Does anyone know how or does anyone have some sample code on digitally signing a web form Right now we have a manual process on our network accounts. Someone fills out the form on the web, prints it and then faxes it to us. I'd like to make this as automated as possible. Thanks, Frank
Digitally sign a c# web form from a CaC (smart card)
Hot Topic
Visual C#
- Ambiguous Reference Problem.
- the filename, directory name or volume label syntax is incorrect.
- Which ROW in DataSet gave error?
- Transparent background
- Replacing Nulls in database table
- Dynamic code generation of windows forms
- How to: Write an ActiveX object in C#?
- Advanced Content Playback on HD-A1
- C# IDE Performance = Very Very Slow
- HELP! change the registry key on remote computer
Digitally sign a c# web form from a CaC (smart card)
Loranga
Hi,
Thanks for your posts on MSDN forums. Basically, it doesn't make sense to sign a web form in your source code, for the security check is based on binary data transfer. And it's highly suggested you enable SSL of your server's iis setting after you request a verisign certificate to public at: http://www.verisign.com. It hires "https" connnection with impossible change of your web form during request handling with client end.
Links to configure ssl on your iis:
http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm
Regards,
Cleo
Louis Davidson
Cleo, once again thanks for the reply,
We do have smart card log in enabled on our domain, however these are folks that do not have accounts on the domain, the purpose of the form is to establish their active directory account. We need to have these external users fill out the active directory account form and submit it to the system admistrators for action, however we need to have the end user digitally sign the form so that we can verify they are who they said they are on the form.
Thanks again,
Frank
bill777
Cleo,
Thanks for the reply.
I'm already using SSL on my site, what I need to do is have a user fill out the form via the web and then press a button that would basically "sign the form" and that would verify that he is who he says he is, by pulling whatever information is needed for that from his CaC or smart card.
Frank
Manjeet
Hi Frank,
In a ASP.NET application, i.e. the Web Form scenario, after the end user tried to send request to the Web Server, the web server response to the client with HTML with some other picutre or script.
So if we want to digital sign the data we want to submit to the web site, the algorithm will be exposed in the script. So anyone who will access to the https web site will get the script about how to digital sign. So if he got the smart card which will store the private key, he can submit the request just as the smart card owner do. Also the script has limited access to the machine.
So the key point is to what extent you trusted the user in the client side.
I think you may try to publish a client application, it will encrypt all the information with private key in smart card about application for a new account and then send to the server host, the host server will try to decrypt it with public key, if the information is OK, then we should trust the request information is from the smart card owner.
BTW: Commonly we suggest you send the new created AD account information to a trusted user with an initial password(maybe his manager), and then the trusted user told the user. After the user logon, he must change his initial password.
Best regards,
Peter Huang
Best regards,
Peter Huang
Aldo Donetti
Hi Frank,
Thanks for your feedback. You can enable simple use smart card to log onto the domain without signing up any web forms.
Still, it's a matter of IIS settings. Website properties-> Directory Securtiy->Authentication and access control->Edit, to disable anonymous access and enable "Integrated Windows authentication".
There what you want.
I sincerely hope it helps and please feel free to ask if you have any questions.
Regards,
Cleo
moinj
Hi FrankGroves,
We have specified Smart Card API in Win32.
Authentication Functions
http://msdn.microsoft.com/library/default.asp url=/library/en-us/secauthn/security/authentication_functions.asp
Here is some information for your reference.
Using Smart Card with C#
http://weblogs.asp.net/israelio/archive/2004/06/08/151104.aspx
Smart Cards in .NET, Part 2
http://www.aspfree.com/c/a/C-Sharp/Smart-Cards-in-.NET-Part-2/
SmartCard Subsembly
http://subsembly.com/en/smartcardsubsembly.html
http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_frm/thread/e7cf77d042c8947/726d9fdf6e7f75c0 lnk=st&q=smart+card+%22C%23%22&rnum=1&hl=en#726d9fdf6e7f75c0
If you still have any concern, please feel free to post here.
Best regards,
Peter Huang
IMauricio
What about pulling information from a smartcard Do you have any sample code that when a customer puts in their smartcard the application can read data from the card ie their First and Last name and their Organization
Thanks,
Frank