Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old April 30th, 2007, 01:53 PM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default Security with .PFX

Hello All,
   I am not sure if I am going about this the wrong way so I have come here to bounce this problem off of everyone for a little input!

Here is the situation:
Part of our Intranet contains a Client Database which is regulated by HIPPA Standards. Currently I base permissions to this system based off of the currently logged on user ([domain]\[user]) however, Management would now like to add another layer of security to this model.

What has been proposed is the use of .PFX files (possibly on USB Tokens) so that when employee X uploads or verifies a piece of data, the .PFX cert would be attached to the upload or verification to prove that the user is who they say they are.

Currently I have a Bestoken USB Token which I have installed a .PFX file on and, using their SDK I am able to enumerate through the token and read who the Certificate belongs to albeit I am not prompted to supply the password. (This is by design since I am just reading the name off of the cert and not actually using it to sign anything)

What I am caught up on is that all of the MSDN articles that I have read use certificates stored in the local store to provide authentication, however, this is undesireable since not all of our employees have their own pc. The most desireable endresult would be that the user selected the .PFX file, provided a password, and the document could then be verified.

Does anyone have any experience in doing something like this or any general advice to help me along?

Any help would be greatly appreciated.

================================================== =========
Read this if you want to know how to get a correct reply for your question:
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
================================================== =========
Why can't Programmers, program??
================================================== =========
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
certificate pfx c# gives me an err ".forbidden 403 kalchev ASP.NET 2.0 Professional 1 April 21st, 2009 07:56 AM
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
System.Security.SecurityException: Security error coolcatjk Pro VB.NET 2002/2003 4 March 2nd, 2006 06:00 PM
Security deys C++ Programming 0 February 2nd, 2006 02:33 AM
Security MDrumm Access 9 August 2nd, 2005 10:23 AM

All times are GMT -4. The time now is 02:16 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.