I need to implement a SOAP API that will utilize Two-Way Certificate Authentication and encryption/decryption.
I do not know what parts of the handshaking and processing of authentication and encryption/decryption is managed by the Windows Server Operating System (and/or IIS) Environment, or which parts are managed by my Self-Hosted Windows API
My question is, given the below steps, which parts will the server manage and which parts will my C# .NET code manage.
My code is a Self-Hosted Windows Service using .NET and C#.
My questions are which parts of the process is managed by the Windows Server environment “for” the host/client application, and which parts are managed by the host/client application (C# .NET).
Ps… sorry if the image does not appear, the steps listed are from the image.
Here are the steps:
Client requests a secure connection to the host
Host (Windows? IIS? .NET Code?) provides public key and digital certificate to client
Client verifies certificate with the Certificate Authority (CA)
Client provides host with a public key
Host verifies client certificate with the Certificate Authority (CA)
Host sends client public key
Client encrypts message using host public key and sends message to host
Host decrypts client message using host’s private key
Host encrypts message using clients public key. Sends message to client
Client decrypts host message using client private key
This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy.