I have a graphical user interface for my company product.
I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? if yes, Please can some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
Any help is appreciated. thanks..
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text;
string role = "Administrators";
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
I am not sure how secure this is?? any suggestions.
It is the only sensible one
Assuming you are dealing with a browser (as opposed to your own client applications that then communicates with the server via HTTP). You don’t go near your application code with SSL (other than making sure your URIs are https ones).
You just install an SSL cert on the server.
You can produce a self-signed cert, but this will generate scary warnings about trust in the user’s browser. If the users are technically savvy or you have the resources to install the cert (and mark it as trusted) on all the clients before hand, this is fine. Otherwise you probably should buy one.