Secure Socket Layer in asp.net Part 100

Показать описание

Text version of the video

Slides

Healthy diet is very important both for the body and mind. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking our YouTube channel. Hope you can help.

All ASP .NET Text Articles

All ASP .NET Slides

In this video we will discuss
1. The advantage of using HTTPS over HTTP protocol
2. How to identify, if the web application i am accessing, use HTTPS protocol
4. What is SSL or Secure Socket Layer and how is it different from HTTPS
5. Who issues server certificates and can't I generate test certificates
6. What about performance when using HTTPS over HTTP

Advantages of using HTTPS
HTTP stands for Hyper Text Transfer Protocol. HTTPS, stands for Hyper Text Transfer Protocol Secure. As the name suggests, HTTPS is more secure than HTTP. When the web server and the client communicate, using HTTP, protocol, the messages that are exchanged over the internet are not encrypted. Any one can secretly listen and see the messages that are exchanged between the client and the web server. That's why, any sensitive information like passwords, financial transactions should never be done over HTTP protocol. Most of the banking applications use HTTPS protocol. Messages exchanged between the client and web server, using the HTTPS protocol are encrypted and are very secure. HTTP use port 80 and HTTPS use port 443.

How to identify, if the web application i am accessing, use HTTPS protocol
1. Browser displays a LOCK symbol either in the address or status bar. Click on the lock icon, for more information like, the certificate issuing authority, encryption key length etc.
2. In the address bar look for HTTPS instead of HTTP

What is Secure Socket Layer and how is it different from HTTPS
HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). SSL standing for Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a web server and a browser, so that the data sent over the Internet can't be read by others. When a user requests a secure Web page, the server generates an encryption key for the user's session and then encrypts the page's data before sending a response. On the client side, the browser uses that same encryption key to decrypt the requested Web page and to encrypt new requests sent from that page. SSL uses server certificates for encryption and decryption. An SSL certificate contains a public key and certificate issuer. Not only can clients use the certificate to communicate with a server, clients can verify that the certificate was cryptographically signed by an official Certificate Authority. For example, if your browser trusts the VeriSign Certificate Authority, and VeriSign signs my SSL certificate, your browser will inherently trust my SSL certificate.

Who issues server certificates and can't I generate test certificates
Server certificates are issued by an entity called certificate authority. There are several trusted certificate authorities like verisign etc

The certificate authority acts as a clearinghouse to verify the server's identity over the Internet. When a browser requests a page over https, the browser also, requests the server certificate and checks it against a list of trusted sites provided by the certificate authority. If the server certificate does not match one of the sites already authorized by the user, or if the server certificate does not match the Web address for which it was registered, or if there are any other problems with the server certificate, a warning message is displayed. The warning message from internet explorer is shown below.

Besides providing encryption and decryption for secure data transmission, certificate authority also provides assurance to users that a website is authentic.

Рекомендации по теме

Комментарии

Hi Sir Venkat, Your video tutorials is one of the best here in youtube, you code and debug it which is very cool. You also divide it so we can focus on one topic. Thank you very much. God Bless and More power.

junarjacob

Just to add to this great explanation: Actually data transmitted by client and server is not encrypted by using certificate encryption. Public private key PAIR is very process intensive so it would be mad if all data transmitted between client and server would be encrypted by using certificate key. Instead, certificate is only used to established encrypted session between client and server. After that, when they encrypt session, they generate a new key for encryption which is symmetric key. Then all data is encrypted using that symmetric key. So process is like this: 1. Web browser asks for certificate and obtain a server PUBLIC key. 2. Then client generate some symmetric key that will be used for encrypting data between server and client. Then encrypt that symmetric key with server PUBLIC key. Then send that encrypted symmetric key to the server. Because only server which has locally private key stored, can de - crypt that and see encryption key that was generated. 3. Then server and client are actually using that symmetric key for encrypting data over session. Basically certificate are using just ot exchange symmetric key which is less process intensive. - CORRECT me if i am wrong. Thanks

mazdysoraya

Hi Venkat, your tutorial videos are really so good, i apreciate you do for others developers. Thank you.

mingomix

Really good presentation ! Many thanks !

karolpawowski

Congratulation Mr Venkat for complete 100 videos in ASP.NET.I am so thankful for posting videos. Can you please post silverlight videos for data-binding. (I am new to this silveright).

kavitha

Hi, what exactly happens when you type inetmgr in the run window, and when you press enter.

Csharp-video-tutorialsBlogspot

Make sure not to use ssl, you have to use tls (minimum 1.1, better 1.2) to make your site as secure as you want it to be. Its a kind of a new version of ssl. You dont wanna be attackable with heartbleed or something like this.

julianvogt

I just added a ssl and i am getting a problem when trying to sign in. Can you help me.

The connection string 'GuildStreamEntities' in the application's configuration file does not contain the required providerName attribute."AAA

guildstream

Secure Socket Layer in asp.net Part 100

Secure Socket Layer in asp.net Part 100

Implementing SSL in asp net web application Part 101

ASP.NET: Applying an SSL Certificate

Enable SSL & HTTPS | Part - 22 | Learn ASP.Net Web API 2 for Absolute Beginner

SSL, TLS, HTTPS Explained

Secure Socket Layer in ASP NET in arabic

How To Get Free SSL Certificate For Website | Add SSL To Website

Secure Socket Layer (SSL) ll SSL Protocol Stack Explained in Hindi

SSL Certificates Explained

Steps To Fix SSL Certificate Error In ASP.NET Web API | Enable HTTPS | Web API @CodingKnowledge

How to install SSL certificate on new website 2024

What is a Secure Socket Layer (SSL), by concept VIZ LLC

Secure Socket Layer (SSL) Certificate

Why SSL is important in websites | Know about Secure Sockets Layer in Websites

SSL Handshake Explained | What Is SSL/TLS Handshake? | SSL/TLS Handshake Protocol | Simplilearn

SSL | Secure Socket Layer

What Is SSL And HTTPS | A Bare Minimum Every Web Developer Should Know | Full Stack Fundamentals

Implementing SSL in asp net web application in arabic

Enable SSL in Visual Studio Development Server

What is SSL ? Secure Socket Layer How is SSL Work ?

TUTORIAL-SSL (secure socket layer) - Management kemanan jaringan

What is an SSL Certificate or Secure Socket Layer - A Web Hosting Tutorial

S S L- Secure Sockets Layer

How to run site using Https on IIS(Install SSL certificate for website)