.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Secure Machine Identification

Posted By:      Posted Date: August 30, 2010    Points: 0   Category :.NET Framework
Let's say you have a client/server application. You want to uniquely and securely identify that the communications in question is coming from a particualr client installation. To solve this, you create some kind of symmetrically encrypted signature that each machine must pass up to the server to authenticate each request. This signature includes things like MAC addresses, hard drive serials numbers, motherboard serial numbers, etc. Your mechanism is flexibly enough to handle hardware changes, etc. Basically, it's like Windows Activation. But how do you ensure that somebody looking at your code (through disassembly) can't figure out how these signatures are geneated/encrypted and just duplicate them on a non-authorized machine? What are the common patterns for this? Since both the client and the server must rely on a shared secret of some kind, using crytpo key containers or the DPAPI doesn't seem like an option. Thoughts?

View Complete Post

More Related Resource Links

Need help using control adapters at the machine level

Hi guys!

Let me explain our situation. I do web development at a university at which we have to meet strict accessibility guidelines. I've specially modified the adapters (as well as extended CompositeDataBoundControlAdapter to include GridView) for use on our site and to use with our global stylesheets as well as compiled the control adapters into a DLL.

The control adapters now all reside in the WebServices.CssFriendlyAdapters DLL.  (For example, WebServices.CssFriendlyAdapters.GridViewAdapter).

Currently, when someone drops an App_Browsers folder in to their site with the adapters specified, the adapters work. However, we'd like to be able to specify this in the C:\WINDOWS\Microsoft.NET\Framework\(version number)\CONFIG\Browsers directory so that the adapters work automatically without anyone having to move anything into App_Browsers for every site. To ensure that someone can still use the "old way" or will not be confused by their controls being adapted, I've written in code that uses the base rendering methods unless xhtmlConformance is set to "Strict" in the site's web.config file.

Anyway, on to the problem. When trying to compile the controlAdapters into the C:\WINDOWS\Microsoft.NET\Framework\(version number)\CONFIG\Browsers directory using aspnet_regbrowsers.exe (see http://msdn2.microsoft.com/en-us/library/ms229858.a

{ End Bracket }: The Emergence Of Machine Translation


Vikram Dendi looks at how machine translation is poised to change the world and why it is so important to deliver information in multiple languages.

Vikram Dendi

MSDN Magazine January 2009

Editor's Note: Can I See Some Identification?


Security measures are highly context driven and change with circumstances. This month Howard Dierking spins a few security yarns to illustrate.

Howard Dierking

MSDN Magazine November 2008

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software


Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software.

Michael Howard

MSDN Magazine November 2007

Identity: Secure Your ASP.NET Apps And WCF Services With Windows CardSpace


Windows CardSpace replaces traditional authentication with a more consistent and streamlined login process and improves trust between end-users, applications and services. Michèle Leroux Bustamante explains.

Michele Leroux Bustamante

MSDN Magazine April 2007

Secure Habits: 8 Simple Rules For Developing More Secure Code


Never trust data, model threats against your code, and other good advice from a security expert.

Michael Howard

MSDN Magazine November 2006

Secure By Design: Your Field Guide To Designing Security Into Networking Protocols


If you were to build a new communications protocol from scratch, how would you address security? Here the authors take a look at that question and generate some valuable insights into secure protocols.

Mark Novak and Andrew Roths

MSDN Magazine September 2006

Are You Protected?: Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0


Ensuring the security of a Web application is critical and requires careful planning throughout the design, development, deployment, and operation phases. It is not something that can be slapped onto an existing application. In this article, Mike Volodarsky outlines best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications.

Mike Volodarsky

MSDN Magazine November 2005

Stay Alert: Use Managed Code To Generate A Secure Audit Trail


In today's security-conscious environments, a reliable audit trail is a valuable forensic tool The Windows Server 2003 operating system provides features that let you enable a wide range of applications to make use of auditing functionality. This article looks at auditing from the operating system perspective and describes a sample managed code implementation that will allow you to add auditing to your own server applications.

Mark Novak

MSDN Magazine October 2005

Best Practices: Fast, Scalable, and Secure Session State Management for Your Web Applications


ASP.NET provides a number of ways to maintain user state, the most powerful of which is session state. This article takes an in-depth look at designing and deploying high-performance, scalable, secure session solutions, and presents best practices for both existing and new ASP.NET session state features straight from the ASP.NET feature team.

Mike Volodarsky

MSDN Magazine September 2005

{ End Bracket }: Microsoft Java Virtual Machine Update


In a settlement agreement reached in January 2001 to resolve a dispute over the Microsoft distribution of its Java implementation, Sun Microsystems and Microsoft agreed to limit the duration of the time Microsoft would use Sun's source code and compatibility test suites to support the Microsoft® Java Virtual Machine (MSJVM).

Brian Keller

MSDN Magazine October 2004

Express Editions: Get a Lean, Mean Dev Machine with the Express Editions of Visual Basic and SQL Ser


The Express Editions of Visual Basic and SQL Server 2005 have lots of the features of the full-sized versions, but with a lot less of the overhead. Professional developer features such as full IntelliSense support, local debugger, Add Web Reference, and the improved Visual Data Tools will all be available in the Express products, so you don't have to leave your favorite features behind. In this article the author introduces you to these express editions and builds a sample app to get you started.

Brian A. Randell

MSDN Magazine September 2004

Virtual Server 2005: Program Customized Testing Environments Without Trashing Your Machine


Efficient testing can require many different machine and server configurations but the effort needed to manage these test environments can take a toll. Microsoft Virtual Server 2005 simplifies the provisioning and management of testing environments. This article demonstrates how the extensive Virtual Server COM API can be used to create an automated application testing environment to make your testing chores a whole lot easier.

Ben Waldron

MSDN Magazine August 2004

Office 2003: Secure and Deploy Business Solutions with Microsoft Visual Studio Tools for Office


Microsoft Visual Studio Tools for the Microsoft Office System is a new technology that brings the advanced features of Visual Studio .NET and the .NET Framework to applications built for Microsoft Office Word 2003 and Microsoft Office Excel 2003. Deploying solutions built with this technology requires that you understand how runtime security is enforced in managed applications and how to configure users' systems to run your solutions without introducing security holes.To promote that understanding, this article will demonstrate how to establish trust, explain policy considerations and permissions, and explain what trusted code is all about. Secure assembly deployment is also covered in detail.

Brian A. Randell and Ken Getz

MSDN Magazine March 2004

Encrypt It: Keep Your Data Secure with the New Advanced Encryption Standard


The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.

James McCaffrey

MSDN Magazine November 2003

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend