Google Groups Home
Help | Sign in
Ajax.NET Professional
Home
+ new post
Pages
Files
About this group
Join this group
Encrypt your AJAX traffic using Microsoft Silverlight and Ajax.NET Professional
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post will appear after it is approved by moderators
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Michael Schwarz  
View profile
  More options Nov 13 2008, 4:57 pm
From: "Michael Schwarz" <michael.schw...@gmail.com>
Date: Thu, 13 Nov 2008 16:57:48 +0100
Local: Thurs, Nov 13 2008 4:57 pm
Subject: Encrypt your AJAX traffic using Microsoft Silverlight and Ajax.NET Professional
Reply | Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
Some of you maybe remember that I had added some security related
features in Ajax.NET Professional. It is possible to put an AJAX token
or to simple encrypt the data that gets over the lines. With
Silverlight we get the System.Security.Cryptography namespace on the
client – before it was not very easy to encrypt a string without any
plug-in (well, there are some implementations of Blowfish available in
JavaScript).

I have created a very simple demo that is showing how to implement
cryptography in Ajax.NET Professional.

First we have to create the encryption methods and implement an
AjaxSecurityProvider:

    public override string Encrypt(string json)
    {
        return Security.Encrypt(Security.GetHashKey("hans"), json);
    }

    public override string Decrypt(string jsoncrypt)
    {
        return Security.Decrypt(Security.GetHashKey("hans"), jsoncrypt);
    }

With Silverlight you're able to use the html bridge between JavaScript
and managed .NET code. You'll find an example in the Silverlight
Quickstarts. The Silverlight C# code looks likes this:

    public class ScriptableManagedType
    {
        // Note: static methods are not allowed

        [ScriptableMember]
        public string Encrypt(string text)
        {
            return Security.Encrypt(Security.GetHashKey("hans"), text);
        }

        [ScriptableMember]
        public string Decrypt(string text)
        {
            return Security.Decrypt(Security.GetHashKey("hans"), text);
        }
    }

With the html bridge and some client-side code you're able to encrypt
strings in JavaScript with the help of System.Security. In the
AjaxSecurityProvider created above you have to override the
ClientScript property to let Ajax.NET Professional encrypt the JSON
strings using Silverlight:

    public override string ClientScript
    {
        get
        {
            return @"AjaxPro.cryptProvider = {
        encrypt : function(s) {
            var SLPlugin = document.getElementById(""Xaml1"");
            var strOut = SLPlugin.Content.SL_SMT.Encrypt(s);
            return strOut;
        },
        decrypt : function(s) {
            var SLPlugin = document.getElementById(""Xaml1"");
            var strOut = SLPlugin.Content.SL_SMT.Decrypt(s);
            return strOut;
        }
    };";
        }
    }

Hey, that's everything you have to do to add encryption to your
Ajax.NET Professional enabled Web sites. There is no source code
change needed in your files except of including the Silverlight
control.

Look at the screenshot from Fiddler using this example:
http://weblogs.asp.net/mschwarz/archive/2008/11/13/encrypt-your-ajax-...

In my example I'm using "hans" as password which, of course, is not
the way it should be implemented later (have in mind that it is very
easy to analyze the Silverlight files and use .NET Reflector to get
the password there). What could be used is the IsolatedStorage to
enter once the password that you get i.e. by mail when you register
first time on the Web site.

Download the example project here:
http://www.ajaxpro.info/download/AjaxProAndEncryption.zip

--
Best regards | Schöne Grüße
Michael

Microsoft MVP - Most Valuable Professional

http://weblogs.asp.net/mschwarz/
http://michael-schwarz.blogspot.com/


    Reply    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google