Authenticating SQL Connection Using Certificates In .NET?

Jun 8, 2010

I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?

Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.

View 2 Replies


Similar Messages:

C# - How To Create Self Signed Certificates

Oct 1, 2010

I am trying to open my homepage with HTTPS in my test server. Is there a way i can create Self signed certifcates and see if https works. some links or any ideas with how to do Its an ASP.Net project and IIS V6.0

View 3 Replies

Authenticating An User Via Wcf?

Sep 5, 2010

I have a java app with a .net application running in the java applications embedded browser.

I want the java application to call a .net WCF or web service with a username and password.

The wcf will set the user to authorized in forms authentication.

In the java desktop application I will then load a .aspx page that was protected via forms authentication.

How can I accomplish this? Is it even possible...?

View 1 Replies

Visual Studio :: Error Unable To Add Data Connection. ExecuteScalar Requires An Open And Available Connection. The Connection's Current State Is Closed?

Sep 13, 2010

I'm using Visual Studio 2008, and my database is SQL Server 2000.

I want to add a connection to the Server Explorer in VS. The Data source is Microsoft SQL Server (SqlClient). After entering in all my information and I click Test Connection, it is successful.

But when I click OK, I get the error:

Unable to add data connection. ExecuteScalar requires an open and available connection. The connection's current state is closed.

View 3 Replies

Security :: How To Create Certificates For Login

Jun 20, 2010

I would like to do login to the website using certificates.

I want to have a secure login.

How to create certificates for login?

How certification process?

View 1 Replies

Security :: Reading Certificates From The Browser?

Apr 9, 2010

Is it possible to read the certificate(s) in a clients browser through code? The situation I have is, someone is going to access my website with a certificate installed. In that certificate, there will be specific information related to my application. I will be pulling that specific peice of info out, and then doing what I need to with it.

I can already read certificates from my local machine (using the X509Certificate2 class), and using string manipulation, traverse out the information needed. The only part I can't do, is pull certificates from the browser.

I have tried using the '.IsPresent' function on an HttpClientCertificate object, but that always returns false (even though I have four certificates installed on my machine).

View 4 Replies

Security :: Decrypting Using X509 Certificates?

Mar 16, 2011

I am trying to decrypt using an X509 certificate private key. I am using the following function:

[Code]....

View 3 Replies

Security :: Using Digital Certificates In Project?

Mar 29, 2011

Is anyone using digital certificates in project ?I have created a digital certificate using Microsoft certificate services.I have installed this certificate on my website.When I access website over https I get digital certificate error in browser.Most common cause for this error is incorrect date/time settings on client machine. This is not the issue in my case.

View 1 Replies

C# - Can Use Digital Certificates With SilverLight Webpages

Sep 3, 2010

I am fairly new to web development and have never used Digital Certificates before. I assume using a digital certificate on a silverlight web page is the same as using one on any other web page, but i thought i should check. There are a few example of digitally signing the .xap file on the internet, would it then be a case of simply buying the certificate (from verisign or somewhere similar) and distributing it to customers?

View 1 Replies

Security :: Trouble Authenticating From Non-SSL To SSL?

Mar 21, 2010

I have an ASP.NET 3.5 Web Application using the Default membership provide provided by .NET - I have created a login page and create user page, etc. etc... The problem is, if you're on the site and you are authenticated, and then you go to a link on the same authenticated folder (Called MemberPages) but you go to a SSL location, it asks you to enter your username and password again! Is there anyway to fix this bug.HomePage -> Login.aspx -> Enter your username and password -> Access MemberPages/Default.aspx -> Then a link called Purchase a Product -> suppose to take you to[URL]

View 1 Replies

.net - Authenticating A Mobile App Against A WCF Service?

Jun 4, 2010

We are working with a vendor to develop a mobile app and plan on using WCF services to handle operations. What are some types of authentication I can use with a WCF service? Would we send a user name and password through the SOAP header? How can we accomplish this securely?

Also, this will be authenticated against our .NET membership database using the Membership classes.

View 1 Replies

Security :: Authenticating Through A Webservice?

Jun 9, 2010

Does anyone have an example of authenticating through a webservice ?I have a website that allows users to login in using the <asp:Login> control.After they are authenticated I want them to use a webservice to add records, modify records. (The web service will be used later by external sites).I have a webservice up and running which the aspx page "authenticates" to using Profile.UserName.Is there a way to get the aspx page to send the username and password used at log on without having the user enter it each time ?And then how do I authenticate them ? (maybe using Membership.ValidateUser ?)

View 1 Replies

Web Forms :: User Name Not Authenticating?

Oct 20, 2010

I have a website that requires a login. I'm used the login wizard in asp.net 2008. The site is in vesion 2.0 as that is what the hosting company allows. The login scipt apprears to work appropriately in that if the the wrong username or password is entered the error appears and the url for the login page doesn't work. Once the correct identification info is entered, the user is taken to the correct url.

The problem is that the username does not seem to "stick" for lack of a better word. The site is used to order wedding photos. The user selects the photos and all the required date EXCEPT the user name is entered into the database. This is a problem since there is no way to filter the order when the person goes to the shopping cart therefore the shopping cart opens with no product in it. To make matters more frustrating, IT USED TO WORK! I don't understand why its not working now.

The hosting company, 1and1.com has looked over the code and can't find anything wrong with it. Their one suggestion was to add the following "patch" code to the web.config file as a "work around", and if that didn't work to try using vwd 2010. I'm hesitant to do that since I've not used it before and don't want to make matters worse.

I'm including my web.config page as well as a sample of the code behind to see

[Code]....

View 9 Replies

Configuration :: How To Configure Web.config To Accept All Certificates

Oct 21, 2010

I need it for the test purposes.. (don't want to see „The remote certificate is invalid..." Exception.. )

View 3 Replies

WCF / ASMX :: Open .cer Certificates From The Server Which Is Sent By Browser?

Mar 9, 2011

I am not sure whether I posted the question at the right place, But I don know how to start approaching the problem ,

I need to open a .cer cirtificate from the server side. The .cer cirtificate will be stored in the client browser.

I tried locally putting the cirtificate in my hard drive and I could open it and get the info I want using

X509Certificate2 certificate = new X509Certificate2("C:\OCX\abc.cer");

But what will I do when I need it to open it from client browser?

View 13 Replies

VS 2008 - Encrypt File Data Using Certificates

Sep 12, 2011

There is an existing classic ASP application that uses CAPICOM to encrypt a file's content using a certificate. A new file is created with the encrypted content and put on a location from where another 3rd party web application picks up the file (with encrypted content). They use the certificate to decrypt the encrypted data .

I am re-writing this piece of the software in ASP.Net and have read a bit about the encryption algos in .Net. But I am unable to come to a solution I am aiming for.

My questions:
a.) CAPICOM and .Net encryption? Any resource that has some sort of method mapping between the two?

b.) How to encrypt the content of a file using a certificate's private key? The reason I'm looking for this is this statement

The Sign method creates a digital signature on the content to be signed. A digital signature consists of a hash of the content to be signed that is encrypted by using the private key of the signer.

Source: [URL] ....

View 3 Replies

Saving Sessions In SSL Encrypted Cookies Vs. Client Certificates?

Dec 10, 2010

Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.

The way I see understand it currently:

Encrypted cookies:

Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one

Problems:

Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?

How do I know that computer A is computer A and not just computer B that copied computer A's cookie?

Client Certificates:

A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised

Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?

View 1 Replies

Security :: Invoking Web Service / SOAP Request With Certificates Over SSL

Aug 2, 2010

I was wondering if it is possible to call a webservice or send a SOAP request using a provided certificate to encrypt my password (my identity) and use another to encrypt/sign a timestamp, service header, & soap body? Does anyone have any material or sample code where I can test encryption and security too? It doesn't have to be my own certificates, I just want to see it work and then I can possibly tailor it to my needs. After the SOAP request, there will be a provided response which I assume I will have to decrypt.

I found this thread, but it doesn't seem to use signatures or an SSL connection. Does VS 2010 have some extra features to help out on this? I believe the SOAP should look like this.

<soap:Envelope>
<soap:Header>
<svchdr:ServiceHeader>
<svchdr:StaticRegion>...</svchdr:StaticRegion>
<svchdr:DynamicRegion>...</svchdr:DynamicRegion>
</svchdr:ServiceHeader>
<wsse:Security>
(Signature Info)
</wsse:Security>
<soap:Body>
...
</soap:Body>
</soap:Envelope>

View 5 Replies

Configuration ::sign ActiveX Error: No Certificates Were Found?

Sep 21, 2010

I write a ocx file and package into cab file.I execute some commands as below:

cabarc -s 6144 N my.cab ./MyActiveX.ocx
makecert -sv mytest.pvk -ss testCertStore mytest.cercert2spc mytest.cer mytest.spc
pvk2pfx -pvk mytest.pvk -pi "mypassword" -spc mytest.spc -pfx mytest.pfx -f
signtool sign /n "myactivex" /du http://localhost /f mytest.pfx /p "mypassword" -t http://timestamp.verisign.com/scripts/timstamp.dll my.cab

The error message appears as below when I use signtool:

SignTool Error: No certificates were found that met all the given criteria.
Number of errors: 1

View 2 Replies

Controls :: Cannot Get Message Count Without Authenticating Yourself Towards Server First

Oct 21, 2015

I used your url...to read mail and I downloaded your project when I run project I filled my gmail credential : smtp.gmail.com, uid, password and port=995 and checked SSL but I gor error.You cannot get the message count without authenticating yourself towards the server first.

View 1 Replies

AJAX :: 3.5 - Control Toolkit And Secure Site With Client Certificates

Nov 19, 2010

I have a internal site used by employees of my company that uses ASP.Net 3.5, Ajax and the Ajax Control Toolkit and is secured using https and requires a client certificate to gain access to the site. We are getting the following error when updating drop down lists on the very first page of an application wizard we have built. The page uses an UpdatePanel with PartialPagePostbacks enabled.

Sys.WebForms.PageRequestManagerServerErrorException:

An unknown error occurred while processing the request on the server. The status code returned from the server was: 413

ScriptResource.axd Line: 5
Code: 0 Char: 62099.

I have increased the maxRequestLength value to 8192Kb (which is way overkill), the readAheadBuffer to 4096Kb, set all the timeouts I can find, and this problem keeps showing up for my users. I can reproduce the error if I let the initial page site idle for 2-3 minutes before doing the partial page postback to move to the next segment. I have been chasing this now for a couple of weeks, and keep coming back to the same sites with the same answers.

View 4 Replies

Membership Provider Authentication Not Working Authenticating WCF Service

Oct 27, 2010

I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".

I also have a WCF service, which I want to authenticate and authorize against. My problem is that:

the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport

I have my service contract set up thus:

[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

Having already configured the MembershipProvider:

<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>

I have followed the instructions at these pages to the letter:

How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)

I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".

My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.

Am I missing something?

View 1 Replies

SQL Server :: How To Create A Stored Procedure For Authenticating Users

Nov 11, 2010

trying to create a stored procedure to authenticate users, if users are authenticated their data like userid, first name, etc are returned in a cursor. However, if users are not authenticated an error is returned or something that indicates users were not authenticated.

But I don't know how to do this in a stored procedure.

View 2 Replies

State Management :: Authenticating Users In Multiple Subdomains?

Aug 31, 2010

I have a main website say www.main.com which is developed in asp.net. We have used forms authetications here.

Now the thing is I have a no of subdomains on the same server say domain1.main.com, domain2.main.com, domain3.main.com etc.

I had put some functionality there. What i want is when i redirect my users to the subdomains user has to log in again.

what are the method where i can preserve the users state in my subdomains also.

View 5 Replies

Security :: Authenticating Internal Users Against Active Directory?

Mar 23, 2011

I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.

I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?

From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved