Re: Sending signed and encrypted email.
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Oct 2006 12:30:16 -0500
That is a question I know something about.
Essentially, you'll need to issue an LDAP query to AD to find your user (or
users) in question. Assuming your certificates have been deployed to AD in
the normal way, the data will be stored in the "userCertificate" attribute
on each user. The user may have 1 or more certificates, depending on how
your system works. If your goal is to send an encrypted message to users
via an AD lookup, you would want their encryption certificate, not their
signing certificate. This is normally determined by looking at the key
usages on the cert. If they only have a single cert that serves both
purposes, you just use that.
The crux of this is to use the DirectorySearcher class to find the user in
question (perhaps by their email address?) and retrieve their
userCertificate attribute. This will give you an array of objects
containing arrays of bytes. You basically pass the resulting byte array
into the constructor for X509Certificate or X509Certificate2.
Connecting to LDAP is usually the hardest part, as it depends a lot on the
context the current thread is running under. If you are logged in as a
domain account and running this in a console or forms app, it is usually
easy, but it can be complex in a web app or service.
If you can provide more details about what you are doing, I can probably
provide you with a code sample.
My book also explains how to do everything you have to do to make this work,
but I don't necessarily expect you to buy it just to figure out how to do
this one thing. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Praveen" <praveen@xxxxxxxxxxxxxxxx> wrote in message
news:%23NJKhK95GHA.2264@xxxxxxxxxxxxxxxxxxxxxxx
Hello Joe,
I was able to achieve this with .Net 2.0 and Interop to CDO for sending
mail. I am new to framework 2.0 so unsure about the capabilities of the
smtp classes available. I believe it should be possible do this with pure
dotnet framework 2.0
I am attaching the dotnet project. This project is built using information
and sample provided at
http://support.microsoft.com/?kbid=280391 and
http://windowssdk.msdn.microsoft.com/en-us/library/ms180959.aspx
I was now trying to achive something else may be you can help me with
this. I wanted to query the active directory and extract the certificates
for users and store them on the disk. I found some article to achieve this
http://windowssdk.msdn.microsoft.com/en-us/library/aa387675.aspx
but that was in c++ could not achieve this in dotnet.
Thanks and regards,
Praveen
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e32keu85GHA.3732@xxxxxxxxxxxxxxxxxxxxxxx
Were you able to do it with the CMS classes in .NET 2.0 and the .NET 2.0
SMTP classes, or did you have to fall back to CDO and CAPICOM?
I know you should be able to do this in "pure" .NET now, but I'm unsure
of
how one goes from creating the CMS message to getting it into a mail
message
in the proper format to make it work. I would have replied to your post
if
I knew how to do that part.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Praveen" <praveen@xxxxxxxxxxxxxxxx> wrote in message
news:OcCVO125GHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I was finally able to get it working with some useful tips from
http://support.microsoft.com/?kbid=280391
thought it might be useful for some one else looking for similar thing.
Thanks,
Praveen
"Praveen" <praveen@xxxxxxxxxxxxxxxx> wrote in message
news:eywxSXM4GHA.4748@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
I am trying to send a signed and encrypted email using C#.
After doing some research I understand that there are a couple of ways
of
doing that.
With framework 1.1 we can use interop to capicom.dll and with
framework
2.0 a new package "System.Security.Cryptography.Pkcs" is available. I
would prefer to use the PKCS package to do the encryption etc and use
either CDO or system.web.mail to send out the email.
I saw some examples to sign and encrypt data at
http://windowssdk.msdn.microsoft.com/en-us/library/ms180952.aspx and
http://windowssdk.msdn.microsoft.com/en-us/library/ms180956.aspx but
could not use it to sucessfully send out signed and encrypted email.
I tried to merge the vb sample (using Capicom) available at
http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6&DisplayLang=en
into a c# project and make use of PKCS package but in vain.
Can u help me to achive this.
Thanks in advance,
Praveen
.
- References:
- Re: Sending signed and encrypted email.
- From: Praveen
- Re: Sending signed and encrypted email.
- From: Joe Kaplan
- Re: Sending signed and encrypted email.
- Prev by Date: TripleDES output size
- Next by Date: Trusting a location for Framework 2.x
- Previous by thread: Re: Sending signed and encrypted email.
- Next by thread: TripleDES output size
- Index(es):
Relevant Pages
|
