February 19, 2007 at 8:05 am
Hi. Lets say i have an asp.net site wtih forms authentication, where the username and password are checked against values stored in a table, all done via https so the password data cant fall into the wrong hands. once the user is authenticate this is my idea:
each user has a status, stored in the status column of the users table : Admin or RegularUser.
if the user status is an Admin, and clicks on something that returns encrypted data, a sproc checks the user has admin status and uses impersonation to impersonate a login that has control to use the encryption key that encrypted the data. so the data is returned unencrypted.
is this a valid way of using encryption via asp.net, or are their security issues?
February 20, 2007 at 3:40 am
type encryption into the search bar, there are many articles that will get you started.
February 20, 2007 at 4:54 am
i have done this ages ago,and this is what gave me my current knowledge of encryption. i can encrypt columns and set them to be viewable by only certain logins, however i cant bridge the gap between using this in sql server managment studio and in an asp.net web site.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply