|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Logon with Digital Siganture (PKI/OCES - or what else they're called)Has anyone got the least experience in integrating the Digital Signature with an ASP.NET[C#] Web Application? Here in Denmark, as I supose in many other countries, they're promoting the digital signature. A lot of people already has one, to do their taxes, and much more. I have to use for a business-to-business e-commerce solution, where it's vital that the right user is being logged on, and not give his username and password to a colleague... Due to the Digital Signatures usage, companies are very aware of which employees has access to tax, VAT and things like that - and I can make a more secure web application... Anyone with just a good idea, own experiences, good links, or something? Thanks. Martin
Using the System.Security.Cryptography.X509Certificate class - you are able to verify that the certificate is valid (or has not expired). From the certificate you can obtain the Identity (property on the certificate object) that gives you information on who owns the vertificate. The Identity (not a windows identity, if you are talking about the danish one as this is issued by TDC), but a generic Identity object. Are you using the Certificate stuff inside an orginsation goverened by AD (Active Directory), the certificate presented to you maps to a user in AD (or can potentially map to a user in AD). Thereby - you've got the windowsidentity of an individual (you can cast it). /Claus Konrad DK. Show quoteHide quote "Martin Høst Normark" <m**@jydepost.dk> wrote in message news:433509b0$0$49020$14726298@news.sunsite.dk... > Hi everyone > > > Has anyone got the least experience in integrating the Digital Signature > with an ASP.NET[C#] Web Application? > > Here in Denmark, as I supose in many other countries, they're promoting > the > digital signature. A lot of people already has one, to do their taxes, and > much more. I have to use for a business-to-business e-commerce solution, > where it's vital that the right user is being logged on, and not give his > username and password to a colleague... > > Due to the Digital Signatures usage, companies are very aware of which > employees has access to tax, VAT and things like that - and I can make a > more secure web application... > > Anyone with just a good idea, own experiences, good links, or something? > > Thanks. > > > To corrrect myself - you can obtain the individual to whom the certificate
was issued. The identity object is obtained from the securitytoken you can get from the certificate. But - one thing with the "issed to" property - it is only a string giving you a name; this means that if you are presented with 2 valid certificates each carrying the name "Martin Normark", you are not able to distinguish the two. Two persons can easely be carrying the same name (e.g. Peter Jensen is a quite common name in DK). In such case, you should be using the SHA1 hash of the certificate (Certificate.GetHash()) which you trust to verifiy the request coming in, is indeed signed with the correct certificate (.e.g carrying the correct signature). /Claus Show quoteHide quote "Martin Høst Normark" <m**@jydepost.dk> wrote in message news:433509b0$0$49020$14726298@news.sunsite.dk... > Hi everyone > > > Has anyone got the least experience in integrating the Digital Signature > with an ASP.NET[C#] Web Application? > > Here in Denmark, as I supose in many other countries, they're promoting > the > digital signature. A lot of people already has one, to do their taxes, and > much more. I have to use for a business-to-business e-commerce solution, > where it's vital that the right user is being logged on, and not give his > username and password to a colleague... > > Due to the Digital Signatures usage, companies are very aware of which > employees has access to tax, VAT and things like that - and I can make a > more secure web application... > > Anyone with just a good idea, own experiences, good links, or something? > > Thanks. > > >  
Other interesting topics
LogonUser
Can i run more then one session on the computer? TripleDESCryptoServiceProvider Correctly using RSACryptoServiceProvider? Code Signing Certificates for individuals / open-source simple way to encrypt data windows authentication problem security engineering for windows forms Safe Source Code aspnet users permission under SSL on windows server 2003 |
|||||||||||||||||||||||
