I have a web application based on C#,asp.net.
In application i generate an xml file that contents journal records.
Admin user must sign this xml file with his usb token.
In windows application i can read usb token certificate file and i can sign the xml file.
But in web application i execute the same code and i get an this error:
"Card inserted card reader not found".
How can i access on client usb token and certificate from ny web application?
Is there anyone using electronic signature on web application?
There is no easy solution. You have to create ActiveX control or Java applet and install it on client machine. That is how my internet banking works.
The usual and the easiest way is to let the users upload a scanned copy of their signatures. The application should then save it somewhere (database or some folder on the server). Whenever required, these users should be able to use their signatures. It then automatically becomes electronic signature. Just properly authenticate and authorize users before letting them use the electronic signatures.
Hope this helps!!
Related
I'm basically trying to encrypt a file within the UWP app that will be saved to OneDrive (already have successful code on saving file to OneDrive location) so that the same user can then load that file into another copy of the same app that is installed on a different Windows PC/Device or within the same app on the same PC (already have successful code on restoring the file into app on different and same device) but have it decrypt automatically for that specific user so that their data is secure while stored in OneDrive. I don't want another logged in user on the same or different PC to be able to restore the file into their copy of the app if it did not originate from their app. Any actual code would be greatly helpful. I just need code to encrypt a storagefile within the storagefolder so that the app uses a key or some sort of descriptor for the current Microsoft account that obtained the app from the store across all devices that same user installed the app on. I do not have any code for the encryption as I do not know where to begin.
For data protection, you could refer to Data protection document, it tells how to use the DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace to encrypt and decrypt digital data in a UWP app. The document contains segment code that you could use directly.
I don't want another logged in user on the same or different PC to be able to restore the file into their copy of the app if it did not originate from their app.
OneDrive file could be accessed by the specific user, it will not restore the file for other users, it is security for protecting user's data.
I am developing an outlook plugin.I want use one drive API's in it.I easily got the client Id and client secret for using API's for one drive personal accounts.But, when I registered my application for one drive business API's in azure active directory, it created only a client Id for me, but didn't create any
client secret.I chose native app while registering, as my app is a native app.I can't authenticate the user without the client secret.Please let me know , how to get the client secret?Thanks in advance.
Create Application and click on keys. Add some description and expiry as required and Click Save. Key will be auto generated. Make sure you copy and save the Key else it will be hidden.
Native clients don't have any secrets associated to them - given that they are meant to run on devices, it is assumed that they would not be able to protect a secret. Native clients use the clientID for indicating the client app, but the authentication is always done by involving a user identity in the process. If you pick any of the native client samples in http://github.com/azureadsamples you will see how the clientid is enough to trigger user auth.
Once you move off the page after saving your information, you cannot get the client secret from the Azure website. You need to create a new secret and when you click save, immediately go and copy the secret and store it securely. This is the only time it is available from the Azure website.
Let me explain my dilemma. I am writing an ASP.NET web application that is supposed to let a logged in user download my client-side Windows executable file. Before such file is downloaded the web app changes some strings inside the .exe file (by modifying the exe file image with the user selection).
I am now looking into a way to digitally sign this executable file with my code signing certificate. The problem is that to do this I need to run it through the Microsoft's signtool that requires either an installed digital certificate on the server where the web app is running from, or that I provide the .pfx file that contains my private key.
This bring up two issues:
If I go with installing my digital cert on the server, then anyone can use it to sign any executable off that server (which I would prefer to avoid.)
If I choose to upload the exported Personal Information Exchange (PFX file) for my certificate, I can protect it with a password, but signtool will require that password to sign my exe file, which it will need in a plain text form. So I will need to store the password somewhere, which is not that safe either.
Any suggestions, how shall I overcome these?
If you plan to use number 2, you can look into using SecureString to encrypt your password. You still need to initialize SecureString with the plain password for which you have two secure options.
Provide the string manually through a webpage (use SSL to protect this page from MITM attacks). This is the most secure option but it has a tradeoff that You have to provide the password every time app starts. Or,
Create a web service on a different server that will return this plain password (again communicating over SSL). This is not full proof because if the web service's server is compromized, your password is gone. However, by distributing risk into multiple servers, you make the job harder for hacker to break the security of the system.
Our customer needs an application that allows them to input an address and be returned a Google Map HTML file that the user will save to the local file system. The desktop application is written in C# and geocodes the address using the Google Geocoding API. The result is rendered on a Google Maps HTML file that is written to the local machine. My company has purchased a commercial Google API key, however I don't see that we can use it in this scenario, as the domain will be unknown (We won't know where the user chooses to open the file at). The HTML file will not be stored in a publicly available location. Is an API key required? Would we be in any way breaching the TOS?
Here is my scenario:
I have a client application running outside the domain, on a computer outside the domain.
My application needs to prompt the user to login with smart-card, and use the x.509 certificate on the card to authenticate against active directory.
While I did find some libraries that give access to the smartcard, I can't seem to find the right API to extract the certificate from the smart card (or from the store), and validate it against the AD.
Also, I am kind of lost on the many differnet libraries and framework: WCF, WSE (kerberos, x.509?), cryptoAPI etc.
To make my question focuesd: what would be the best direction in order to allow a user to login to a domain from my client application?
Thanks!