IIS has its own security configuration and even for any request reaching the ASP.NET runtime, IIS verifies the request with it's own security configuration. So the first gatekeeper in the ASP.NET security pipeline is actually IIS. So let us understand those security mechanisms which IIS implements:
1. Authentication: IIS support following authentication mechanism
- Basic authentication
- Digest authentication
- Passport authentication
- Window authentication
- Certificate authentication
Point to remember:
- Any authentication which IIS performs results into an authenticated window user, so this means that IIS supports authenticating window users only.
- If ASP.NET is configured to support form or window authentication, then configure IIS to support basic or digest authentication.
- If ASP.NET is configured to support form or custom authentication, then configure IIS to support anonymous access.
- With XP, it comes with IIS 5.x
- With Server 2003, it is IIS 6.0
How to configure IIS for authentication:
Point to member here:
1. When the Anonymous User option is checked then everyone is given access to a web page and it overrides all authentication settings.
2. If IIS is configured to anonymous authentication, we can still use ASP.NET-based security to authenticate users either with ASP.NET-integrated mechanisms such as forms authentication or a custom type of authentication.
3. Windows authentication configures IIS to validate the credentials of the user against a Windows account configured either on the local machine or within the domain. A Credential submitted by a user is verified against the Windows account.
4. When Basic Authentication is checked it defines an additional HTTP header for transmitting user names and password across the wire but nothing is encrypted here. It is transmitted in the form of a base64 encoding.
5. Digest authentication is similar to basic authentication with the difference that instead of sending credentials in the form of Base64 encoding, user password and username are hashed.
This is what I know, let me know if you know otherwise. There are now 2 distinct GAC locations that you have to manage as of the .NET 4 Framework release.
The GAC was split into two, one for each CLR (2.0, 3.5 AND 4.0). The CLR version used for both .NET Framework 2.0 and .NET Framework 3.5 is CLR 2.0. To avoid issues between CLR 2.0 and CLR 4.0 , the GAC is now split into private GAC’s for each runtime. The main change is that CLR v2.0 applications now cannot see CLR v4.0 assemblies in the GAC.
In previous .NET versions, when I installed a .NET assembly into the GAC (using gacutil.exe or even drag and drop to the c:\windows\assembly directory), I could find it in the ‘C:\Windows\assembly’ path.
With .NET 4.0, GAC is now located in the 'C:\Windows\Microsoft.NET\assembly’ path.
In order to install a dll to the .NET 4 GAC it is necessary to use the gacutil found C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\GacUtil.exe In addition, you can no longer use the drag n' drop (in reality the drag n' drop really executed the gacutil via a windows explorer extension).
After you use the gacutil.exe -i {path to dll} you can view that it is indeed in the gac via gacutil -l (which will list all dlls in the gac). I used this command and piped the results to a text file via > out.txt which made it easier to find the recently added component.
I was not able to see my gac object in the directory for .net 4 (i.e. c:\windows\microsoft.net\assembly path). I am not sure why just yet. Ideas?
At this point, the object is in the local gac however if you are using vs.net 2010 it will still not show up in the list of references. To get the component to show up in the VS.NET list of references can add a registry entry to HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\AssemblyFoldersEx At this point, the component is in the local GAC and is in the list of references to be used by vs.net.
Note, I did find that if I just added the path to the registry without adding it to the gac it was available to vs.net. So, because the component is listed via vs.net add references it does not necessarily mean it is in the gac.
What still confuses me is that I am still unable to view my recently added component in the .NET 4 directories above. Ideas?
So you (or your client) moved your email to Google Apps and now you want to use Google SMTP server to send emails from ASP.NET ? It is pretty straight forward. Read on…
The System.Net contains the class SmtpClient which can be used to send the email from your ASP.NET page. Let us jump in the code (C#)
SmtpClient mailSender = new SmtpClient(“smtp.gmail.com”);
You can pass the smtp server location in the SmtpClient class’ constructor.
Next specify the port:
mailSender.Port = 587;
You can send the email using Google’s SMTP only by using authentication. So we will need to send the user name and password for the account from which you want to send the email (i.e your “From” email address):
System.Net.NetworkCredential credentials = new System.Net.NetworkCredential(emailUserName, emailPassword);
where emailUserName is obviously your email address and emailPassword its password. Next use these credentials to send the email :
mailSender.Credentials = credentials ;
Next tell the SMTP server NOT to use the default credentials and to use SSL
mailSender.EnableSsl = true;
mailSender.UseDefaultCredentials = false;
Now send the email as you would normally in ASP.NET:
MailAddress toAddress = new MailAddress(“[email protected]”);
MailAddress fromAddress = new MailAddress(“[email protected]”);
MailMessage message= new MailMessage(fromAddress , toAddress );
message.Subject = “Email Subject”;
message.Body = “Email Message”;
mailSender .Send(message);
Of course as always recommend putting the smtp client (“smtp.gmail.com”) , port number. emailUserName and emailPassword in some kind of configuration (ASP.NET web.config file, app.config , SQL Server database etc)
This means you need to know the email user name and password of the account that the email is sent from. I have not found any other solution than physically creating this email account and using it. If anyone has found a better solution for this, please let me know