32-bit Password Minder v1.5.0.10
Keith Brown
Utility for securely managing, generating, and retrieving passwords on your machine. Protected by a central password, this utility simplifies using good passwords in all websites and applications that require them.
Screenshot

ViewState Decoder (2.2)
Fritz Onion
Tool to decode the ViewState in ASP.NET 2.0 pages. This version supports display of control state as well as view state.
Screenshot

Permview /decl output formatter
Keith Brown
PERMVIEW is a useful but primitive tool that dumps declarative security attributes in an assembly. This tool is a filter that formats the output of permview /decl into well-formed XML that you can then analyze. See the readme file inside for instructions on usage.

ViewState Decoder (1.1)
Fritz Onion
Tool to decode the ViewState in ASP.NET pages compatible with version 1.1 of ASP.NET
Screenshot

ViewState Decoder (1.0)
Fritz Onion
Tool to decode the ViewState in ASP.NET pages compatible with version 1.0 of ASP.NET
Screenshot

ShowContexts.aspx (ASP.NET Security Context Viewer)
Keith Brown
I've always thought that it's good to know what security context your web app is using, especially considering there are THREE of them in ASP.NET.
Screenshot

GenerateMachineKey
Keith Brown
This tool generates a machineKey element that you can put in your machine.config file on a web farm in order to synchronize the encryption and validation keys across the farm. All servers in the farm must agree on these keys, so they can validate view state and decrypt and validate Forms authentication cookies.
Screenshot

ShowPipeline.ashx (ASP.NET Pipeline Viewer)
Keith Brown
In trying to understand how modules work in ASP.NET, I spent a ton of time pouring over the source code with Anakrino. I now have a much better understanding of how they are loaded and executed, and I've written a simple handler (showPipeline.ashx) which you can use to show an ordered list of the various events that are going to get fired, along with all the handlers that will be called. I hope you find it helpful.
Screenshot

Interactive XPath Expression Builder
Aaron Skonnard
Interactive XPath Expression Builder 4.0 provides a simple HTML interface for evaluating the results of an XPath expression against a loaded XML document - the results are highlighted interactively as you type the expression. Requires MSXML 4.0.
Screenshot

post.js
Aaron Skonnard
post.js is a command-line utility for issuing an HTTP POST request where the body contains the contents of the specifed file or the supplied string; this utility allows you to specify arbitrary HTTP headers to send along with the request. Requires MSXML 4.0.

validate.js
Aaron Skonnard
validate.js is a command-line utility for validating an XML file against an XML Schema definition or DTD. Requires MSXML 4.0.

xslt.js
Aaron Skonnard
xlst.js is a command-line utility for transforming an XML file with an XSLT file. Requires MSXML 4.0.

xpath.js
Aaron Skonnard
xpath.js is a command-line utility for evaluating XPath expressions against an XML file.

SSPI Workbench
Keith Brown
This is a tool to help you explore SSPI with Kerberos, NTLM, and Negotiate (SPNEGO).
Screenshot

Interactive Window Station / Desktop DACL Editor
Keith Brown
Allows you to view (and edit) the DACL on Winsta0 and the default desktop. Uses the new Security Descriptor UI (this requires that you have either Windows 2000, XP, or .NET Server, or Windows NT 4.0 with the Security Configuration Editor add-on installed).
Screenshot