custom authentication
-
hello, I want to use custom authentication in my web service project. I use asymetric cryptography for loging on the clients. if its OK. I use symmetric cryptography. In brief like that: 1.clients requests the public key of asymetric cryptography from server. 2.server generates and returns it to the client. 3.client encrypts its username, password and the symmetric cryptography's public key and IV and sends them to the server. 4.Server decrypts and authenticates the username and password. if its OK, generates a GUID ticket and encrytp the ticket using the clients public key and IV and sends it to the client. 5.When client calls a webmethod, it send the encrypted ticket and server authenticates the ticket. I have doupts about the safety of this system. Can any other person access to the ticket and call a webmethod by using this ticket. What should ı do more?
-
hello, I want to use custom authentication in my web service project. I use asymetric cryptography for loging on the clients. if its OK. I use symmetric cryptography. In brief like that: 1.clients requests the public key of asymetric cryptography from server. 2.server generates and returns it to the client. 3.client encrypts its username, password and the symmetric cryptography's public key and IV and sends them to the server. 4.Server decrypts and authenticates the username and password. if its OK, generates a GUID ticket and encrytp the ticket using the clients public key and IV and sends it to the client. 5.When client calls a webmethod, it send the encrypted ticket and server authenticates the ticket. I have doupts about the safety of this system. Can any other person access to the ticket and call a webmethod by using this ticket. What should ı do more?
cezeri wrote: I have doupts about the safety of this system. Why? It sounds 'safe' to me. top secret
Download xacc-ide 0.0.6 now!
See some screenshots