Database Reference
In-Depth Information
12.
13. RSACryptoServiceProvider rsaEncrypt = null;
14. rsaEncrypt = (RSACryptoServiceProvider)x509.PrivateKey;
15.
16. byte[] bytes = rsaEncrypt.Decrypt(ct.cipher, false);
17.
18. return UTF8Encoding.UTF8.GetString(bytes);
19. }
The following code calls the RSA encryption routine and saves to the UserProperties table as
previously described. The table now contains two records. Note that the length of the ciphertext is much
greater with the certificate encryption approach:
1. class Program
2. {
3. static void Main(string[] args)
4. {
5. // Declare the encryption object and encrypt our secret value
6. Encryption e = new Encryption();
7. CipherText ct = e.EncryptAES("secret value goes here...");
8. CipherText ct2 = e.EncryptByCert("another secret!!!");
9.
10. UserProperties.Save("MySecret", ct);
11. UserProperties.Save("MySecret2", ct2);
12.
13. }
14. }
Access Control
So far, you've spent a lot of time encrypting and hashing values for increased confidentiality and
integrity. However, another important aspect of the CIA triad is access control. This section reviews two
subcategories of access control: authentication (also referred to as AUTHN) and authorization (AUTHZ).
Authentication (AUTHN)
AUTHN is a process that verifies you're indeed who you say you are. In SQL Server, the AUTHN process
is done through one of two mechanisms: network credentials (or Security Support Provider Interface
[SSPI]) or SQL Server credentials. Connection strings must specify which AUTHN is being used. And
when you use SQL Server AUTHN, a password must be provided before attempting to connect, either by
a user at runtime or in a configuration file.
Keep the following items in mind when you're considering AUTHN with SQL Azure:
No network authentication . Because SQL Azure isn't on your network, network
AUTHN isn't available. This further means you must use SQL AUTHN at all times
and that you must store passwords in your applications (in configuration files,
preferably). You may want to store your passwords encrypted. Although you can
encrypt sections of your configuration files in Windows using the
aspnet_regiis.exe utility, this option isn't available in Windows Azure. So, you
can use one of the encryption methods presented earlier to encrypt and decrypt
the SQL Azure connection string if necessary.
Search WWH ::




Custom Search