Click here to Skip to main content
15,125,547 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I want to implement Digital Signature Login in my ASP.net project .
Can someone help me regarding this? Below is some detail about what i actually need.

1 step-->Register client Digital Signature(DS)in database.
2 step-->Login using Digital signature.

My all client will have digital signatures.
I want to make a webform where all client will enter their username and password
after entering username and password they will plug their etoken(Digital Signature)
I want to extract the info from DS and store it in my server database.(This is one time process)

Next time when they want to login the application they have to provide Digital Signature which I will verify that info with Database.
But here my question is that any third person having my client DS can also login how to prevent him from login.(How to find that the person with DS is my client only??
Posted
Comments
Prasad Khandekar 23-May-14 5:29am
   
Hello,

Are you talking of digital signatures as explained here (http://en.wikipedia.org/wiki/Digital_signature), if so then unfortunately this not possible without a client side active-x/applet. The DOMCrypt W3C standard is still in draft stage. IE leverages CAPICOM where as Mozilla guys depends upon window.crypto. For IE & FF you can try using js-signer (https://github.com/Glamdring/js-signer).

And don't worry about digital signature getting stolen, the private key used by client is typically password protected by the end-user and hence unless other person has the private key and the password he/she will not be able to use the stolen keys alone. Now if the end user is not password protecting the private keys then no body can help him/her and on the server side you will not be able to distinguish the real user from fake user.

Regards,
EliteBrain 30-May-14 2:00am
   
Hi prasad thanks for your reply,
I tried github js-signer and its working.
but the thing is that i want to extract PublicKey and Subject name from Certificate.
After getting this info from certificate then i will store it in database..
Can you please tell me how to extract public key and Subjectname from certificates using capicom

Prasad Khandekar 5-Jun-14 5:14am
   
Hi,

Please have a look at this article. (http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c16491/Working-with-Digital-Certificates-in-NET.htm)

Regards,

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900