All Questions
3,576 questions
2
votes
1
answer
34
views
System.ArgumentNullException on new MutexAccessRule
I have a "single application instance" detection function, using the "classic" Mutex approach:
var identity = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var ...
- 1,079
1
vote
0
answers
67
views
Start 7Zip executable in a new process and pass encryption password in a secure manner
As the title mentions, I want to start 7z.exe and give it all the parameters, including a password, because I want to generate an encrypted archive.
In case it matters, I'm doing this on a Windows ...
- 2,322
1
vote
2
answers
55
views
Resource of Cost of Declaring Variables and Scope
I'm at the beginning of my journey learning C#, I'm mid-way through the Microsoft Learn syllabus. I recently encountered a lesson where they stated it's best for security and resource management to ...
- 21
0
votes
1
answer
72
views
Custom userId claim on idtoken issued by Identity provder (Auth0)
My question is whether it’s possible to add a user ID generated from my own database as a custom user ID claim in the ID token, which is signed and issued by an external identity provider. ...
- 1
-1
votes
1
answer
114
views
How to block burp suite requests in an ASP.NET 4.8 Web API or ASP.NET Core Web API
I'm currently working on an ASP.NET 4.8 Web API and ASP.NET Core. I've noticed that our application is potentially vulnerable to security testing tools like Burp Suite, which could be used to exploit ...
0
votes
0
answers
86
views
CORS Policy Implentation in .NET 6
Network trace error
I implemented CORS policy for an ASP.NET Core 6 Web API, but when the frontend makes an API call, it still results in a CORS error. What could be the issue?
I have tried adjusting ...
- 1
2
votes
1
answer
246
views
ASP.NET Core 8: authorization deny by claims
I am working with .NET 8 and need help configuring authorization policies. Specifically, I want the default policy to allow all users except those with the "external_employee" claim. ...
- 99
0
votes
0
answers
201
views
Resolve Insecure Direct Object Reference in ASP.NET Core Web API
Our application has an Insecure Direct Object Reference vulnerability, or IDOR. Basically there are object IDs displayed in the url. I would like to know what would be the most efficient approach to ...
- 1,213
0
votes
2
answers
55
views
Securing self-hosted WCF service using custom authentication
I've an ASP.NET MVC web app which is meant to be used within the enterprise. This web app has a custom authentication implementation. The controller functions will call self-hosted WCF services ...
- 305
1
vote
1
answer
43
views
Why am I unable to connect a webservice with tlsv1.2 protocol?
I need to access a web service using C# and so far everything has worked well. Recently they changed the security protocol to TLSV1.2 and so I can no longer access it with the following return:
...
- 11
0
votes
2
answers
164
views
Securing JWT tokens against attackers
I use JWT in an ASP.NET Core Web API application. For JWT, I need a secret, which I currently store in appsettings.json. It looks like this:
"Jwt": {
"Secret": "...
- 480
0
votes
0
answers
27
views
AppDomains when running from memory
I understand why this fails but can anyone explain to me a possible workaround for such. There's gotta be a way to still use AppDomains while running entirely from memory. I've looked into load ...
- 1,739
1
vote
0
answers
50
views
C# Retrieve a user attribute exclusively accessible from its own security context
In the context of a C# application on Windows running under an AD account, let's say UserA. I'm desperate to know if there is a way to get an attribute or information, no matter which one, belonging ...
- 53
1
vote
1
answer
77
views
Named Pipe security problem on some Windows clients
I'm using named pipe for a communication inside a C# process. The software is used on different Windows PCs. On some PCs my software is working and on some I get the following error:
"Some or all ...
- 203
0
votes
0
answers
18
views
Configuring Absolute url to HttpWebRequest in VB.Net to resolve CWE 201 security flaw
I am facing a sensitive information exposed in VB.Net through the variable _requestedUri which results in Security issue CWE 201.
The variable contains the value like "https://stackoverflow.com/...
- 75