I want to design a secure connection between a client and a server. in this scenario, at the first, client send its credentials to server ,then server corresponded this information, make a soft-token and send to the client. since then, the client does not need to perform repetitive operation(send his UID & Pass to the server), instead send his token to the server(Assuming that the client and server have agreed on a common Secret key).
1. what is the best components for the token?
2. how do I implement this mechanism in C#?
tnx
Asked
Active
Viewed 705 times
0
1 Answers
0
This is what already happens with standard forms authentication. Credentials are verified, a FormsAuthenticationTicket is created, encrypted, and saved in a cookie. That cookie is submitted with each request and server verifies it is valid and not expired, thus not requiring credentials to be reentered so long as the ticket is renewed and stored by the client.
You could utilize this in a custom client, communicating so long as you abide by the same rules of only sending the encrypted ticket to only the valid server, the same way browsers will not cross-site submit cookies by default, to avoid session hijacking.
A quick google turned up similar answers in the context of WCF(which you tagged your question, but not sure the relevance): https://stackoverflow.com/a/18164396/84206
