Pass SecureString to web service?

Discussion in 'ASP .Net Security' started by RMT, Jun 6, 2006.

  1. RMT

    RMT Guest

    Hi,



    Is there a way to get the encrypted bits from a SecureString, rather than
    pinning it down and getting it's actual, decrypted value in unmanaged
    memory?

    What I would like to do is simply compare the unicode encrypted string in
    the database with the unicode eyncrypted string passed by the client to the
    web service. Presumably I cannot use SecureString to do this and will have
    to roll my own encryption?




    Robin
     
    RMT, Jun 6, 2006
    #1
    1. Advertising

  2. Yes, you'd need to roll your own encryption. Typically, the most difficult
    part of getting this secure is coming up with a secure means of exchanging
    keys. That's why SSL is generally regarded as good (it does this well and
    has been well tested).

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "RMT" <> wrote in message
    news:e645n5$pi0$1$...
    > Hi,
    >
    >
    >
    > Is there a way to get the encrypted bits from a SecureString, rather than
    > pinning it down and getting it's actual, decrypted value in unmanaged
    > memory?
    >
    > What I would like to do is simply compare the unicode encrypted string in
    > the database with the unicode eyncrypted string passed by the client to
    > the web service. Presumably I cannot use SecureString to do this and will
    > have to roll my own encryption?
    >
    >
    >
    >
    > Robin
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 6, 2006
    #2
    1. Advertising

  3. RMT

    RMT Guest

    Okay tyvm.

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Yes, you'd need to roll your own encryption. Typically, the most
    > difficult part of getting this secure is coming up with a secure means of
    > exchanging keys. That's why SSL is generally regarded as good (it does
    > this well and has been well tested).
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "RMT" <> wrote in message
    > news:e645n5$pi0$1$...
    >> Hi,
    >>
    >>
    >>
    >> Is there a way to get the encrypted bits from a SecureString, rather than
    >> pinning it down and getting it's actual, decrypted value in unmanaged
    >> memory?
    >>
    >> What I would like to do is simply compare the unicode encrypted string in
    >> the database with the unicode eyncrypted string passed by the client to
    >> the web service. Presumably I cannot use SecureString to do this and
    >> will have to roll my own encryption?
    >>
    >>
    >>
    >>
    >> Robin
    >>

    >
    >
     
    RMT, Jun 6, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    330
    Patrick.O.Ige
    Nov 9, 2005
  2. hocho888
    Replies:
    1
    Views:
    665
  3. Michael Averstegge
    Replies:
    0
    Views:
    4,300
    Michael Averstegge
    Jan 10, 2006
  4. Bishoy George

    How to convert string to SecureString?

    Bishoy George, Aug 23, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    365
    Bishoy George
    Aug 23, 2006
  5. Leo Violette
    Replies:
    0
    Views:
    1,084
    Leo Violette
    Apr 17, 2009
Loading...

Share This Page