 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / December 2007user public key authentication
I'm wondering if it is possible to use a public key to authenticate a user. I'm trying to make a program that would allow a user to execute a command by using a public key instead of a password. Anyone have any idea if .net can do that? Thanks for your time. How would that work? Public keys are public, so they are known by everyone. When you use PKI in an authentication scenario, you typically use digital signatures (which require access to the private key). The signed data can be validated with the user's public key and can thus prove possession of the private key. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > I'm wondering if it is possible to use a public key to authenticate a > user. I'm trying to make a program that would allow a user to execute > a command by using a public key instead of a password. Anyone have > any idea if .net can do that? > Thanks for your time. On Dec 11, 9:51 pm, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > How would that work? Public keys are public, so they are known by everyone. > [quoted text clipped - 16 lines] > > - Show quoted text - Sorry, I should have been more clear about that. I do want to use a private key (using a public key encryption like RSA). I just was wondering if there is any way to authenticate with that key. I found how easy it was to authenticate a user with the password using a DirectoryEntry object. There I could just pass the username and password to the constructor. Then I could use that same information to run a process with that same user. I didn't see any place to use a key. Thanks. Ah, that's more difficult to do I'm afraid. Typically, when you want to use public key crypto for authentication, you would do so with SSL and client certificate authentication. You can do that programmatically in .NET with the SslStream class if you have a server you can connect to that supports client certificate authentication. In LDAP, it is possible to authenticate via client certificate authentication although this is done automatically with ADSI/System.DirectoryServices. You can't pass in a key or certificate to use. The DC must support SSL as well. With S.DS.Protocols, you can supposedly do client certificate authentication and control the certificate used programmatically, but I think there was a bug preventing some aspect of this from working in the original release of .NET 2.0. Windows SSPI supports authentication with certificates via the schannel provider (which is what SSL in Windows uses under the hood). Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > > Sorry, I should have been more clear about that. I do want to use a [quoted text clipped - 6 lines] > key. > Thanks. On Dec 11, 10:33 pm, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > Ah, that's more difficult to do I'm afraid. Typically, when you want to use > public key crypto for authentication, you would do so with SSL and client [quoted text clipped - 29 lines] > > key. > > Thanks. Thanks for the input. I'm not looking to use SSL, I'm using a different protocol. Is there any examples out there for authenticating a user with a key or a cert? I'm having trouble knowing where to look for info on this. Thanks Can you explain what you mean by this? Why would you not use SSL if you want to do certificate-based authentication? SSL is not limited to protecting HTTP traffic. It can be used to add security to any stream-based network protocol. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > > Thanks for the input. I'm not looking to use SSL, I'm using a > different protocol. Is there any examples out there for > authenticating a user with a key or a cert? I'm having trouble > knowing where to look for info on this. > Thanks On Dec 19, 8:02 am, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > Can you explain what you mean by this? Why would you not use SSL if you > want to do certificate-based authentication? SSL is not limited to [quoted text clipped - 13 lines] > > knowing where to look for info on this. > > Thanks Sure, I am already adding security by using the SSH protocol. I just need to authenticate a user with a cert or a key. Thanks again for the time. Ok then, it sounds like you need to either use the authentication features in SSH (assuming there are some; I don't know it very well) or create your own authentication protocol to layer with the rest of your protocol. I don't think there is anything built in that you can use here. Best of luck! Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > > Sure, I am already adding security by using the SSH protocol. I just > need to authenticate a user with a cert or a key. > Thanks again for the time. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.