views:

78

answers:

2

I have been searching all day and reading many tutorials and still I am confused. I am working on a project that has the following requirements as specified by the client (customer - not to be confused with client app):

  1. Connect to a remote server and verify that connection was successful.
  2. Connect to Web service on said server via SOAP.
  3. Authenticate with service using public key encryption
  4. Upon successful authentication, push a list of products and categories to a MSSQL database on remote server via the Web service.

The client is a Winforms application written in C#. So far, I have created a WCF Service Application with separate services for the products and categories but I cannot figure the rest out.

Can anyone point me in the direction of a tutorial or tutorials that cover these requirements?

Many thanks in advance!

Joe

+1  A: 

Well.. you'll want to interface with the database using a Data Access Layer of some sort. Your options are rolling your own.. or using pre-made solutions such as Linq2SQL, Entity Framework, nHibernate, SubSonic etc.

In regards to security, if transmission of data with the webservice is the issue you could simply use HTTPS.

The data will be transferred over HTTPS as per the clients requirements. The reason for the public key is to identify the user.
Leedsoft Solutions
Sure... so you'll be signing the data on the client side with the client's private key and then verifying this signature on the server side with that clients public key once a signed message is received. As far as I'm aware this is all within the scope of the crypto libraries provided with .net.
http://www.fryan0911.com/2009/04/c-how-to-sign-and-verify-digital.htmlThis should get you started.
Thanks ac2u. I am actually working on an implementation right now that does not involve certificates as I cannot justify the cost of purchasing one for each customer. (Do they even have to be bought? Or am I confusing them with SSL?) I will check out the link you provided though. Thanks again!
Leedsoft Solutions
A: 

I have worked out the following solution:

  1. User enters username, password and public key
  2. Program connects to remote WCF service which checks provided username and password against database on server to ensure that they are correct - username and password are sent via custom MessageContract.
  3. Upon successful authentication, server sends response back to client to let it know to proceed.
  4. User selects products and categories to send to remote server.
  5. Selected information is encrypted by the client with user's public key and decrypted at the server with the corresponding private key.
  6. Decrypted information is stored in database.

Am I on the right track?

Leedsoft Solutions
you wouldn't have the users private key on the server.If you want to ensure that messages passed along the wire aren't tampered with.. this is where signing on the client side with a private key and verifiying on the server with a public key comes in. The link I provided in a comment to my previous answer should get you started on that.