user public key authentication

I'm wondering if it is possible to use a public key to authenticate a
user. I'm trying to make a program that would allow a user to execute
a command by using a public key instead of a password. Anyone have
any idea if .net can do that?
Thanks for your time.

How would that work? Public keys are public, so they are known by everyone.

When you use PKI in an authentication scenario, you typically use digital
signatures (which require access to the private key). The signed data can
be validated with the user's public key and can thus prove possession of the
private key.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ghandi" <darthghandi (AT) gmail (DOT) com> wrote

Quote:

I'm wondering if it is possible to use a public key to authenticate a
user. I'm trying to make a program that would allow a user to execute
a command by using a public key instead of a password. Anyone have
any idea if .net can do that?
Thanks for your time.

On Dec 11, 9:51 pm, "Joe Kaplan"
<joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:

Quote:

How would that work? Public keys are public, so they are known by everyone.

When you use PKI in an authentication scenario, you typically use digital
signatures (which require access to the private key). The signed data can
be validated with the user's public key and can thus prove possession of the
private key.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--"ghandi" <darthgha... (AT) gmail (DOT) com> wrote in message

news:fa1c9d6d-6c88-4ab2-84f9-6b75108d7cf1 (AT) i29g2000prf (DOT) googlegroups.com...



I'm wondering if it is possible to use a public key to authenticate a
user. I'm trying to make a program that would allow a user to execute
a command by using a public key instead of a password. Anyone have
any idea if .net can do that?
Thanks for your time.- Hide quoted text -

- Show quoted text -

Sorry, I should have been more clear about that. I do want to use a
private key (using a public key encryption like RSA). I just was
wondering if there is any way to authenticate with that key. I found
how easy it was to authenticate a user with the password using a
DirectoryEntry object. There I could just pass the username and
password to the constructor. Then I could use that same information
to run a process with that same user. I didn't see any place to use a
key.
Thanks.

Ah, that's more difficult to do I'm afraid. Typically, when you want to use
public key crypto for authentication, you would do so with SSL and client
certificate authentication. You can do that programmatically in .NET with
the SslStream class if you have a server you can connect to that supports
client certificate authentication.

In LDAP, it is possible to authenticate via client certificate
authentication although this is done automatically with
ADSI/System.DirectoryServices. You can't pass in a key or certificate to
use. The DC must support SSL as well. With S.DS.Protocols, you can
supposedly do client certificate authentication and control the certificate
used programmatically, but I think there was a bug preventing some aspect of
this from working in the original release of .NET 2.0.

Windows SSPI supports authentication with certificates via the schannel
provider (which is what SSL in Windows uses under the hood).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

Quote:

Sorry, I should have been more clear about that. I do want to use a
private key (using a public key encryption like RSA). I just was
wondering if there is any way to authenticate with that key. I found
how easy it was to authenticate a user with the password using a
DirectoryEntry object. There I could just pass the username and
password to the constructor. Then I could use that same information
to run a process with that same user. I didn't see any place to use a
key.
Thanks.

On Dec 11, 10:33 pm, "Joe Kaplan"
<joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:

Quote:

Ah, that's more difficult to do I'm afraid. Typically, when you want to use
public key crypto for authentication, you would do so with SSL and client
certificate authentication. You can do that programmatically in .NET with
the SslStream class if you have a server you can connect to that supports
client certificate authentication.

In LDAP, it is possible to authenticate via client certificate
authentication although this is done automatically with
ADSI/System.DirectoryServices. You can't pass in a key or certificate to
use. The DC must support SSL as well. With S.DS.Protocols, you can
supposedly do client certificate authentication and control the certificate
used programmatically, but I think there was a bug preventing some aspect of
this from working in the original release of .NET 2.0.

Windows SSPI supports authentication with certificates via the schannel
provider (which is what SSL in Windows uses under the hood).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--



Sorry, I should have been more clear about that. I do want to use a
private key (using a public key encryption like RSA). I just was
wondering if there is any way to authenticate with that key. I found
how easy it was to authenticate a user with the password using a
DirectoryEntry object. There I could just pass the username and
password to the constructor. Then I could use that same information
to run a process with that same user. I didn't see any place to use a
key.
Thanks.

Thanks for the input. I'm not looking to use SSL, I'm using a
different protocol. Is there any examples out there for
authenticating a user with a key or a cert? I'm having trouble
knowing where to look for info on this.
Thanks

Can you explain what you mean by this? Why would you not use SSL if you
want to do certificate-based authentication? SSL is not limited to
protecting HTTP traffic. It can be used to add security to any stream-based
network protocol.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

Quote:

Thanks for the input. I'm not looking to use SSL, I'm using a
different protocol. Is there any examples out there for
authenticating a user with a key or a cert? I'm having trouble
knowing where to look for info on this.
Thanks

On Dec 19, 8:02 am, "Joe Kaplan"
<joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:

Quote:

Can you explain what you mean by this? Why would you not use SSL if you
want to do certificate-based authentication? SSL is not limited to
protecting HTTP traffic. It can be used to add security to any stream-based
network protocol.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--



Thanks for the input. I'm not looking to use SSL, I'm using a
different protocol. Is there any examples out there for
authenticating a user with a key or a cert? I'm having trouble
knowing where to look for info on this.
Thanks

Sure, I am already adding security by using the SSH protocol. I just
need to authenticate a user with a cert or a key.
Thanks again for the time.

Ok then, it sounds like you need to either use the authentication features
in SSH (assuming there are some; I don't know it very well) or create your
own authentication protocol to layer with the rest of your protocol. I
don't think there is anything built in that you can use here.

Best of luck!

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

Quote:

Sure, I am already adding security by using the SSH protocol. I just
need to authenticate a user with a cert or a key.
Thanks again for the time.