asp.net data authentication

Discussion in 'ASP .Net Security' started by Kdeutsch, Aug 29, 2008.

  1. Kdeutsch

    Kdeutsch Guest

    My requirement is this, I need to be able to have personnel sign data with a
    smart card. For instance I would like to place a text box and a button on a
    page and have a user pick on the button provide the pin for smart card and it
    will put their digital signature in the textbox. The reason for this is for
    signing payrolls or authenticating other typers of data. Can this be done in
    asp.net and how.
    Thanks
    Kdeutsch, Aug 29, 2008
    #1
    1. Advertising

  2. Kdeutsch

    Joe Kaplan Guest

    Signing data with a private key requires access to the private key and that
    is only available on the client application. As such, you will need some
    code running in the browser itself to actually sign the data you want to
    sign.

    There are potentially a bunch of different ways you could do this (ActiveX,
    ..NET downloadable component, maybe script?), but you can't do it completely
    with server side code.

    Joe K.
    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Kdeutsch" <> wrote in message
    news:...
    > My requirement is this, I need to be able to have personnel sign data with
    > a
    > smart card. For instance I would like to place a text box and a button on
    > a
    > page and have a user pick on the button provide the pin for smart card and
    > it
    > will put their digital signature in the textbox. The reason for this is
    > for
    > signing payrolls or authenticating other typers of data. Can this be done
    > in
    > asp.net and how.
    > Thanks
    Joe Kaplan, Aug 29, 2008
    #2
    1. Advertising

  3. Kdeutsch

    Lars Guest

    Hi

    I'm not sure what you mean by "private key". Is it within the database?

    When it comes to payment over the Internet I always recomend you to use one
    of the major payment services on the Internet. Such as www.Shareit.com,
    www.Plimus.com or www.RegNow.com. The major reason is that these companies
    are trusted by users. I would never go to a minor companies homepage and by
    any thing with a credit card.

    If it is for paying your affiliates www.RegNow.com can help you with this
    to. They have components that can do the trick for you. Or ask your
    affiliates for an IBAN account number so you can wire the money.

    I have made money from programs available on the Internet since 1999. At
    start I used Share but due to VAT laws in Europe where I live it was easier
    to use Plimus and RegNow. They pay all the VAT for you customers so you
    never have to think about VAT.

    If you have to create your own page you might be interested in using Roles
    on the pages. Create an account for each affiliate or customer then set the
    role for each affiliate or customer to for example Affiliate or Customer.

    I have users who are licensed users after payning through Plimus or ShareIt.
    I have a role called Affiliate and one role called licensed. When the user
    logs in using the login page the site knoe what kind of uer it is. So that
    way my licensed users and affiliates have their own pages.

    You can also create folders that are only for users in a specified role.


    Here's one example how to write the Login page which I calle Account.aspx.
    For some reason my ISP's ASP.NET server doesn't like script to be called
    Login.aspx. The parameter RedirectURL should be set to the page you want the
    user to return to. For example:

    If the page ~/Licensed/Default.aspx calls the ~/Account.aspx script call the
    stricpt the with the following parameter

    ~/Account.aspx?RedirectURL=~/Licensed/Default.aspx

    If the user is logged in and is in the role Licensed.aspx the user ends up
    on the page ~/Licensed/Default.aspx

    In the Licensed folder place a file called web.config. I have written to
    code for that page after the C# script.

    If any one tries to access a page in the folder Licensed who doesn't have
    the role Licensed the user will not reach the page.

    ========================

    using System;
    using System.Collections;
    using System.Configuration;
    using System.Data;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.HtmlControls;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;

    public partial class LoginPage : System.Web.UI.Page
    {
    protected void RedirectToPage()
    {
    try
    {
    String sRedirectURL = (String)Session["RedirectURL"];
    String Name = User.Identity.Name;

    if (User.Identity.IsAuthenticated)
    {
    if (User.IsInRole("Administrator"))
    {
    Response.Redirect("Admin/Default.aspx");
    }
    else if (User.IsInRole("Basic User"))
    {
    if (sRedirectURL == null)
    {
    Response.Redirect("Default.aspx");
    }
    else
    {
    Response.Redirect(sRedirectURL);
    }
    }
    else if (User.IsInRole("Licensed"))
    {
    if (sRedirectURL == null)
    {
    Response.Redirect("~/Licensed/Default.aspx");
    }
    else
    {
    Response.Redirect(sRedirectURL);
    }
    }
    else if (User.IsInRole("Affiliate"))
    {
    if (sRedirectURL == null)
    {
    Response.Redirect("Default.aspx");
    }
    else
    {
    Response.Redirect(sRedirectURL);
    }
    }
    }
    if (sRedirectURL != null)
    {
    Response.Redirect(sRedirectURL);
    }
    }
    catch (Exception ex)
    {
    }
    }


    protected void Login1_LoggedIn(object sender, EventArgs e)
    {
    RedirectToPage();
    }
    }

    ========================



    ==== web.congig ==========

    <?xml version="1.0" encoding="utf-8"?>
    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
    <authorization>
    <allow roles="Licensed" />
    <deny users="*" />
    </authorization>
    </system.web>
    </configuration>

    ========================


    Yours
    Lars


    "Joe Kaplan" <> skrev i meddelandet
    news:...
    > Signing data with a private key requires access to the private key and
    > that is only available on the client application. As such, you will need
    > some code running in the browser itself to actually sign the data you want
    > to sign.
    >
    > There are potentially a bunch of different ways you could do this
    > (ActiveX, .NET downloadable component, maybe script?), but you can't do it
    > completely with server side code.
    >
    > Joe K.
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "Kdeutsch" <> wrote in message
    > news:...
    >> My requirement is this, I need to be able to have personnel sign data
    >> with a
    >> smart card. For instance I would like to place a text box and a button
    >> on a
    >> page and have a user pick on the button provide the pin for smart card
    >> and it
    >> will put their digital signature in the textbox. The reason for this is
    >> for
    >> signing payrolls or authenticating other typers of data. Can this be
    >> done in
    >> asp.net and how.
    >> Thanks

    >
    >
    Lars, Aug 30, 2008
    #3
  4. Kdeutsch

    Joe Kaplan Guest

    If you don't know what a private key is, why are you answering a question
    about signing data with a smart card?

    Joe K.
    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Lars" <> wrote in message
    news:5Mhuk.1928$...
    > Hi
    >
    > I'm not sure what you mean by "private key". Is it within the database?
    >
    Joe Kaplan, Sep 2, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brett Porter
    Replies:
    2
    Views:
    756
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  2. Brett Porter
    Replies:
    2
    Views:
    194
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  3. Fabio Gouw

    ASP.NET Authentication and Windows Authentication

    Fabio Gouw, Nov 15, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    142
    Ken Schaefer
    Nov 16, 2004
  4. nenzax
    Replies:
    1
    Views:
    226
    Dominick Baier [DevelopMentor]
    Dec 18, 2005
  5. Michael D. Ober
    Replies:
    6
    Views:
    288
    Michael D. Ober
    Oct 30, 2006
Loading...

Share This Page