Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old April 30th, 2007, 01:53 PM
Wrox Author
  
Join Date: Oct 2005
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default Security with .PFX
Hello All,
   I am not sure if I am going about this the wrong way so I have come here to bounce this problem off of everyone for a little input!

Here is the situation:
Part of our Intranet contains a Client Database which is regulated by HIPPA Standards. Currently I base permissions to this system based off of the currently logged on user ([domain]\[user]) however, Management would now like to add another layer of security to this model.

What has been proposed is the use of .PFX files (possibly on USB Tokens) so that when employee X uploads or verifies a piece of data, the .PFX cert would be attached to the upload or verification to prove that the user is who they say they are.

Currently I have a Bestoken USB Token which I have installed a .PFX file on and, using their SDK I am able to enumerate through the token and read who the Certificate belongs to albeit I am not prompted to supply the password. (This is by design since I am just reading the name off of the cert and not actually using it to sign anything)

What I am caught up on is that all of the MSDN articles that I have read use certificates stored in the local store to provide authentication, however, this is undesireable since not all of our employees have their own pc. The most desireable endresult would be that the user selected the .PFX file, provided a password, and the document could then be verified.

Does anyone have any experience in doing something like this or any general advice to help me along?

Any help would be greatly appreciated.

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========
__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================





Similar Threads
Thread Thread Starter Forum Replies Last Post
certificate pfx c# gives me an err ".forbidden 403 kalchev ASP.NET 2.0 Professional 1 April 21st, 2009 07:56 AM
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
System.Security.SecurityException: Security error coolcatjk Pro VB.NET 2002/2003 4 March 2nd, 2006 06:00 PM
Security deys C++ Programming 0 February 2nd, 2006 02:33 AM
Security MDrumm Access 9 August 2nd, 2005 10:23 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.