MySpaceNG Development Page

Tuesday, July 04, 2006

Hello All,

Todays update deals with Security in MySpaceNG. While writing this, security has been a part of the archatecture from the start, not an afterthought. Now try to combine powerful declaritive security with an extensible meta system... (makes ones head spin).

Some stuff thats "concrete".... ish

I have wrote a nifty class that I plan to post to TheCodeProject called Secret. This generaic class takes any serializable type and provides an easy means of converting it to and from a secure format. It does this with the help of a class called SecretPolicy. Following is an example use:

byte[] encKey = (load an encryption key)
byte[] valKey = (load a validation key)

SecretPolicy policy = new SecretPolicy(new EncryptionKey(encKey, "3DES"), new ValidationKey(valKey, "HMACSHA1"));

SomeType clearSecret = (the secret)

Secret secret = new Secret(policy, clearSecret);


Secret secret2 = new Secret(policy, secret.GetBinaryEncoding());

SomeType clearSecret2 = secret2.Value;

This is used extensivley in Application.Web.Security.Authentication

Another note, I will host this in IIS7 now that I peeked at it. It hosts all my code in an integrated way so that I can tie security etc EVEN TO NON ASP.NET CONTENT


Post a Comment

Links to this post:

Create a Link

<< Home