Security :: Using Digital Certificates In Project?
Mar 29, 2011
Is anyone using digital certificates in project ?I have created a digital certificate using Microsoft certificate services.I have installed this certificate on my website.When I access website over https I get digital certificate error in browser.Most common cause for this error is incorrect date/time settings on client machine. This is not the issue in my case.
I am fairly new to web development and have never used Digital Certificates before. I assume using a digital certificate on a silverlight web page is the same as using one on any other web page, but i thought i should check. There are a few example of digitally signing the .xap file on the internet, would it then be a case of simply buying the certificate (from verisign or somewhere similar) and distributing it to customers?
Is it possible to read the certificate(s) in a clients browser through code? The situation I have is, someone is going to access my website with a certificate installed. In that certificate, there will be specific information related to my application. I will be pulling that specific peice of info out, and then doing what I need to with it.
I can already read certificates from my local machine (using the X509Certificate2 class), and using string manipulation, traverse out the information needed. The only part I can't do, is pull certificates from the browser.
I have tried using the '.IsPresent' function on an HttpClientCertificate object, but that always returns false (even though I have four certificates installed on my machine).
I was wondering if it is possible to call a webservice or send a SOAP request using a provided certificate to encrypt my password (my identity) and use another to encrypt/sign a timestamp, service header, & soap body? Does anyone have any material or sample code where I can test encryption and security too? It doesn't have to be my own certificates, I just want to see it work and then I can possibly tailor it to my needs. After the SOAP request, there will be a provided response which I assume I will have to decrypt.
I found this thread, but it doesn't seem to use signatures or an SSL connection. Does VS 2010 have some extra features to help out on this? I believe the SOAP should look like this.
I am new to digital signature. I have a web application developed in asp.net 3.5. In one of the module of this application I am generating pdf file and storing it on the server. The users must be able to choose a pdf file and digitally sign it with a certificate stored locally (either on their machine or in a smartcard). I do not know whether I should pass pdf file to client place to sign it or I should send Certificate object to the server.
I have problem to create digital signature. I created console application and it works there but when I want to run it at server there is exception. It looks like I have problem with reference to the file.
I posted this previously but it ended up in Languages/C# rather than here. I'm not sure if I chose the wrong forum or the admin moved it. I wanted it in here so I'm re-posting it:
I have an APK file (android application archive, same as JAR file format) that I need to determine whether or not is signed, and if so, extract the certificate info.
The JDK provides a command line tool to do this:
jarsigner -verbose -certs -verify file.apk
I'm trying to determine if there's a way using the Security classes to accomplish the same thing in C# code.
I have a website that needs me to use ActiveX. and there is a security policy in my office that needs me to DIGITALLY SIGNING the ActiveX ?[URL]but still couldnt understand what is the actual step that i should do. plus , the link is broken. does anyone know how to do it ?
I want to create a digital signature, for my product, for creating the digital sigmature i want digital certificate. I came to know there are lot of third party available for creating digital signature. If any one know can tell some of third party for this.
I am doing a project on digital watermarking. This is the process. The user will choose his image file to upload, chooses his image key(either from the visual studio gallery-folder name is Image Key, or he chooses his own from the directory).
He enters a password, and this password will be embedded into the image uploaded.
Next, there is an option to digitally watermark the image (This is where I am having problems - stuck with the codes)
Here is the work so far, and I couldn't get any further.
I have an apliccattion Web, but now I will need get the digital certificate in specific form.Is possible show the dialog box (by code) wiht digital certificate list for the user choice digital certificate and then continue wiht my process ???
I am currently having trouble with verifying the digital signature in a excel file. The digital signature is used to sign the Macro so that it is possible to authenticate and ensure that no one has tamper with the Macro.
Currently, I am able to check that the excel file is digitally signed. However, I can't seem to be able to verify and ensure that the digital signature is authentic. I'm using asp.net 3.5 with vb.net.
I have asp.net page running under MOSS2007 and there is Access Denied error at signing (signedXml.ComputeSignature()). The code works as normal .net web application but it does not work under MOSS.
I need to validate a digital signature which consists of thumb impression,signature and tokenid which is in pendrive with a columns of a table in sqlserver2008 database. I am using capicom.dll in asp.net 3.5 using c#.
have a couple a projects in different solutions, one is a front facing site that has a login that will redirect from there to the other project. I have one SQL Membership database that I am using, when I try and login I get that Members.ValidateUser is true, but FormsAuthentication.Authenticate is false. So when I try and login and redirect it does not work. Am I missing something in the web.config? Is that something that I can even do?
I am trying to open my homepage with HTTPS in my test server. Is there a way i can create Self signed certifcates and see if https works. some links or any ideas with how to do Its an ASP.Net project and IIS V6.0
I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
There is an existing classic ASP application that uses CAPICOM to encrypt a file's content using a certificate. A new file is created with the encrypted content and put on a location from where another 3rd party web application picks up the file (with encrypted content). They use the certificate to decrypt the encrypted data .
I am re-writing this piece of the software in ASP.Net and have read a bit about the encryption algos in .Net. But I am unable to come to a solution I am aiming for.
My questions: a.) CAPICOM and .Net encryption? Any resource that has some sort of method mapping between the two?
b.) How to encrypt the content of a file using a certificate's private key? The reason I'm looking for this is this statement
The Sign method creates a digital signature on the content to be signed. A digital signature consists of a hash of the content to be signed that is encrypted by using the private key of the signer.
Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.
The way I see understand it currently:
Encrypted cookies:
Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one
Problems:
Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?
How do I know that computer A is computer A and not just computer B that copied computer A's cookie?
Client Certificates:
A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised
Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?