Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Password-Protecting Sensitive InfoPath Form Fields
page 5 of 6
by S.Y.M. Wong-A-Ton
Feedback
Average Rating: 
Views (Total / Last 10 Days): 38081/ 63
How it Works

Saving a Form

The following sequence of events takes place when saving a new InfoPath form and enabling password-protection:

1.      The user opens a new form, fills in the data, and enters a password.

2.      The user initiates the saving of the form by clicking on the Save button, using the File > Save menu item, or closing the form in which case she will be prompted to save the modifications. This will trigger the OnSaveRequest event handler.

3.      A symmetric key is generated from the password entered by the user and her user name.

4.      The text "locked" is encrypted using the symmetric key and the encrypted text is saved in the isLocked field.  The credit card number, which contains sensitive data, is also encrypted using the symmetric key and saved in the ccNumber field it from which it was originally retrieved.

5.      Both the password and passwordAgain fields are emptied before the form is saved, since this data must not be persisted in the form.

6.      The form is saved to disk.

7.      If the form's XML file is opened in e.g. Notepad, the <my:isLocked> and <my:ccNumber> XML nodes will contain encrypted data, while the <my:password> and <my:passwordAgain> XML nodes will be empty.

Opening a Form

The following sequence of events takes place when opening a previously saved and password-protected form:

1.      The user opens a previously saved form.  The credit card number field is shown in an encrypted format, the password fields are empty, and the Unlock button is enabled.

2.      The user enters a password and clicks on the Unlock button.

3.      A symmetric key is generated from the password entered by the user and her user name.

4.      An attempt is made to decrypt the isLocked field.  If successful, the credit card field is decrypted and the unencrypted data is shown.  If the isLocked field cannot be decrypted, this means that the password the user entered is incorrect, the data in the isLocked field within the form's XML file has been tampered with, or the user is not the original person who saved the form.  If decrypting the credit card number field fails while the isLocked field is successfully decrypted, this means that the data in the ccNumber field within the form's XML file has been tampered with.

5.      After the credit card number field has been decrypted, the isLocked field is set to an empty string, indicating that the form fields are now in an unprotected state and the Unlock button is disabled.

Note: It is advisable to back up forms once they have been protected, because if the user forgets the password or the form's data is tampered with, it will not be possible to decrypt the encrypted form fields any more.

Downloads

[Download Code]
View Entire Article

User Comments

No comments posted yet.






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-25 5:11:17 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search