x-no-archive: yes
Hi All:
I'm sort of "new" to doing this so I was wondering if anyone can offer some
additional insight/suggestions.
I've created a web-service that will be receiving some customer-critical
information. I've written both the client application and the web-service.
We need to make sure the data is "non-translatable" as much as possible.
Ultimately, we could use SSL on top of the web-service but in the mean time,
I've decided to use the Cryptography features of .NET 1.1 to send the data
encrypted over the wire using the encryption classes in the Cryptography
namespace. Since it's key-based encryption, I am hardcoding the encryption
key in the application code (rather than storing in a db or config file) and
will be running an obfuscator on the byte code so it will be tougher for
anyone to crack the key. Both the client and web-service will know the key
as well as the specific encryption/decryption algorithm in the Cryptography
namespace. The data going across the wire will be encrypted at all times.
The web-methods themselves will return byte arrays and take in byte arrays.
[WebMethod]
public byte[] getWhatever(int whatever key)
{
// return the data encrypted
}
[WebMethod]
public void SaveWhatever(by te[] encryptedData)
{
//
}
I don't think there's any annotations that can be used that will
automatically encrypt the data...
Please let me know if there are techniques that I can also use in addition
to the above... Not sure about certificates and the digital signatures as
I'm not sure how complex/complicated that would be? I'm wondering if the
method I'm using is sufficient for the most part? I mean, the encryption
routines in the Cryptography namespace are pretty good and hard to crack
from what I have been reading as long as nobody can get the key.
thanks in advance for any other assistance!!!
2  1487 
Hi,
It is possible by using message level security.Find below the link which
provides sample/solution to your query: http://www.c-sharpcorner.com/UploadF...ebService.aspx
--
If my answer helped you,then please do press Yes below.
Thanks and Regards.
Manish Bafna.
MCP and MCTS.
"The Big Fat Sloppy Pig!" wrote:
x-no-archive: yes
Hi All:
I'm sort of "new" to doing this so I was wondering if anyone can offer some
additional insight/suggestions.
I've created a web-service that will be receiving some customer-critical
information. I've written both the client application and the web-service.
We need to make sure the data is "non-translatable" as much as possible.
Ultimately, we could use SSL on top of the web-service but in the mean time,
I've decided to use the Cryptography features of .NET 1.1 to send the data
encrypted over the wire using the encryption classes in the Cryptography
namespace. Since it's key-based encryption, I am hardcoding the encryption
key in the application code (rather than storing in a db or config file) and
will be running an obfuscator on the byte code so it will be tougher for
anyone to crack the key. Both the client and web-service will know the key
as well as the specific encryption/decryption algorithm in the Cryptography
namespace. The data going across the wire will be encrypted at all times.
The web-methods themselves will return byte arrays and take in byte arrays.
[WebMethod]
public byte[] getWhatever(int whatever key)
{
// return the data encrypted
}
[WebMethod]
public void SaveWhatever(by te[] encryptedData)
{
//
}
I don't think there's any annotations that can be used that will
automatically encrypt the data...
Please let me know if there are techniques that I can also use in addition
to the above... Not sure about certificates and the digital signatures as
I'm not sure how complex/complicated that would be? I'm wondering if the
method I'm using is sufficient for the most part? I mean, the encryption
routines in the Cryptography namespace are pretty good and hard to crack
from what I have been reading as long as nobody can get the key.
thanks in advance for any other assistance!!!
x-no-archive: yes
thanks Manish. The article has given me further ideas. It abstracts the
Encryption from my internal classes to the soap header!!!
"Manish Bafna" <Ma*********@di scussions.micro soft.comwrote in message
news:FE******** *************** ***********@mic rosoft.com...
Hi,
It is possible by using message level security.Find below the link which
provides sample/solution to your query:
http://www.c-sharpcorner.com/UploadF...ebService.aspx
--
If my answer helped you,then please do press Yes below.
Thanks and Regards.
Manish Bafna.
MCP and MCTS.
"The Big Fat Sloppy Pig!" wrote:
x-no-archive: yes
Hi All:
I'm sort of "new" to doing this so I was wondering if anyone can offer
some
additional insight/suggestions.
I've created a web-service that will be receiving some customer-critical
information. I've written both the client application and the
web-service.
We need to make sure the data is "non-translatable" as much as possible.
Ultimately, we could use SSL on top of the web-service but in the mean
time,
I've decided to use the Cryptography features of .NET 1.1 to send the
data
encrypted over the wire using the encryption classes in the Cryptography
namespace. Since it's key-based encryption, I am hardcoding the
encryption
key in the application code (rather than storing in a db or config file)
and
will be running an obfuscator on the byte code so it will be tougher for
anyone to crack the key. Both the client and web-service will know the
key
as well as the specific encryption/decryption algorithm in the
Cryptography
namespace. The data going across the wire will be encrypted at all
times.
The web-methods themselves will return byte arrays and take in byte
arrays.
[WebMethod]
public byte[] getWhatever(int whatever key)
{
// return the data encrypted
}
[WebMethod]
public void SaveWhatever(by te[] encryptedData)
{
//
}
I don't think there's any annotations that can be used that will
automatically encrypt the data...
Please let me know if there are techniques that I can also use in
addition
to the above... Not sure about certificates and the digital
signatures as
I'm not sure how complex/complicated that would be? I'm wondering if
the
method I'm using is sufficient for the most part? I mean, the
encryption
routines in the Cryptography namespace are pretty good and hard to crack
from what I have been reading as long as nobody can get the key.
thanks in advance for any other assistance!!!
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Nick Coghlan |
last post by:
GvR has commented that he want to get rid of the lambda keyword for Python 3.0.
Getting rid of lambda seems like a worthy goal, but I'd prefer to see it dropped
in favour of a different syntax, rather than completely losing the ability to
have anonymous functions.
Anyway, I'm looking for feedback on a def-based syntax that came up in a recent
c.l.p discussion:...
|
by: Wm. Scott Miller |
last post by:
Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice that made sense. One comment I've seen
alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine? Do I use code
access security, role based security, ACLs, etc or combination?...
|
by: Rob Meade |
last post by:
Hi all,
I read an article on ASP.Net website the other day which sent me off to this
address :
http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
It gives a good example of how to encrypt a QueryString so that it cannot be
tampered (successfully) with etc, the applications that our organisation has
written use querystrings quite a lot in places, and I would like to adopt
|
by: sk |
last post by:
Hi,
I'm trying to override the Render method of my Page class. Are there any
standard guidelines for this?
Thanks.
Shardul
|
by: BARTKO Zoltan |
last post by:
Hello folks,
First a question and then the rest:
Does the PostgreSQL log contain the stored function calls with all parameters? Or is this something that could be set?
I would appreciate anyone wiser than me to comment on the following:
I am making an app for PostgreSQL (the server). The clients are connecting through the same single user. There is a model of the user organization inside (position hierarchy), each person (virtual...
| | |
by: alberich |
last post by:
I have a problem securing my webservice with Windows authentication.
The goal is a client app transfering (large amounts of) data to a
server which is blocked for anonymous requests.
To do this, the client app asks the user for credentials, build some
NetworkCredential wit them & adds them to the CredentialCache.
When i look at the iis log, each call to my webmethod appears twice in
the log - first try without credentials (which fails with...
|
by: KJ |
last post by:
Hello All,
I have to secure my first real B2B web service. Could you please
provide some guidance as to which method of security I should use. One
caveat is that we will not be using SSL on the server side as per the
networking department. Windows authentication is also probably not an
option, as this web service will be interacting between two separately
located companies. I have read a little bit about passing credentials
in SOAP...
|
by: =?Utf-8?B?QW1tZXI=?= |
last post by:
I've read many incomplete opinions about the "Best Practice" for securely
accessing SQL but what I really need to find the "Best Practice" that fits my
applications needs.
Currently (alpha stage) I am Using a .Net DSN-Less SQLConnection method in
my client program (vb.net) and sending uid/pwd across the network. The
client only
calls upon the stored procedures to access the tables in SQL 2005.
This is a semi commercial application...
|
by: Les Desser |
last post by:
In article
<fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The
Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes
Not sure if I quite follow that.
1. Data encrypted by AES key
2. AES key encrypted with Asymmetric public key (?)
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
