安全的Web服务器asp.net
[英]secure web server asp.net
问题描述
I have a graphical user interface for my company product. 
我的公司产品具有图形用户界面。 I want to secure the data being sent back and forth between client and server. 我想保护在客户端和服务器之间来回发送的数据。
Is SSL one of the options? SSL是其中之一吗? if yes, Please can some1 tell me the steps on how to implement it in my application code. 如果是,请some1告诉我如何在我的应用程序代码中实现它的步骤。
Do i need to buy the certificate or can i make it.. which is the best choice? 我需要购买证书还是可以做?。这是最佳选择?
Any help is appreciated. 任何帮助表示赞赏。 thanks.. 谢谢..
I am logging in using FormsAuthenticationTicket as follows: 我使用FormsAuthenticationTicket登录,如下所示:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text;
string role = "Administrators";
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
I am not sure how secure this is?? 我不确定这有多安全? any suggestions. 有什么建议么。
3 个解决方案
解决方案1
5 已采纳 2010-07-20 14:22:11
Is SSL one of the options?
It is the only sensible one 这是唯一明智的
if yes, Please can some1 tell me the steps on how to implement it in my application code.
Assuming you are dealing with a browser (as opposed to your own client applications that then communicates with the server via HTTP). 假设您正在使用浏览器(而不是您自己的客户端应用程序,然后通过HTTP与服务器通信)。 You don't go near your application code with SSL (other than making sure your URIs are https ones). 您不会使用SSL接近您的应用程序代码(除了确保URI是https之外)。
You just install an SSL cert on the server. 您只需在服务器上安装SSL证书即可。
Do i need to buy the certificate or can i make it.. which is the best choice?
You can produce a self-signed cert, but this will generate scary warnings about trust in the user's browser. 您可以生成一个自签名证书,但是这会生成有关用户浏览器信任的可怕警告。 If the users are technically savvy or you have the resources to install the cert (and mark it as trusted) on all the clients before hand, this is fine. 如果用户在技术上精通,或者您有资源事先在所有客户端上安装证书(并将其标记为受信任),则可以。 Otherwise you probably should buy one. 否则,您可能应该购买一个。
解决方案2
1 2010-07-20 14:21:42
Using authentication in your .net code will not secure the communication "on the wire." 在.NET代码使用身份验证将无法保证通信“上线”。 SSL is THE option of securing web traffic between a browser and the web server. SSL是保护浏览器和Web服务器之间的网络流量的选项。 You will need to purchase a secure certificate and configure your web server (not your ASP.NET application) to use the certificate. 您需要购买安全证书,并配置Web服务器(不是你的ASP.NET应用程序)使用的证书。
解决方案3
1 2010-07-20 14:23:32
SSL is indeed a possibility. SSL确实是一个可能性。 Have a look at: http://support.microsoft.com/kb/813829 看一看: http://support.microsoft.com/kb/813829
You do possibly need to alter code though (see link above). 你可能需要改变,虽然代码(见上面的链接)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.