Click here to Skip to main content
15,038,467 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Is it necessary to add a digital signature for a web page submission that is logged in using user credentials.
Posted
Comments
Sergey Alexandrovich Kryukov 22-Oct-12 17:00pm
   
It depends. What is "web page submission", exactly?
--SA
Srivikas 23-Oct-12 0:51am
   
A person has to submit his time-sheet details by filling in the form that is present in our web page. When he clicks the submit button, his digital signature is to be attached along with his time-sheet details
   
Got it. Answered.
--SA

1 solution

After clarification: it does not have to do much with the application type, ASP.NET or not. This is more about key distribution and encryption. All you need to understand is how public-key cryptography works:
http://en.wikipedia.org/wiki/Public-key_cryptography[^].

As to the code, all you need is implemented in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm.aspx[^].

[EDIT]

Please understand that the purpose of certificate is completely different.

You need to decide by yourself on certification of the site/page. Please see the discussion in my comment below. If you use certificate authority the user can trust, you need to pay fee. Please see:
http://en.wikipedia.org/wiki/Public_key_certificate[^],
http://en.wikipedia.org/wiki/Certificate_authority[^].

Basically, when a user loads an HTTP page, the Web browser checks up the certificate against the certificate list registered in the system. The system stored only top-level authorities. To check up your certificate, it follows the chain of issuers (each certificate should provide the URI of its issuer, it the URI of the issuer is the same as the one of the certificate itself, it's a top-level one). The user can add custom top-level certificate, something trusted by its user. So, you need to pay the issuer of the certificate, which is only used to confirm that your site is authentic, same as the one used in certification.

In this procedure, the user gets the evidence of authentic site the way which can not be faked. Why it cannot be faked — please refer to the first link and apply some logic.

That's basically it.

Good luck,
—SA
   
v2
Comments
Srivikas 23-Oct-12 2:37am
   
Thank you Sergey Alexandrovich for your quick response. I just want to know if it is necessary to attach a digital certificate for my form submission. It is not confidential matter. It just needs to be filled by the employee himself. So, is it appropriate to keep two way authentication i.e login credentials and digital certificate or one of them is enough?
Sergey Alexandrovich Kryukov 23-Oct-12 14:26pm
   
Digital certificate? Possibly, but the purpose of this is different -- this is the way your user could be sure that the HTTPS site performing key exchange can be trusted. This is done via self-certificate, but only if you are well familiar with the client and/or have another channel to send certificate for comparison, in other cases, it's done via certificate authorities. I'll add it to the answer...
--SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900