Hi "N"
We did something similar many years ago using an SSO one-time token technique. . User logs into DS. . Page is loaded that has a link to the .Net app . Dynaments are used to create a record in a shared DB with a Guid id and user credentials/information . Guid (from dynament) is appended to the URL for the .Net app (use a different Guid for each link; these are single-use Guids so clicking any tagged link on the page will kill all the other tagged links if you recycle the tokens) . User clicks link . Pipeline handler in .Net reads Guid from URL, goes to shared DB and sets the HttpContext.Current.User as appropriate using info from DB table . Pipeline handler removes record from shared DB (preventing a replay attack / man-in-the-middle / etc) . Pipeline redirects user back to DS site if Guid not found. . SQL timed process runs every 5 minutes removing (unused) records more than 10 minutes old. Something like that. [Actually ours was a bit more complicated and we created a REST keep-alive that the .Net app used to ensure the DS session didn't time out while the user was in the .Net app. This involves spoofing the cookie DS uses to track user sessions. Your scenario may not require this level of complexity.] HTH. Regards, Richard Hauer ==================== 5 Limes Pty Limited www.5Limes.com.au From: [email protected] [mailto:[email protected]] On Behalf Of Shah N Sent: Tuesday, 10 July 2012 9:47 AM To: [email protected] Subject: Re: Cryptographic services in DS Hi Tim Thanks for that! My situation is that I need to verify a user in DS from a .net application. User will be supplying the username/password but the login is actually carried out by DS. Obviously we'll need to call a dynament file from the .net app but didnt want to pass the information unencrypted. As you can imagine comparison isnt really an option because we cant just extract the password from DS user repository. We really need a 2 way encryption. Something the .net app can encrypt and DS can decrypt before logging the user in so to speak. And before anyone suggests this we will be using https as an added measure. By my research and from what you say it seems that we have to write a custom java class or write a .net web service to handle this perhaps. I was just hoping there would be something out of the box for this. Regards N On Tuesday, July 10, 2012 3:40:52 AM UTC+10, Tim D wrote: One way encryption can be done with DynaMents using the applyRule inline function in conjuction with getDigest (SHA,MD5) this allows comparisons. Delivery Server also has an option for attributes to obscure them this is from the set-password (optional) Used only for source="user"|"system": Defines how attribute values are displayed. When the DynaMent is executed, the attribute is given the property specified here: . false: Default setting. All characters of attribute values are displayed with no encryption. . true: All characters of attribute values are displayed with the ***** placeholder. This applies to the display of values in the user interface, in log files, and in projects. Even after processing by an Attribute DynaMent (such as reading), placeholders are shown for these attribute values. This setting corresponds to selecting the Display value as asterisks check box in the editing dialogs for attributes. Otherwise some simple Java coding could add more functionality. On Sunday, July 8, 2012 10:09:00 PM UTC-4, Shah N wrote: Hi folks, Just wondering if anyone has used the cryptographic services available in DS. I found you can enable the system keys in DS which makes an additional checkbox for encrypting values based on the configuration available (eg. blowfish, Triple DES). Its clear that any information flagged for encryption can be secured this way but how do we go about decrypting information? Lets say we store a user attributed and encrypt the values but if we need to pass on or verify information there is nothing available that can do this (at least I cant find any). I have thought about using the python hashlib but thats just a one way hash. I can only compare with that. How do we go about using a two way crypto within DS without writing a custom java class to handle the encrypt/decrypt functions? Is there anything built in or a python script of some kind available out there? N -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/reddot-cms-users/-/RNd_5kf0_NIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en. -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
