English 中文(简体)
• 如何使用因特网代码中的X509证书
原标题:How to operate with X509 certificates in .NET code

我有一些守则需要与X509证书资料合作。 我下载了一个样本:

const string CertWithoutPrivateKey = "MII....";
const string CertWithPrivateKey = "MII...";

public static SecurityToken GetSigningToken(bool includePrivateKey)
{
    X509Certificate2 cert = null;
    if (includePrivateKey)
    {
        cert = new X509Certificate2(
            Convert.FromBase64String(CertWithPrivateKey), 
            "pw", X509KeyStorageFlags.PersistKeySet);
    }
    else
    {
        cert = new X509Certificate2(
            Convert.FromBase64String(CertWithoutPrivateKey));
    }
    return cert;
}

该法典需要能够与私人钥匙接触。 2. Saml2Authentication 模块(从《SAML2.0议定书》的WIF延伸到)依靠这一私人钥匙来解脱从SAML识别供应商发送的加密信息。

我不知道证书或加密,但在我看来,将证书硬化为一类并不可靠。

www.un.org/Depts/DGACM/index_spanish.htm 因此,我的法典应如何把ert子与私人钥匙重新联系起来? Afaik,这部法律只是一个时间来评估启动(很可能也是在回收池之后)。

我可以:

  1. Store the cert as an appSetting in config file. As long as appSettings are config encrypted, is this secure?
  2. Store the cert in a database.
  3. Store the cert as a file in bin/App_Data. Afaik this means it could not be read over the web, but would be in plain view to anyone who can access the host server. Imo if someone can get into my server, letting them read this cert is probably the least of my worries.

是否有任何其他选择? 本案最合适些什么?

最佳回答

我不敢肯定世界投资论坛是如何做到的(你可能利用反光镜来了解它如何与证书库互动的内部),但正如你在国际投资协议的主办申请中使用世界投资论坛一样。 如果是, WIF应当照顾到您的所有证书互动。 你必须保证:

  1. The identity model configuration section set up with references to the thumbprint of the certificate you are using to either encrypt or verify the digital signature of the token.
  2. The certificate needs to be registered in IIS
  3. The application pool s hosting identity needs to have permission to "read" the certificate to extract the private key information (see the accepted answer here)
时间:2012-01-14 16:16:50
问题回答

具有私人钥匙或没有私人钥匙的证书可节省到用户或计算机的X509储存。 这已经建立了“视窗”安全,应当足够。 您可以使用证书的<代码>mmc,在储存和管理证书上添加证书。

例如,提及证书,其名称或thumbnail,可以保存到公交档案中,并用于检索证书。 检索情况如下:

public static X509Certificate2 GetCertificate(string name)
{
    try
    {
        X509Store store = new X509Store (StoreLocation.LocalMachine);
        X509Certificate2Collection collection = store.Certificates;
        foreach (X509Certificate2 x509 in collection)
        {
            if (x509.FriendlyName.Equals(name)) 
            {
                return x509;
            }
        }
    }
    finally
    {
        store.Close();
    }
    return null;
}

使用<代码>Find进行收集是另一个(更清洁的)查询证书的方法。

时间:2012-01-14 16:33:16


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Transaction handling with TransactionScope

I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...

时间:2009-11-05 09:45:28 回答:1 展示:1
System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

时间:2009-11-05 09:38:39 回答:2 展示:1
Microsoft.Contracts namespace

For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?

时间:2009-11-05 09:36:09 回答:2 展示:1
Separator line in ASP.NET

I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!

时间:2009-11-05 09:27:29 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全