P. 1
security

security

|Views: 58|Likes:
Published by Phani Thota
security
security

More info:

Published by: Phani Thota on Feb 02, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/08/2014

pdf

text

original

Capture the user’s credentials.

Validate the user’s credentials against a custom data store such as a SQL Server

database.

Retrieve a role list, construct a GenericPrincipal object and associate it with the

current Web request.

Replace HttpContext.User with custom IPrincipal or GenericPrincipal

The Principal object (Windows or Generic) which represents the authenticated user can be used for
subsequent .Net Role checks

Manual : By calling the IPrincipal.IsInRole method

Declarative role checks –using the PrincipalPermission

Imperative role checks -using thePrincipalPermission

38

ER/CORP/CRS/NE-PRBRIDGE-ED92/003

Cryptography

Cryptography helps protect data from being viewed or modified and helps
provide a secure means of communication over otherwise insecure
channels

Cryptography is used to provide the following:

Confidentiality
Dataintegrity
Authentication

Cryptography helps protect data from being viewed or modified and helps provide a secure means
of communication over otherwise insecure channels

Cryptography is used to provide the following:

Confidentiality. To ensure data remains private. Confidentiality is usually achieved using
encryption.

Dataintegrity. To ensure data is protected from accidental or deliberate (malicious) modification.
Integrity is usually provided by hashes.

Authentication. To assure that data originates from a particular party. Digital certificates are used to
provide authentication.

The System.Security.Cryptographynamespace in .Net provides cryptographic services, including
secure encoding and decoding of data, hashing, random number generation, and message
authentication

39

ER/CORP/CRS/NE-PRBRIDGE-ED92/003

Cryptography (Contd)

•This slide is left blank for notes continued from previous page

Encryption-Process of transforming information so that it is unintelligible to anyone but the
intended recipient.

Decryption-Process of transforming encrypted information so that it is intelligible again.

Cipher text :Encrypted messages are called cipher text.

Cryptographic Algorithm-also called a cipher, is a mathematical function used for encryption or
decryption like RSA.

Symmetric Key Encryption –Same key is used to encrypt and decrypt

Asymmetric Key Encryption -Two keys are used. One for encryption and the other for decryption.
Any one can be used to encrypt or decrypt. If one encrypts, onlythe other key can decrypt.

Hashing Algorithm –Is a mathematical function, when acted upon a text(message) will produce a
hash, which is supposed to be unique.

IV(usedassalt) : Takes Input Block size and Generates SHA-1 hashed value by taking
systemtimeandarandomlyselectednumberinput (arandomnumbertomakeitalittlehardertofin
doutwhentheIVwasgenerated).Aplainrandomnumberdoesn'tcontainletters,soahashipreferre
dasapseudorandom generator.
Output:Returnsthenumberofcharsasblocksize

40

ER/CORP/CRS/NE-PRBRIDGE-ED92/003

Symmetric Cryptography Overview

Binary “ciphertext”

(byte array/stream)

Encrypt

Encrypt

Encode

Encode

Binary “plaintext”

(byte array/stream)

Decrypt

Decrypt

Binary “plaintext”

(byte array/stream)

Decode

Decode

Your Data

Your Data

Encryption

Binary “ciphertext”

(byte array/stream)

Decryption

Key

Same key used to encrypt and decrypt data

Problem: exchanging keys

System.Security.Cryptographynamespace provides classes for the below Symmetric Algorithm
implementation.

DES (Data Encryption Standard)

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->