tags:

views:

46

answers:

3
Q: 

secure web server asp.net

I have a graphical user interface for my company product. I want to secure the data being sent back and forth between client and server.

Is SSL one of the options? if yes, Please can some1 tell me the steps on how to implement it in my application code.

Do i need to buy the certificate or can i make it.. which is the best choice?

Any help is appreciated. thanks..

I am logging in using FormsAuthenticationTicket as follows:

Session["userName"] = UserName.Text;
                    Session["password"] = Password.Text;
                    Session["domain"] = Domain.Text;
                    string role = "Administrators";

                    // Create the authentication ticket
                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,                          // version
                                                   UserName.Text,           // user name
                                                   DateTime.Now,               // creation
                                                   DateTime.Now.AddMinutes(60),// Expiration
                                                   false,                      // Persistent 
                                                   role);         // User data

                    // Now encrypt the ticket.
                    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                    // Create a cookie and add the encrypted ticket to the
                    // cookie as data.
                    HttpCookie authCookie =
                                 new HttpCookie(FormsAuthentication.FormsCookieName,
                                                encryptedTicket);

                    // Add the cookie to the outgoing cookies collection.
                    Response.Cookies.Add(authCookie);

                    // Redirect the user to the originally requested page 
                    Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));

I am not sure how secure this is?? any suggestions.

+1  A: 

Using authentication in your .net code will not secure the communication "on the wire." SSL is THE option of securing web traffic between a browser and the web server. You will need to purchase a secure certificate and configure your web server (not your ASP.NET application) to use the certificate.

Ricky Smith  2010-07-20 14:21:42
thank you. so i dont make any change in my code? are any steps to install the SSL on server or a link of any kind that you kno of. it will be very helpful for me to start working on it.. thank you once again..
 2010-07-20 14:44:32
+5  A: 

Is SSL one of the options?

It is the only sensible one

if yes, Please can some1 tell me the steps on how to implement it in my application code.

Assuming you are dealing with a browser (as opposed to your own client applications that then communicates with the server via HTTP). You don't go near your application code with SSL (other than making sure your URIs are https ones).

You just install an SSL cert on the server.

Do i need to buy the certificate or can i make it.. which is the best choice?

You can produce a self-signed cert, but this will generate scary warnings about trust in the user's browser. If the users are technically savvy or you have the resources to install the cert (and mark it as trusted) on all the clients before hand, this is fine. Otherwise you probably should buy one.

David Dorward  2010-07-20 14:22:11
thank you so much for the well explained answer.. so if i go with SSL i dont need to make any changes in my present code?? I just buy the certificate and then do what.. if there are any further steps i need to follow to install please let me know. I ask this because i need to understand before i explain it to my manager. appreciate all the help
 2010-07-20 14:41:59
It depends on your server. I assume you use IIS, which I've managed to avoid for the last decade or so.
David Dorward  2010-07-20 15:00:59
yes i use iis.. so what are u sing to implement SSL? thanks
 2010-07-20 15:04:03
Apache on Debian
David Dorward  2010-07-20 15:21:56
+1  A: 

SSL is indeed a possibility. Have a look at: http://support.microsoft.com/kb/813829

You do possibly need to alter code though (see link above).

Tobiasopdenbrouw  2010-07-20 14:23:32
+ David Dorward's answer.
Tobiasopdenbrouw  2010-07-20 14:24:50
your post was very helpful. thanks
 2010-07-20 15:09:43

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?