SSL in ASP.NET
-
hi i need to implement an e-commerce site, i can do all the stuff of the invitation already (i hope...). but, i want to use SSL to secure the data entered in the Invitaion Form (Credit card etc.) i know i need to do something with the directory in IIS, but not shure. i want to know what are the steps to secure ASP.NET form with SSL. (any links to related site its great !) Thanks, Yair Cohen smallfish@walla.co.il
-
hi i need to implement an e-commerce site, i can do all the stuff of the invitation already (i hope...). but, i want to use SSL to secure the data entered in the Invitaion Form (Credit card etc.) i know i need to do something with the directory in IIS, but not shure. i want to know what are the steps to secure ASP.NET form with SSL. (any links to related site its great !) Thanks, Yair Cohen smallfish@walla.co.il
You can generate an SSL certificate request in IIS by right-clicking on the web site you want to generate a request for in the IIS manager, selecting the "Directory Security" tab, and click the "Server Certificates". Follow the directions to generate a request. Then you submit this request to a certificate authority like VeriSign or Thawte (owned by VeriSign but cheaper with the same grades of encryption). After they sign your certificate (might take a couple days), go back into IIS. Click that button again and follow the directions to add your signed certificate. This is how you would generate one that browsers will accept by default. If you need a test certificate, you can generate one yourself. See my (old) article at http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=209[^]. Browsers without your CA installed (they come with default CAs installed most times) will prompt your users, so I wouldn't use this in a public production server.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
-
You can generate an SSL certificate request in IIS by right-clicking on the web site you want to generate a request for in the IIS manager, selecting the "Directory Security" tab, and click the "Server Certificates". Follow the directions to generate a request. Then you submit this request to a certificate authority like VeriSign or Thawte (owned by VeriSign but cheaper with the same grades of encryption). After they sign your certificate (might take a couple days), go back into IIS. Click that button again and follow the directions to add your signed certificate. This is how you would generate one that browsers will accept by default. If you need a test certificate, you can generate one yourself. See my (old) article at http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=209[^]. Browsers without your CA installed (they come with default CAs installed most times) will prompt your users, so I wouldn't use this in a public production server.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
thanks. but this is what i do in IIS. ok. do i need to do something in my ASP.NET code ? or its automaticly ?
-
thanks. but this is what i do in IIS. ok. do i need to do something in my ASP.NET code ? or its automaticly ?
ASP.NET doesn't care (it's automatic) because the SSL handshaking is done before the HTTP connection is established, and any communication is both encrypted before being sent out and decrypted before being received by such things like ASP.NET. It still sees everything as it would had it been non-encrypted because, by the time ASP.NET gets it, it isn't encrypted anymore - just encrypted over the wire.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----