There is an existing classic ASP application that uses CAPICOM to encrypt a file's content using a certificate. A new file is created with the encrypted content and put on a location from where another 3rd party web application picks up the file (with encrypted content). They use the certificate to decrypt the encrypted data .
I am re-writing this piece of the software in ASP.Net and have read a bit about the encryption algos in .Net. But I am unable to come to a solution I am aiming for.
My questions:
a.) CAPICOM and .Net encryption? Any resource that has some sort of method mapping between the two?
b.) How to encrypt the content of a file using a certificate's private key? The reason I'm looking for this is this statement
The Sign method creates a digital signature on the content to be signed. A digital signature consists of a hash of the content to be signed that is encrypted by using the private key of the signer.
i created a asp.net form for registration without using login controls and a table for storing information. the passwords in the password column in the table is clearly visible in text form i want it to be in encrypted form.
ID Name Contact No Address 1 ABC XXXXXXX ABCNM2 XYZ xxxxxxx ASDFG
Now my requirement is read data from this excel sheet and den encrypt Contact No field for each row and den save data in database, how should it will be done I have to use some ready made available encryption algo for that.
look at the step 5 at "Using the Example Provider in an ASP.NET Application" element , I entered the command "
aspnet_regiis.exe -pe "connectionStrings" -app "/SessionState" -prov "TripleDESProvider" " at the windows command line, it asked me "The protection provider 'TripleDESProvider' was not found"
I make sure the files keys.snk and keys.txt are in the same folder and the file web.config is correct. Who can tell me the reason for the error and how do I handle with it?
Is there anyway I can encode my asp.net source code?
I really don't want my customer to steal my vb source code. They refused to pay extra for the source code and license. So we need to convert vb file to dll or encode(encrypt) vb source code that no one can understand the logic or decode(decrypt).
I want to encrypt my web config when i deploy it to server so that the username and password of database is secured. I've tried some of the encryption and it did'nt work. here is my code.
I am trying to open my homepage with HTTPS in my test server. Is there a way i can create Self signed certifcates and see if https works. some links or any ideas with how to do Its an ASP.Net project and IIS V6.0
I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
we can not add .mdf file to the project in vs2008 and sql server2008 when i am adding .mdf file its displaying an error message so it is not possible to add
Is it possible to read the certificate(s) in a clients browser through code? The situation I have is, someone is going to access my website with a certificate installed. In that certificate, there will be specific information related to my application. I will be pulling that specific peice of info out, and then doing what I need to with it.
I can already read certificates from my local machine (using the X509Certificate2 class), and using string manipulation, traverse out the information needed. The only part I can't do, is pull certificates from the browser.
I have tried using the '.IsPresent' function on an HttpClientCertificate object, but that always returns false (even though I have four certificates installed on my machine).
Is anyone using digital certificates in project ?I have created a digital certificate using Microsoft certificate services.I have installed this certificate on my website.When I access website over https I get digital certificate error in browser.Most common cause for this error is incorrect date/time settings on client machine. This is not the issue in my case.
I am fairly new to web development and have never used Digital Certificates before. I assume using a digital certificate on a silverlight web page is the same as using one on any other web page, but i thought i should check. There are a few example of digitally signing the .xap file on the internet, would it then be a case of simply buying the certificate (from verisign or somewhere similar) and distributing it to customers?
Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.
The way I see understand it currently:
Encrypted cookies:
Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one
Problems:
Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?
How do I know that computer A is computer A and not just computer B that copied computer A's cookie?
Client Certificates:
A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised
Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?
I was wondering if it is possible to call a webservice or send a SOAP request using a provided certificate to encrypt my password (my identity) and use another to encrypt/sign a timestamp, service header, & soap body? Does anyone have any material or sample code where I can test encryption and security too? It doesn't have to be my own certificates, I just want to see it work and then I can possibly tailor it to my needs. After the SOAP request, there will be a provided response which I assume I will have to decrypt.
I found this thread, but it doesn't seem to use signatures or an SSL connection. Does VS 2010 have some extra features to help out on this? I believe the SOAP should look like this.
