secure web server asp.net
Question
I have a graphical user interface for my company product. I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? if yes, Please can some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
Any help is appreciated. thanks..
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text;
string role = "Administrators";
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
I am not sure how secure this is?? any suggestions.
3 answers
solution1
5 ACCPTED 2010-07-20 14:22:11
Is SSL one of the options?
It is the only sensible one
if yes, Please can some1 tell me the steps on how to implement it in my application code.
Assuming you are dealing with a browser (as opposed to your own client applications that then communicates with the server via HTTP). You don't go near your application code with SSL (other than making sure your URIs are https ones).
You just install an SSL cert on the server.
Do i need to buy the certificate or can i make it.. which is the best choice?
You can produce a self-signed cert, but this will generate scary warnings about trust in the user's browser. If the users are technically savvy or you have the resources to install the cert (and mark it as trusted) on all the clients before hand, this is fine. Otherwise you probably should buy one.
solution2
1 2010-07-20 14:21:42
Using authentication in your .net code will not secure the communication "on the wire." SSL is THE option of securing web traffic between a browser and the web server. You will need to purchase a secure certificate and configure your web server (not your ASP.NET application) to use the certificate.
solution3
1 2010-07-20 14:23:32
SSL is indeed a possibility. Have a look at: http://support.microsoft.com/kb/813829
You do possibly need to alter code though (see link above).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.