Securing an ASP.Net application

Discussion in 'ASP .Net Security' started by Xarky, Apr 26, 2005.

  1. Xarky

    Xarky Guest

    Hi,
    I am writing a web application, and would like to make it secure. By
    secure I mean, that the data that is transmitted is not altered, and
    if data is stolen the data that they view has no meaning to them.

    I was trying to following this link, though I don't know if I am on
    the correct path.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT16.asp

    Also on that link I am finding a problem. In the part To Generate a
    certificate request, in the Directory Security tab, the Server
    Certificate is unavailable for all type of files and directories.

    Can someone give me further help.
    Thanks in Advance
     
    Xarky, Apr 26, 2005
    #1
    1. Advertising

  2. Xarky

    swat Guest

    SSL provides authentication, private communication (traffic between
    client and server is encrypted), and data integrity (ensures that data
    has not been tampered with during transmission). So to answer your
    first question: You are NOT on the wrong track by choosing SSL.

    Server certificates are set up on a per website basis, and not on
    virtual directories, files, or folders.

    Did you select a website before opening the properties dialog box?
     
    swat, Apr 26, 2005
    #2
    1. Advertising

  3. Xarky

    xarky d_best Guest

    Hi,

    I am doing as follows.

    Control Panel -> Administrative Tools -> Internet Information Services

    I open the MyComputer Icon->WebSites->MyProject and then select an aspx
    file. I right click on this file, but the tab Directory Security is not
    found.

    The Tabs I have available are:
    File, File Security, Http Headers, Custom Errors.

    In the File Security, within Secure Communications, there is a Server
    certificate, but this is also disabled.

    What should my problem be?

    I am using Windows XP Professional SP2.
    Internet Information Services - Version: 5.1
    Microsoft Dot Net Framework 1.1

    Can someone help me out.
    Thanks in Advance

    *** Sent via Developersdex http://www.developersdex.com ***
     
    xarky d_best, Apr 27, 2005
    #3
  4. Xarky

    swat Guest

    Hi xarky d_best,

    You are selecting a file instead of a website.

    In your case of "MyComputer Icon > WebSites > MyProject", MyProject
    would be the web site, unless you skipped listing "Default Web Site" in
    your path (MyComputer Icon > WebSites > Default Web Site > MyProject).

    If MyProject is a web site, you must right click on it (do not select a
    file under it first), select Properties, click on Directory Security
    tab and continue with the settings as described in the document on
    MSDN. The first tab selected in the properties dialog box when you open
    it should have the title "Web Site" and not "Virtual Directory",
    "Directory", or "File".

    If MyProject is not a website, but a virtual directory or directory,
    you must set up a web site to run your project under of use the
    "Default Web Site" if MyProject is listed under it.

    HTH
     
    swat, Apr 27, 2005
    #4
  5. Xarky

    swat Guest

    Hi xarky d_best,

    You are selecting a file instead of a website.

    In your case of "MyComputer Icon > WebSites > MyProject", MyProject
    would be the web site, unless you skipped listing "Default Web Site" in
    your path (MyComputer Icon > WebSites > Default Web Site > MyProject).

    If MyProject is a web site, you must right click on it (do not select a
    file under it first), select Properties, click on Directory Security
    tab and continue with the settings as described in the document on
    MSDN. The first tab selected in the properties dialog box when you open
    it should have the title "Web Site" and not "Virtual Directory",
    "Directory", or "File".

    If MyProject is not a website, but a virtual directory or directory,
    you must set up a web site to run your project under or use the
    "Default Web Site" if MyProject is listed under it.

    HTH
     
    swat, Apr 27, 2005
    #5
  6. Xarky

    xarky d_best Guest

    Hi,
    Under My Web Sites folder, I have the Default Web Site

    -Web Sites
    - Default Web Site
    + IIS Help
    + Printers
    + aspnet_client
    + MyProject

    Right-Cliking on MyProject, the Server Certificate under the Security
    tab is disabled.

    Right-Cliking on Default Web Site, the Server Certificate under the
    Securtiy tab is enabled. Should I continue to follow the instructions
    from here?

    Thanks

    *** Sent via Developersdex http://www.developersdex.com ***
     
    xarky d_best, Apr 27, 2005
    #6
  7. Xarky

    swat Guest

    Yes.

    Another option is to create a new web site, host your application under
    it, and set up SSL for the new web site.

    Note: You can have only one server certificate per web site.
     
    swat, Apr 27, 2005
    #7
  8. Xarky

    xarky d_best Guest

    Hi,
    How can I create my own Web Site, and then put my project into.

    Also, following the instructions, there seems to make a request to a CA.
    Does this generally take long?

    After following all those steps given in that link, should that all be
    the process of securing my web application.


    Thanks for all your help.



    *** Sent via Developersdex http://www.developersdex.com ***
     
    xarky d_best, Apr 28, 2005
    #8
  9. Xarky

    swat Guest

    Sorry. I forgot you were using Win XP. I don't think you can create
    multiple web sites on Win XP. Check out this link for a possible
    workaround:
    http://dotnetjunkies.com/WebLog/mjordan/archive/2003/12/30/5033.aspx

    You need Microsoft Certificate Services installed on a computer on your
    network to be able to generate your own certificates, which don't take
    long to generate.

    After following the steps, you would have set up SSL for your
    application. And since your requirement was "secure communication", SSL
    would cover this.
     
    swat, Apr 28, 2005
    #9
  10. Xarky

    swat Guest

    Sorry. I forgot you were using Win XP. I don't think you can create
    multiple web sites on Win XP. Check out this link for a possible
    workaround:
    http://dotnetjunkies.com/WebLog/mjordan/archive/2003/12/30/5033.aspx

    You need Microsoft Certificate Services installed on a computer on your
    network to be able to generate your own certificates, which don't take
    long to generate.

    After following the steps, you would have set up SSL for your
    application. And since your requirement was "secure communication", SSL
    would cover this.
     
    swat, Apr 28, 2005
    #10
  11. Xarky

    xarky d_best Guest

    Hi,

    > You need Microsoft Certificate Services installed on a
    > computer on your network to be able to generate your own
    > certificates, which don't take long to generate.


    Can the Mircosoft Certificate Services be installed on my(same) PC.
    Frow where can these be downloaded or installed?

    Thanks

    *** Sent via Developersdex http://www.developersdex.com ***
     
    xarky d_best, Apr 28, 2005
    #11
  12. Xarky

    swat Guest

    Certificate Services is available as a Windows Component in Windows
    2000 server and Windows 2003 server. It can be installed on the same PC
    you are requesting a certificate from.
     
    swat, Apr 28, 2005
    #12
  13. Xarky

    xarky d_best Guest

    xarky d_best, Apr 28, 2005
    #13
  14. Dominick Baier [DevelopMentor], Apr 28, 2005
    #14
  15. Xarky

    xarky d_best Guest

    So its useless trying this solution :(

    Is there another way how I can secure data transfering?



    *** Sent via Developersdex http://www.developersdex.com ***
     
    xarky d_best, Apr 28, 2005
    #15
  16. Hello xarky d_best,

    Well - you only need the server to get the certificate - SSL will work fine
    on XP...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > So its useless trying this solution :(
    >
    > Is there another way how I can secure data transfering?
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    >
     
    Dominick Baier [DevelopMentor], Apr 28, 2005
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jurjen de Groot
    Replies:
    0
    Views:
    439
    Jurjen de Groot
    Jan 30, 2004
  2. Michael Johnson Sr.

    Securing ASP.NET in a shared environment

    Michael Johnson Sr., Feb 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    335
    Michael Johnson Sr.
    Feb 17, 2004
  3. Ricky

    Securing Web application

    Ricky, Aug 25, 2003, in forum: Java
    Replies:
    2
    Views:
    373
    Ricky
    Aug 26, 2003
  4. Francesco

    Securing a Java Application

    Francesco, Jan 29, 2007, in forum: Java
    Replies:
    2
    Views:
    292
    Alex Hunsley
    Jan 31, 2007
  5. Graeme Coutts

    Securing a ASP web application

    Graeme Coutts, Jun 14, 2004, in forum: ASP General
    Replies:
    1
    Views:
    108
    Jeff Dillon
    Jun 14, 2004
Loading...

Share This Page