I'm working on securing the API {WSDL Endpoints} to HTTPS, trying to make use of CryptoAPI Calls in ASP.NET. Can any one tell me what a CryptoAPI call means, I have already gone through many websites, but I really don't understand why do we use that? By making use of CryptoAPI what is that I achieve? How does that work...?
Asked
Active
Viewed 220 times
1 Answers
0
CryptoApi (aka CAPI) is Microsoft's crypto library. https://en.wikipedia.org/wiki/Microsoft_CryptoAPI
It is used for things like encrypting files, but HTTPS is an entire protocol layer, it's more than just encryption.
If you are trying to secure a web service, then you don't need to write your own server crypto code.
Just bind the ASP.NET website to the HTTPS protocol in IIS (in addition to or in place of HTTP). When the client calls the API over HTTPS, the encryption process is invisible to the client and server yet the communication is still secure.
Here is an overview of how to setup IIS for HTTPS: https://www.digicert.com/ssl-certificate-installation-microsoft-iis-8.htm
Encryption is incredibly difficult to do correctly, even for crypto experts. So us mere mortal general programmers are encouraged to avoid writing our own encryption code as much as possible. HTTPS/SSL/TLS has its issues, but the good thing about it is that its implemented in a way that is largely invisible to the applications which make use of it.
Here's a general overview of how HTTPS works (aimed at web devs): https://blog.hartleybrody.com/https-certificates/
modal_dialog
- 733
- 5
- 12