Reputation: 4630
secure web server asp.net
I have a graphical user interface for my company product. I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? if yes, Please can some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
Any help is appreciated. thanks..
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text;
string role = "Administrators";
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
I am not sure how secure this is?? any suggestions.
Upvotes: 0
Views: 346
Answers (3)
Reputation: 14039
SSL is indeed a possibility. Have a look at: http://support.microsoft.com/kb/813829
You do possibly need to alter code though (see link above).
Upvotes: 1
Reputation: 943591
Is SSL one of the options?
It is the only sensible one
if yes, Please can some1 tell me the steps on how to implement it in my application code.
Assuming you are dealing with a browser (as opposed to your own client applications that then communicates with the server via HTTP). You don't go near your application code with SSL (other than making sure your URIs are https ones).
You just install an SSL cert on the server.
Do i need to buy the certificate or can i make it.. which is the best choice?
You can produce a self-signed cert, but this will generate scary warnings about trust in the user's browser. If the users are technically savvy or you have the resources to install the cert (and mark it as trusted) on all the clients before hand, this is fine. Otherwise you probably should buy one.
Upvotes: 5
Reputation: 2389
Using authentication in your .net code will not secure the communication "on the wire." SSL is THE option of securing web traffic between a browser and the web server. You will need to purchase a secure certificate and configure your web server (not your ASP.NET application) to use the certificate.
Upvotes: 1
Related Questions
- How to use HTTPS in an ASP.Net Application
- SSL on Asp.net website
- Secure ASP.NET MVC application with SSL and client certificate authentication
- How to use SSL in ASP.NET application
- How do I implement HTTPS in an ASP.NET Project?
- How to implement ssl on website in shared hosting?
- How to set up SSL?HTTPs in asp.net
- ASP: SSL integration
- ASP.net SSL question
- Call a webservice via ssl and use a client pass