008 8:35:41 AM UTC New IIS7 Resources
2/12/2008 8:33:01 AM UTC Extending IIS 7 Configuration
1/12/2008 8:49:51 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS7
1/11/2008 6:13:57 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 1 - Basic Authentication)
1/3/2008 10:02:22 AM UTC Some new IIS7 Resources

Microsoft Deutschland Security Portal (48)

4/22/2008 11:49:20 AM UTC Ein Session Abstract ganz genau nach meinem Geschmack
10/10/2007 7:09:23 AM UTC .net@movies Episode 1 - Web Security
10/4/2007 7:20:23 AM UTC Sichere Software mit Microsoft .NET entwickeln
7/6/2007 7:52:03 AM UTC WCF Security Webcast
6/23/2007 2:49:02 AM UTC MSDN Security Code Clips
5/25/2007 6:59:08 AM UTC Online Vorlesungen zu Betriebssystem Architektur
2/22/2007 4:34:19 PM UTC MSDN WebCast: ASP.NET Security 4 - Logging und Instrumentation
2/1/2007 5:05:39 PM UTC ASP.NET Security Webcast Teil 3 - Speichern von Daten
1/29/2007 4:41:11 PM UTC ASP.NET Security WebCast Teil 2 - Eingabe Validierung
1/24/2007 5:18:07 AM UTC WebCasts im Februar
1/17/2007 4:39:37 PM UTC ASP.NET Webcasts Teil 1 - Authentifizierung und Autorisierung
1/9/2007 7:46:21 AM UTC ASP.NET Security WebCasts auf MSDN
10/30/2006 10:30:47 PM UTC Interview mit Mike Downen
10/24/2006 12:45:16 PM UTC Simple Sandboxing API Artikel
10/23/2006 1:54:49 PM UTC MSDN Webcast: Zertifikate in .NET 2.0
10/23/2006 10:13:06 AM UTC ADC Nachtrag
10/17/2006 11:39:26 AM UTC Webcasts im Oktober
7/20/2006 9:14:32 AM UTC BASTA 2006
6/30/2006 7:01:57 AM UTC ASP.NET/.NET Guidance Explorer
6/21/2006 8:58:57 AM UTC ASP.NET Security Hub
6/12/2006 6:06:15 AM UTC WCF & WCS
5/29/2006 9:27:56 AM UTC Informationen ueber IIS7
5/22/2006 8:50:21 PM UTC Online Krypto Vorlesungen
5/14/2006 5:37:50 AM UTC Zugriffsrechte für HTTP.SYS
4/28/2006 8:16:21 AM UTC Neue Security Artikel in Deutsch
4/23/2006 7:49:59 AM UTC ShowContexts ASPX & ASMX
4/14/2006 9:48:35 AM UTC Source Code der ASP.NET 2.0 SQL Provider
4/8/2006 8:52:59 AM UTC Zwei Essentielle Tools für ASP.NET Entwickler
4/5/2006 6:14:29 AM UTC Jörg Neumann bloggt!
3/29/2006 8:38:17 PM UTC Security DevDays 2006
3/26/2006 10:25:24 AM UTC Angreifen von Windows- und Web-Anwendungen
3/20/2006 12:31:38 PM UTC Identity Management
3/15/2006 7:28:07 AM UTC Sichere Kommunikation mit .NET 2.0
3/9/2006 9:35:37 AM UTC ASP.NET Custom Validation Controls
3/3/2006 5:18:52 PM UTC Custom ASP.NET Validation Control
2/25/2006 10:14:58 AM UTC Security macht Spass!
2/21/2006 10:26:45 AM UTC WCF 1.0 und Partial Trust
2/17/2006 7:38:26 AM UTC Spring BASTA 2006
2/12/2006 1:57:00 PM UTC Vorsicht vor Cassini
2/2/2006 6:10:04 AM UTC .NET 2.0 Security in der Computer World
1/30/2006 6:42:02 PM UTC ClickOnce Security Artikel
1/25/2006 7:45:07 AM UTC Kerberos Troubleshooting Ressourcen
1/18/2006 8:39:35 PM UTC Neue Security Artikel Januar 2006
1/12/2006 3:44:46 PM UTC ADFS Ressourcen
12/28/2005 2:35:47 PM UTC Coole Crypto-Demo
12/27/2005 8:56:57 AM UTC ASP.NET 2.0 Provider Ressourcen
12/16/2005 6:58:11 AM UTC Neue Security Features in .NET 2.0
12/13/2005 12:05:51 PM UTC Windows 2003 R2 geht RTM

Misc (32)

7/2/2008 8:53:58 PM UTC Re:MVP
3/18/2008 7:46:15 PM UTC General Failure when pinging the local Machine Name
1/24/2008 8:47:28 AM UTC Jörg Neumann in da House
1/15/2008 6:47:23 AM UTC Most popular Content in 2007
7/5/2007 9:28:54 AM UTC Hit by Identity 1.0
7/2/2007 8:30:53 AM UTC Re:MVP
3/13/2007 9:13:02 PM UTC I can read your (G)mail
3/13/2007 10:55:29 AM UTC Hotels and Emails
1/30/2007 4:59:06 PM UTC The universal Rules of Input Validation
1/27/2007 7:47:35 AM UTC Source Code Navigation
10/10/2006 9:59:00 PM UTC Sicherheitsbewusste Programmierer
8/19/2006 2:10:31 PM UTC Back from Vacation
7/27/2006 7:22:51 PM UTC Manuscript Shipped
7/24/2006 7:39:55 AM UTC iTunes and Windows 2003 - Update
7/20/2006 9:09:04 AM UTC iTunes and Windows Server 2003
7/1/2006 5:49:11 PM UTC Re-MVPed
3/3/2006 5:18:52 PM UTC Custom ASP.NET Validation Control
2/4/2006 6:54:24 AM UTC Blog Content
1/14/2006 5:06:07 PM UTC Useful VS keyboard shortcut
12/31/2005 1:10:26 PM UTC New Year, New Operating System
10/25/2005 6:31:49 AM UTC Security Audit of the TSA Network
6/19/2005 6:47:44 AM UTC Monad Beta 1
6/2/2005 2:58:22 PM UTC Gudge tries to make Indigo Secure
4/13/2005 4:36:00 PM UTC Back to normal Operation
4/1/2005 1:42:59 PM UTC Save classic IDL!
12/16/2004 7:57:18 PM UTC Ctrl-F5 is back!
11/25/2004 8:57:08 AM UTC Subliminal Messaging
11/21/2004 5:05:05 PM UTC leastprivilege Screen Saver
10/24/2004 8:55:26 AM UTC Off to WinDev
9/21/2004 6:10:23 PM UTC Go and Buy It!
7/12/2004 8:53:27 PM UTC SKYPE
5/4/2004 6:04:42 PM UTC Happy 1st Birthday OS/2 2.0

Publications (5)

7/10/2006 11:02:59 AM UTC HttpListener Artikel Teil 2: ASP.NET Integration
7/6/2006 10:28:15 PM UTC HttpListener Artikel
5/31/2006 7:05:46 AM UTC Arbeiten mit Zertifikaten in .NET 2.0
5/17/2006 5:35:51 AM UTC MSDN Security Feature
4/28/2006 8:16:21 AM UTC Neue Security Artikel in Deutsch

Samples (16)

1/16/2008 6:15:28 AM UTC Simplified Impersonation Model
4/13/2007 5:57:44 PM UTC CardSpace, PPIDs and UniqueIDs – my Conclusion
5/6/2006 7:58:24 PM UTC HttpListener, Authentication and ASP.NET
3/2/2006 5:58:16 AM UTC Password Complexity ASP.NET Validation Control
10/7/2005 7:46:42 PM UTC Secure Remoting
9/13/2005 8:33:32 PM UTC CrypterPK (Beta 2)
8/1/2005 2:02:52 PM UTC ASP.NET MembershipProvider for Web.config (2nd Try)
7/27/2005 6:34:08 AM UTC ASP.NET MembershipProvider for Web.config
7/24/2005 8:24:19 AM UTC Installing Performance Counters
7/13/2005 2:22:21 PM UTC Policy Assemblies Headaches
6/18/2005 8:11:03 PM UTC ShowContexts (.NET 2.0 Version)
2/28/2005 5:51:52 PM UTC NegotiateStream Sample
2/28/2005 5:19:20 PM UTC SslStream Sample
2/3/2005 7:27:06 AM UTC Run CMD under different credentials
1/30/2005 10:30:43 AM UTC Security Instrumentation with WMI
1/29/2005 2:26:22 PM UTC ProtectedXml

Security in Whidbey (21)

5/18/2005 7:27:07 AM UTC Full Trust in Whidbey
4/28/2005 3:37:50 PM UTC Turning CAS off in Whidbey
2/28/2005 5:51:52 PM UTC NegotiateStream Sample
2/28/2005 5:19:20 PM UTC SslStream Sample
2/27/2005 1:46:56 PM UTC Generating Certificates for SslStream
2/14/2005 12:32:52 PM UTC HttpOnly and ASP.NET
2/3/2005 7:27:06 AM UTC Run CMD under different credentials
2/1/2005 8:29:02 PM UTC Essential .NET Security 2.0
1/29/2005 2:26:22 PM UTC ProtectedXml
1/22/2005 12:40:42 PM UTC Remoting and IPC Channel
12/18/2004 10:22:14 AM UTC Protected Configuration
10/20/2004 3:07:56 AM UTC ACL Support in .NET 2.0
7/25/2004 4:30:22 PM UTC CrypterPK (The Public Key Crypto Edition)
6/30/2004 4:44:51 AM UTC Security Changes in ASP.NET 2.0
6/3/2004 11:25:45 PM UTC Managed SSL
6/2/2004 9:36:34 PM UTC Managed CreateProcessWithLogonW
6/1/2004 8:07:50 AM UTC No More caspol -security off
5/29/2004 3:50:07 AM UTC SSPI/Kerberos Support
5/29/2004 3:44:27 AM UTC Managed ACLs
5/29/2004 3:28:09 AM UTC Managed DPAPI
5/28/2004 4:07:50 AM UTC SecureString

Tools (34)

7/24/2007 7:06:57 AM UTC InfoCardSelector for ASP.NET V1.0
4/18/2007 5:22:26 AM UTC Token Decryption Service for CardSpace
4/17/2007 8:36:29 AM UTC UAC Demo and Helpers
2/5/2007 8:53:26 PM UTC ASP.NET Security Context Troubleshooting Tool
1/6/2007 7:54:17 AM UTC ASP.NET Control for CardSpace
12/23/2006 9:02:32 PM UTC UAC DropPad
11/20/2006 11:16:30 PM UTC HttpSysCfg
11/14/2006 2:43:38 PM UTC AzManBulkImport Update
7/24/2006 6:06:20 PM UTC Update for AzMan Bulk Importer
6/26/2006 7:12:53 AM UTC Source Code for AzMan Bulk Importer
6/14/2006 7:00:11 PM UTC HttpCfgAcl Update: SSL Support
5/27/2006 8:17:27 AM UTC Creating an Enum for AzMan Operations
5/6/2006 8:44:54 AM UTC Tool for HTTP.SYS Namespace Reservations
4/23/2006 7:49:59 AM UTC ShowContexts ASPX & ASMX
1/9/2006 8:12:23 PM UTC AzMan Bulk Importer / Converter
11/24/2005 4:25:54 PM UTC ShowContexts - another update - I admit it
8/2/2005 6:53:14 PM UTC HttpCfg ACL Helper
2/3/2005 7:27:06 AM UTC Run CMD under different credentials
12/31/2004 2:38:51 PM UTC EventMonitor 2
12/14/2004 2:17:31 PM UTC EvidenceBrowser
11/4/2004 6:50:51 PM UTC PasswordEntropyValidator for ASP.NET
7/25/2004 4:30:22 PM UTC CrypterPK (The Public Key Crypto Edition)
7/11/2004 4:35:16 PM UTC *UPDATED* ifconfig for windows 2.1
5/12/2004 3:54:02 PM UTC ShowContextService
5/7/2004 5:52:06 AM UTC IEProxy
5/2/2004 1:25:56 PM UTC ifconfig
5/2/2004 1:22:01 PM UTC Unbase64
5/2/2004 1:20:37 PM UTC Crypter
5/2/2004 1:19:32 PM UTC EventMonitor
5/2/2004 1:18:07 PM UTC SqlShell
5/2/2004 1:16:10 PM UTC XslTransform
5/2/2004 1:10:00 PM UTC Hasher
5/2/2004 12:57:47 PM UTC DPAPI Tools
5/2/2004 12:54:20 PM UTC BogusBanner ISAPI Filter

Tools for Thinktecture (9)

WCF (48)

5/23/2008 8:26:30 AM UTC Avoid unhandled Exceptions in WCF Error Handlers
5/14/2008 6:03:31 AM UTC P2P and WCF: The PeerName Tool
5/12/2008 5:28:09 PM UTC Using IdentityModel: Tracing
5/2/2008 4:09:01 AM UTC P2P and WCF: Some Resources
5/1/2008 9:26:52 AM UTC P2P and WCF: Exposing a Service
5/1/2008 6:43:10 AM UTC P2P and WCF: Finding a Service
5/1/2008 5:42:58 AM UTC P2P and WCF: Registering a Service
4/30/2008 6:18:56 AM UTC P2P, PNRP, Teredo...the Motivation
4/19/2008 7:44:05 AM UTC Custom Basic Authentication is now on Codeplex
4/16/2008 4:02:36 PM UTC InfoCardSelector is now on Codeplex
4/3/2008 8:04:24 AM UTC Beware of Whitespaces in WAS Configuration
3/22/2008 1:54:39 PM UTC Using IdentityModel: Some Samples
3/19/2008 12:22:10 AM UTC Using IdentityModel: IdentityPrincipal
3/11/2008 6:32:45 AM UTC STS? Available!
3/4/2008 12:26:35 AM UTC Using IdentityModel: Simplifying Calculation of Information Card Unique IDs in WCF
3/4/2008 12:04:18 AM UTC Using IdentityModel: Claims Transformation in WCF
2/29/2008 10:40:39 AM UTC Using IdentityModel: Authorization Policies, Context and Claims Transformation
2/24/2008 11:28:24 AM UTC Using IdentityModel: Typical Operations on Claim Sets
2/19/2008 3:45:28 PM UTC Using IdentityModel: Claims
2/14/2008 9:57:01 PM UTC Be careful with ServiceAuthorizationManager.CheckAccess()
2/8/2008 2:19:00 PM UTC New HTTP.SYS Namespace Reservation in 3.5
1/31/2008 8:26:51 AM UTC UserName SupportingToken in WCF
1/29/2008 2:49:17 PM UTC WCF 3.5 and Partial Trust
1/12/2008 8:49:51 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS7
1/12/2008 7:48:22 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Adding WCF Support)
1/12/2008 5:29:31 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Setting up IIS6/ASP.NET)
1/12/2008 10:42:42 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 2 - The HTTP Module)
1/11/2008 6:13:57 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 1 - Basic Authentication)
1/11/2008 8:24:39 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 0 - Intro)
1/4/2008 10:57:24 AM UTC Walkthrough: Setting up a self hosted WCF Service with SSL
12/7/2007 11:15:45 AM UTC Least Privilege, WCF and Named Pipes
11/23/2007 3:30:37 PM UTC WCF Usernames over Transport and IIS Hosting
11/23/2007 3:15:55 PM UTC Small change to WCF ServiceAuthorizationManager in 3.5
11/23/2007 1:22:48 PM UTC Authorizing Access to WCF Metadata
11/23/2007 12:54:43 PM UTC Securing WCF Metadata
11/20/2007 12:04:28 PM UTC STS? Coming soon!
11/1/2007 12:56:49 PM UTC WCF and SecurityAccessDeniedException
10/31/2007 1:51:19 PM UTC Finally! Usernames over Transport Authentication in WCF
8/26/2007 1:52:54 PM UTC Certificate based Authentication and WCF (Mode independent)
8/26/2007 1:38:42 PM UTC Certificate based Authentication and WCF (Transport Security)
8/26/2007 9:38:37 AM UTC Good Article on System.IdentityModel
8/25/2007 3:31:47 PM UTC Certificate based Authentication and WCF (Message Security)
10/20/2006 10:09:22 AM UTC WCF proxies in partially trusted ASP.NET Apps
9/27/2006 10:47:46 PM UTC RolePrincipal vs. RoleProviderPrincipal
9/25/2006 9:35:51 PM UTC Hosting WCF Services in ASP.NET - The Survival Guide
9/13/2006 10:23:07 AM UTC Essential WCF
9/5/2006 1:07:22 PM UTC URI ACLs and WCF - revisited
2/19/2006 10:23:36 AM UTC The official word on WCF and partial trust

Whidbey General (3)

10/10/2004 5:39:05 PM UTC Go to Definition in VS.NET 2005
9/18/2004 9:15:02 AM UTC Pinging in Whidbey
7/30/2004 11:53:40 AM UTC System.Net.NetworkInformation

Work in Progress (245)

6/15/2008 2:44:38 PM UTC PowerShell Profile
5/26/2008 11:26:37 AM UTC System Accounts and SQL Server 2005
4/3/2008 8:04:24 AM UTC Beware of Whitespaces in WAS Configuration
3/21/2008 1:16:11 PM UTC LINQ to SQL and Security
2/22/2008 2:58:22 PM UTC thinktecture & DevelopMentor: Guerilla Enterprise .NET Kurs in München
2/19/2008 3:45:28 PM UTC Using IdentityModel: Claims
2/19/2008 7:41:51 AM UTC Using System.IdentityModel and LeastPrivilege.IdentityModel
2/14/2008 9:57:01 PM UTC Be careful with ServiceAuthorizationManager.CheckAccess()
2/12/2008 8:33:01 AM UTC Extending IIS 7 Configuration
2/8/2008 2:19:00 PM UTC New HTTP.SYS Namespace Reservation in 3.5
1/31/2008 8:26:51 AM UTC UserName SupportingToken in WCF
1/18/2008 6:19:02 PM UTC ASP.NET Internals Spelunking II
1/18/2008 9:50:03 AM UTC ASP.NET Internals Spelunking
1/16/2008 6:15:28 AM UTC Simplified Impersonation Model
1/12/2008 8:49:51 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS7
1/12/2008 7:48:22 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Adding WCF Support)
1/12/2008 5:29:31 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Setting up IIS6/ASP.NET)
1/12/2008 10:42:42 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 2 - The HTTP Module)
1/11/2008 6:13:57 PM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 1 - Basic Authentication)
1/11/2008 8:24:39 AM UTC HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 0 - Intro)
1/10/2008 7:55:00 PM UTC System.DirectoryServices.AccountManagement
12/7/2007 8:36:48 AM UTC Extension Methods for AntiXss
11/25/2007 11:30:23 AM UTC Poor Man's File Replication using Robocopy
11/23/2007 3:30:37 PM UTC WCF Usernames over Transport and IIS Hosting
11/23/2007 3:15:55 PM UTC Small change to WCF ServiceAuthorizationManager in 3.5
11/23/2007 1:22:48 PM UTC Authorizing Access to WCF Metadata
11/23/2007 12:54:43 PM UTC Securing WCF Metadata
11/1/2007 12:56:49 PM UTC WCF and SecurityAccessDeniedException
10/31/2007 1:51:19 PM UTC Finally! Usernames over Transport Authentication in WCF
10/31/2007 7:42:49 AM UTC Does Microsoft regret the Security Push?
8/26/2007 1:52:54 PM UTC Certificate based Authentication and WCF (Mode independent)
8/26/2007 1:38:42 PM UTC Certificate based Authentication and WCF (Transport Security)
8/25/2007 3:31:47 PM UTC Certificate based Authentication and WCF (Message Security)
8/25/2007 7:17:12 AM UTC Certificate based Authentication and WCF
8/8/2007 1:20:59 PM UTC Custom Principals and WCF
7/24/2007 7:06:57 AM UTC InfoCardSelector for ASP.NET V1.0
7/12/2007 7:00:12 AM UTC Windows Service Hardening
6/25/2007 6:40:10 PM UTC Feature Complete Version of the ASP.NET CardSpace Control
6/23/2007 2:40:34 AM UTC MSDN UK CardSpace Nuggets
6/21/2007 6:16:00 AM UTC Another update to the CardSpace Control for ASP.NET (2)
6/19/2007 3:47:08 AM UTC Another Update to the CardSpace Control for ASP.NET
6/18/2007 6:34:44 AM UTC Getting CardSpace Tokens Programmatically
6/9/2007 7:12:11 PM UTC Updated CardSpace Control for ASP.NET
5/17/2007 10:11:40 PM UTC Identity Providers, Authentication, Self Issued Cards and (again) Keys
5/16/2007 7:00:15 AM UTC Live Alerts
5/12/2007 7:37:43 AM UTC Primary Keys in Identity
4/21/2007 11:29:02 AM UTC UAC Manifest Support in "Orcas"
4/18/2007 5:22:26 AM UTC Token Decryption Service for CardSpace
4/17/2007 8:36:29 AM UTC UAC Demo and Helpers
4/13/2007 5:57:44 PM UTC CardSpace, PPIDs and UniqueIDs – my Conclusion
4/13/2007 10:05:51 AM UTC InfoCards and Identity Stability
4/11/2007 6:56:19 AM UTC Wrap-up of HTTP.SYS Discussion
4/4/2007 5:41:48 AM UTC UAC is for Developers
4/1/2007 1:12:29 PM UTC WCF Performance Comparison
4/1/2007 12:49:14 PM UTC WCF Faults and Information Disclosure
3/27/2007 7:02:56 PM UTC Decrypting CardSpace Tokens in Partial Trust
3/23/2007 5:46:01 PM UTC Punching Holes into HTTP.SYS
3/17/2007 9:43:13 AM UTC CardSpace and decrypting Tokens
3/8/2007 5:59:56 PM UTC Windows Process Activation and Faulted Application Pools
3/7/2007 12:16:44 PM UTC Worker Accounts and Resetting Passwords
3/7/2007 11:55:09 AM UTC MSDN US Webcast: ASP.NET Security - Partial Trust
3/5/2007 9:20:20 PM UTC MSDN US Webcast: ASP.NET Security - Logging and Instrumentation
2/25/2007 11:05:27 AM UTC IE7 and local Proxies (e.g. Fiddler)
2/23/2007 7:43:44 PM UTC MSDN US WebCast: ASP.NET Security - Storing Secrets
2/22/2007 8:34:00 PM UTC MSDN US WebCast: ASP.NET Security - Input Validation
2/21/2007 12:12:03 PM UTC IIS7: Custom Worker Accounts and User Profiles
2/20/2007 8:55:19 PM UTC MSDN US WebCast: Authentication and Authorization with ASP.NET 2.0
2/14/2007 11:07:19 PM UTC My 1st MSDN Magazine Article
2/12/2007 10:58:35 PM UTC DevelopMentor and Me
2/12/2007 1:36:00 PM UTC Thinktecture and Me
2/8/2007 5:15:50 PM UTC Admin Title Bar for PowerShell
2/1/2007 9:46:01 AM UTC MSDN US ASP.NET Security Webcasts
1/28/2007 8:37:26 AM UTC Adding Error Messages to a ValidationSummary
1/23/2007 7:57:40 PM UTC IIS7 Managed Extensibility: ServerHeader Feature
1/22/2007 7:08:28 AM UTC IIS7 Managed Extensibility: Deployment
1/19/2007 10:25:38 AM UTC IIS7 Managed Extensibility: Solution Structure
1/18/2007 8:43:21 AM UTC IIS7 Managed Extensibility: Client UI Integration
1/17/2007 9:05:01 AM UTC IIS7 Managed Extensibility: Server Management Integration
1/16/2007 9:01:21 AM UTC IIS7 Managed Extensibility: Extending Configuration
1/15/2007 7:35:43 AM UTC IIS7 Managed Extensibility: The HttpModule
1/13/2007 10:43:08 AM UTC IIS7 Managed Extensibility: An end-to-end Example
1/6/2007 7:54:17 AM UTC ASP.NET Control for CardSpace
12/9/2006 8:19:32 AM UTC Known Differences Between IIS7 Integrated and Classic Mode
12/7/2006 10:02:19 PM UTC Bug in 2.0 Jitter?!
12/6/2006 9:17:58 PM UTC "Manage Private Key" on Vista
12/1/2006 9:52:17 AM UTC TVP Slides
10/27/2006 6:18:28 AM UTC So much for SecureString
10/25/2006 9:00:53 AM UTC Certificate References in Configuration
10/23/2006 10:06:08 AM UTC IIS7 loads User Profiles
10/20/2006 10:09:22 AM UTC WCF proxies in partially trusted ASP.NET Apps
10/4/2006 3:08:26 PM UTC Book in Stores
9/27/2006 10:47:46 PM UTC RolePrincipal vs. RoleProviderPrincipal
9/25/2006 9:35:51 PM UTC Hosting WCF Services in ASP.NET - The Survival Guide
9/16/2006 5:07:17 PM UTC Bye, Bye Ireland - See you soon...
9/6/2006 12:50:17 PM UTC Back to Ireland
9/5/2006 1:07:22 PM UTC URI ACLs and WCF - revisited
8/25/2006 7:04:04 AM UTC New AzMan Whitepaper
8/21/2006 3:38:15 PM UTC ExpressionBuilder for SSL Redirects
8/21/2006 3:11:17 PM UTC Caching and SSL Pages
8/20/2006 2:12:55 PM UTC Partially SSL Secured Web Apps with ASP.NET
8/4/2006 6:40:59 AM UTC URI ACLs and Vista
7/29/2006 3:43:20 PM UTC Chapter 5: Authentication and Authorization
7/25/2006 10:05:56 PM UTC Eval is not Evil
7/25/2006 10:28:50 AM UTC How to get Cookieless FormsAuthentication to work with self-issued FormsAuthenticationTickets and custom UserData
7/18/2006 10:21:08 PM UTC MSDN UK Security Nuggets
7/11/2006 8:24:35 PM UTC Information Disclosure Vulnerability in ASP.NET 2.0
7/2/2006 8:00:41 AM UTC Very happy to announce...
6/12/2006 6:43:23 PM UTC Chapter 7: Logging and Instrumentation
6/12/2006 6:03:31 AM UTC ASP.NET Validation Woes
6/6/2006 9:17:01 PM UTC Chapter 8: Partial Trust ASP.NET
6/3/2006 8:44:44 PM UTC Typescripts with PowerShell
5/25/2006 11:42:28 PM UTC More Changes to ASP.NET on Vista
5/25/2006 11:02:59 PM UTC Some early IIS7 / ASP.NET Observations
5/23/2006 8:56:26 PM UTC Chapter 4: Storing Secrets
5/14/2006 4:32:20 PM UTC Snippet for ViewState-Backed Properties
5/12/2006 12:47:47 PM UTC Developing More-Secure ASP.NET 2.0 Applications
5/6/2006 7:58:24 PM UTC HttpListener, Authentication and ASP.NET
5/6/2006 8:44:54 AM UTC Tool for HTTP.SYS Namespace Reservations
4/30/2006 10:16:48 AM UTC ASP.NET Server Side Comments
4/26/2006 5:00:50 PM UTC TracePoints and Security Information
4/16/2006 7:58:32 AM UTC ASP.NET Security Context and Extensibility Code Pt. 2
4/16/2006 7:17:53 AM UTC My web.config
4/13/2006 10:56:55 AM UTC MSDN Ireland Slides and Demo
4/12/2006 9:36:36 AM UTC Back from Ireland
4/8/2006 7:58:45 AM UTC ASP.NET Security in Ireland
3/23/2006 6:30:57 PM UTC Viewing SecurityExceptions
3/23/2006 7:22:50 AM UTC Using Client Certificates in ASP.NET
3/22/2006 10:19:02 AM UTC Another Reason why I would not recommend Cassini
3/15/2006 7:19:50 AM UTC MS06-12 and working as Administrator
3/7/2006 9:35:12 PM UTC ASP.NET and Shared Hosting
3/6/2006 7:39:30 AM UTC ASP.NET Extensibility Code and Security Context
3/4/2006 11:31:15 AM UTC Secure Remoting Configuration Settings
3/3/2006 6:25:15 PM UTC ExceptionFiltering and Impersonation
3/2/2006 5:58:16 AM UTC Password Complexity ASP.NET Validation Control
3/1/2006 12:25:42 AM UTC Response to ClickOnce Post
2/27/2006 6:42:21 PM UTC What is aspnet.config
2/19/2006 10:23:36 AM UTC The official word on WCF and partial trust
2/18/2006 9:16:57 AM UTC Beware (=be aware) of ClickOnce default Settings
2/9/2006 10:18:34 PM UTC Health Monitoring and Partial Trust
1/30/2006 7:07:03 AM UTC ClickOnce Security Article on MSDN
1/18/2006 12:48:39 AM UTC Cassini considered harmful
1/14/2006 5:13:53 PM UTC ConfigurationPermission and requirePermission
1/13/2006 8:30:39 AM UTC .NET 2.0 breaks HREF-EXEs from the Internet Zone
1/12/2006 6:50:11 PM UTC HttpOnly and ASP.NET 2.0
12/4/2005 7:07:38 AM UTC

Search

Permanent Links

Meet me at

Categories