Basic encryption to authenticate users

views:

answers:

+1 Q:

Basic encryption to authenticate users

I'm writing a web service and I need to make sure only valid applications will use it (before I start managing a session for their users).

In order to achieve that I thought of using asymmetric key algorithm, but I'm not really sure how - what data to encrypt, how to manage the keys, etc. (my web service's data isn't that sensitive, I'm just trying to block casual trouble-makers).

Side note: I'm using .NET and found this class- RSACryptoServiceProvider to be useful, but any framework independent idea would be much appreciated.

Thanks.

+2 A:

Generally speaking, your web service could send a random value of some bytes (challenge) and expect a valid answer for it (response). E.g. the response could be the SHA256 digest for the challenge and some secret bytes embedded in the application (salt). .NET-Code sample here.

ur 2010-09-20 12:54:22

Just use a Password. Encryption is only useful when you expect somebody can intercept traffic.

Henk Holterman 2010-09-20 12:54:59

@Henk: Maybe I wasn't clear enough, I would like to authenticate the applications that use my web service before I give passwords to their users..

Oren A 2010-09-20 13:05:32

ansaurus

tags:

views:

answers:

Basic encryption to authenticate users

related questions