net – Page 19 – WindowsTechs.com

Where to store secrets in .NET applications?

Posted on August 21, 2019 by Nikola Luburić

I have some secrets that need to be transferred from my .NET application to another. I am using the CNG DPAPI to encrypt these secrets, and I wish to find the most suitable place to store them (in this encrypted format) on my… Continue reading Where to store secrets in .NET applications?→

Active Directory with multi factor authentication for an existing web application

Posted on August 21, 2019 by Novice Programmer

Customer is asking for LDAP / Active Directory authentication along with OTP (one time password) / multi-factor authentication for an old existing web application written in (asp.net MVC2). Is this possible?

Currently, we ar… Continue reading Active Directory with multi factor authentication for an existing web application→

Creating my first external facing API [on hold]

Posted on August 21, 2019 by Dan Colgan

I am in need of creating my first external-facing API which a client will use to gain access to specific company data. Can someone provide me a very good and simple tutorial or example on how to go about providing a token wh… Continue reading Creating my first external facing API [on hold]→

How to avoid using System.String with Rfc2898DeriveBytes in C#

Posted on August 19, 2019 by Jeff

I am creating a .NET core webapp in C# that takes in a user password and hashes it to be stored on a server. I’m using Rfc2898DeriveBytes along with a randomly generated salt. I’ve read, however, that I should avoid using str… Continue reading How to avoid using System.String with Rfc2898DeriveBytes in C#→

Is there an easy way to dissect .NET Remoting traffic for reverse engineering?

Posted on August 14, 2019 by Polynomial

I’m working on a vulnerability within an application that uses .NET Remoting. I can see from the code that there are a number of potential ways to get RCE, but due to how the application performs its communications I cannot j… Continue reading Is there an easy way to dissect .NET Remoting traffic for reverse engineering?→

Generate cryptographically safe int

Posted on August 5, 2019 by Hoppe

How can you generate a cryptographically safe integer that falls within a range in C#? I am trying to satisfy a Veracode issue reporting CWE-331: Insufficient Entropy. Obviously the code below is not cryptographically secure…. Continue reading Generate cryptographically safe int→

Potential Risks Using Reference Code Based Authentication For Web Based Application Form That Contains SSN

Posted on August 3, 2019 by TroySteven

I’m currently building a web based membership application form that will require a user to enter an SSN and other identifiable information. Part of the requirements of the membership application is to allow a user to be able … Continue reading Potential Risks Using Reference Code Based Authentication For Web Based Application Form That Contains SSN→

How to implement Anti-CSRF method?

Posted on August 2, 2019 by Akash Daniel

I have created a ASP.NET project and I want to implement Anti-CSRF method in my project. How to do that?

Continue reading How to implement Anti-CSRF method?→

How to make connection secure in ASP.NET? [duplicate]

Posted on August 1, 2019 by Akash Daniel

This question already has an answer here:

How does SSL/TLS work?

3 answers

I have created a asp.net project when I run it… Continue reading How to make connection secure in ASP.NET? [duplicate]→

What is the best way to secure web api calls from worker apps running on windows

Posted on July 14, 2019 by Filip Cordas

I have a particular problem on how to securely call web api from machines that do automated data collection on documents. The computers that run code are windows machines and the server is a kubernetes cluster running on Linu… Continue reading What is the best way to secure web api calls from worker apps running on windows→