How to use digital signature in login

Question

0.00/5 (No votes)

See more:

I want to implement Digital Signature Login in my ASP.net project .
Can someone help me regarding this? Below is some detail about what i actually need.

1 step-->Register client Digital Signature(DS)in database.
2 step-->Login using Digital signature.

My all client will have digital signatures.
I want to make a webform where all client will enter their username and password
after entering username and password they will plug their etoken(Digital Signature)
I want to extract the info from DS and store it in my server database.(This is one time process)

Next time when they want to login the application they have to provide Digital Signature which I will verify that info with Database.
But here my question is that any third person having my client DS can also login how to prevent him from login.(How to find that the person with DS is my client only??

Posted 22-May-14 21:36pm

EliteBrain

Add a Solution

Comments

Prasad Khandekar 23-May-14 5:29am

Hello,

Are you talking of digital signatures as explained here (http://en.wikipedia.org/wiki/Digital_signature), if so then unfortunately this not possible without a client side active-x/applet. The DOMCrypt W3C standard is still in draft stage. IE leverages CAPICOM where as Mozilla guys depends upon window.crypto. For IE & FF you can try using js-signer (https://github.com/Glamdring/js-signer).

And don't worry about digital signature getting stolen, the private key used by client is typically password protected by the end-user and hence unless other person has the private key and the password he/she will not be able to use the stolen keys alone. Now if the end user is not password protecting the private keys then no body can help him/her and on the server side you will not be able to distinguish the real user from fake user.

Regards,

EliteBrain 30-May-14 2:00am

Hi prasad thanks for your reply,
I tried github js-signer and its working.
but the thing is that i want to extract PublicKey and Subject name from Certificate.
After getting this info from certificate then i will store it in database..
Can you please tell me how to extract public key and Subjectname from certificates using capicom

Prasad Khandekar 5-Jun-14 5:14am

Hi,

Please have a look at this article. (http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c16491/Working-with-Digital-Certificates-in-NET.htm)

Regards,

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)