Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Securing an ASP.Net application

Reply
Thread Tools

Securing an ASP.Net application

 
 
Xarky
Guest
Posts: n/a
 
      04-26-2005
Hi,
I am writing a web application, and would like to make it secure. By
secure I mean, that the data that is transmitted is not altered, and
if data is stolen the data that they view has no meaning to them.

I was trying to following this link, though I don't know if I am on
the correct path.

http://msdn.microsoft.com/library/de...SecNetHT16.asp

Also on that link I am finding a problem. In the part To Generate a
certificate request, in the Directory Security tab, the Server
Certificate is unavailable for all type of files and directories.

Can someone give me further help.
Thanks in Advance
 
Reply With Quote
 
 
 
 
swat
Guest
Posts: n/a
 
      04-26-2005
SSL provides authentication, private communication (traffic between
client and server is encrypted), and data integrity (ensures that data
has not been tampered with during transmission). So to answer your
first question: You are NOT on the wrong track by choosing SSL.

Server certificates are set up on a per website basis, and not on
virtual directories, files, or folders.

Did you select a website before opening the properties dialog box?

 
Reply With Quote
 
 
 
 
xarky d_best
Guest
Posts: n/a
 
      04-27-2005
Hi,

I am doing as follows.

Control Panel -> Administrative Tools -> Internet Information Services

I open the MyComputer Icon->WebSites->MyProject and then select an aspx
file. I right click on this file, but the tab Directory Security is not
found.

The Tabs I have available are:
File, File Security, Http Headers, Custom Errors.

In the File Security, within Secure Communications, there is a Server
certificate, but this is also disabled.

What should my problem be?

I am using Windows XP Professional SP2.
Internet Information Services - Version: 5.1
Microsoft Dot Net Framework 1.1

Can someone help me out.
Thanks in Advance

*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
swat
Guest
Posts: n/a
 
      04-27-2005
Hi xarky d_best,

You are selecting a file instead of a website.

In your case of "MyComputer Icon > WebSites > MyProject", MyProject
would be the web site, unless you skipped listing "Default Web Site" in
your path (MyComputer Icon > WebSites > Default Web Site > MyProject).

If MyProject is a web site, you must right click on it (do not select a
file under it first), select Properties, click on Directory Security
tab and continue with the settings as described in the document on
MSDN. The first tab selected in the properties dialog box when you open
it should have the title "Web Site" and not "Virtual Directory",
"Directory", or "File".

If MyProject is not a website, but a virtual directory or directory,
you must set up a web site to run your project under of use the
"Default Web Site" if MyProject is listed under it.

HTH

 
Reply With Quote
 
swat
Guest
Posts: n/a
 
      04-27-2005
Hi xarky d_best,

You are selecting a file instead of a website.

In your case of "MyComputer Icon > WebSites > MyProject", MyProject
would be the web site, unless you skipped listing "Default Web Site" in
your path (MyComputer Icon > WebSites > Default Web Site > MyProject).

If MyProject is a web site, you must right click on it (do not select a
file under it first), select Properties, click on Directory Security
tab and continue with the settings as described in the document on
MSDN. The first tab selected in the properties dialog box when you open
it should have the title "Web Site" and not "Virtual Directory",
"Directory", or "File".

If MyProject is not a website, but a virtual directory or directory,
you must set up a web site to run your project under or use the
"Default Web Site" if MyProject is listed under it.

HTH

 
Reply With Quote
 
xarky d_best
Guest
Posts: n/a
 
      04-27-2005
Hi,
Under My Web Sites folder, I have the Default Web Site

-Web Sites
- Default Web Site
+ IIS Help
+ Printers
+ aspnet_client
+ MyProject

Right-Cliking on MyProject, the Server Certificate under the Security
tab is disabled.

Right-Cliking on Default Web Site, the Server Certificate under the
Securtiy tab is enabled. Should I continue to follow the instructions
from here?

Thanks

*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
swat
Guest
Posts: n/a
 
      04-27-2005
Yes.

Another option is to create a new web site, host your application under
it, and set up SSL for the new web site.

Note: You can have only one server certificate per web site.

 
Reply With Quote
 
xarky d_best
Guest
Posts: n/a
 
      04-28-2005
Hi,
How can I create my own Web Site, and then put my project into.

Also, following the instructions, there seems to make a request to a CA.
Does this generally take long?

After following all those steps given in that link, should that all be
the process of securing my web application.


Thanks for all your help.



*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
swat
Guest
Posts: n/a
 
      04-28-2005
Sorry. I forgot you were using Win XP. I don't think you can create
multiple web sites on Win XP. Check out this link for a possible
workaround:
http://dotnetjunkies.com/WebLog/mjor...2/30/5033.aspx

You need Microsoft Certificate Services installed on a computer on your
network to be able to generate your own certificates, which don't take
long to generate.

After following the steps, you would have set up SSL for your
application. And since your requirement was "secure communication", SSL
would cover this.

 
Reply With Quote
 
swat
Guest
Posts: n/a
 
      04-28-2005
Sorry. I forgot you were using Win XP. I don't think you can create
multiple web sites on Win XP. Check out this link for a possible
workaround:
http://dotnetjunkies.com/WebLog/mjor...2/30/5033.aspx

You need Microsoft Certificate Services installed on a computer on your
network to be able to generate your own certificates, which don't take
long to generate.

After following the steps, you would have set up SSL for your
application. And since your requirement was "secure communication", SSL
would cover this.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing a Java Application Francesco Java 2 01-31-2007 10:14 PM
having trouble securing my wireless laptop FireBrick Wireless Networking 2 08-10-2004 12:37 PM
Securing a ASP web application Graeme Coutts ASP General 1 06-14-2004 10:40 PM
Please help: Forms authentication - securing folders in application Jurjen de Groot ASP .Net 0 01-30-2004 03:40 PM
Securing Web application Ricky Java 2 08-26-2003 06:26 AM



Advertisments