Using client certificates in .NET part 4: working with client certificates in code

Introduction

In the previous post we discussed how to install certificates into the certificate store. We looked at the tool mmc.exe and its certificate handler snap-in. We also inspected the imported certificates visually and verified that the client certificate is valid.

In this post we’ll see a couple of examples how to work with client certificates in code.

Read more of this post

Using client certificates in .NET part 3: installing the client certificate

Introduction

In the previous post we looked at two tools that help you create self-signed certificates: makecert.exe and pvk2pfx. Makecert performs the bulk of the certificate creation process and pvk2pfx is a packaging tool to build pfx files. Pfx files are easy to import into the certificate store. We also created a root certificate and derived a client certificated from that root. We therefore applied the idea of the chain of trust: if we trust the root then we also trust all its derived certificates.

In this post we’ll import the client certificate into the certificate store.

This process is very similar to importing the server side (SSL) certificate. We saw that process in this post.

certmgr and MMC snap in

The c:\windows\system32 folder includes two GUI tools for certificate management: certmgr.msc and mmc.exe. MMC.exe is a more general tool where you can import so-called snap-ins. Certificates have their own snap-in.

Run mmc.exe as an administrator. The following empty window will open:

Read more of this post

Using client certificates in .NET part 2: creating self signed client certificates

Introduction

In the previous post we went through a short introduction on client side certificates. We said that client certificates are used by web clients to strongly authenticate themselves. Client certificates can provide an extra step in the authentication process to tighten security.

In this post we’ll see how to create self-signed client certificates for testing using a tool called makecert.exe.

The process of creating client certificates on your local machine is almost identical to how we generated server side certificates in the series in this series.

Read more of this post

Using client certificates in .NET part 1: introduction

Introduction

Digital certificates play a crucial role in web security. If you work as a web developer then you’ve probably come across at least some security related project where you had to deal with certificates in code.

Certificates come in a couple of different versions depending on their function, the most pervasive of which probably being server side ones for SSL connections. We’ve gone through server side certificates in some detail before on this blog starting here. In this series we’ll concentrate on client certificates and see what role they can play in web security. Most of the material on server side certificates, especially the first 2 posts are also relevant for this discussion.

It’s important to note already now that you can combine a number of security levels and solutions in your projects:

  • You can have the traditional forms based authentication. You can read about it on this blog here and here.
  • Custom authentication. Here‘s a series dedicated to custom auth in Web API 2 as an OWIN/Katana component
  • Server-side certificates, see the reference above
  • Client-side certificates, to be discussed in this series
  • Various techniques related to cryptography, such as asymmetric encryption. You can check out the section called “Security and cryptography” on this page for inspiration.

…and there are probably many more options not listed here. The point is that these techniques can be combined, you are not restricted to just using one of them.

Read more of this post

Wiring up a custom authentication method with OWIN in Web API Part 5: abstracting away the auth logic

Introduction

In the previous post we built the necessary OWIN components for our custom authentication logic: the middleware and the extension method that’s attached to the IAppBuilder object. We also diverged a little and discussed how to use the Use extension method to inject the necessary objects into the constructor of the middleware class.

In this post we’ll extend PinAuthenticationHandler so that the actual authentication logic can be easily changed.

Read more of this post

Wiring up a custom authentication method with OWIN in Web API Part 4: putting the components to work

Introduction

In the previous post we built two important components around the custom authentication logic. First off, we wrote a very simple implementation of the abstract AuthenticationOptions class where we only declared the name of the authentication mode. You can anyway add any extra property and overloaded constructors as you wish to this class. Then we built the custom authentication handler, i.e. PinAuthenticationHandler which derives from the abstract AuthenticationHandler class.

In this post we’ll add a couple more components specifically to add our authentication handler to the OWIN chain. We’ll also test the authentication logic.

Read more of this post

Wiring up a custom authentication method with OWIN in Web API Part 3: the components

Introduction

In the previous post we looked at HTTP headers in code. We saw how to collect the headers from a request and a response and how to check for the presence of a certain header type. We also built a simple tester C# console application that sends a web request to our Web API controller and sets the necessary custom authentication header.

In this post we’ll start building the components necessary for the OWIN middleware.

Read more of this post

Wiring up a custom authentication method with OWIN in Web API Part 2: the headers

Introduction

In the previous post we discussed the main topic of this series and started building a demo application with a single Customers controller. The goal of this series is to show how to register your custom authentication mechanism with OWIN as a Katana component.

In this post we’ll be concentrating on the request headers. We’ll also see a couple of functions that will later be part of the OWIN middleware when we’re ready to convert the code.

Read more of this post

Wiring up a custom authentication method with OWIN in Web API Part 1: preparation

Introduction

There are a number of authentication types for a web project: basic -i.e. with username and password -, or token-based or claims-based authentication and various others. You can also have some custom authentication type that your project requires.

In this short series we’ll go through how to wire up a custom authentication method in a Web API project. We’ll see the classes that are required for such an infrastructure. We’ll also discuss how to wire up these elements so that the custom authentication mechanism is executed as part of the chain of Katana components.

Read more of this post

Encrypt and decrypt plain string with triple DES in C#

We looked at encryption mechanisms in details on this blog – refer to the link at the end of this post. This is only a quick extension showing how to encrypt a plain string using Triple DES.

Consider the following method which encrypts a plain string with a key a cipher mode ECB:

Read more of this post

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: