Currently I have Windows App which is directly opening database connection (SQL Server is sitting remotely) using SqlConnection object without any proper security measure.
Now I need to secure database connection using certificate. I read something about adding certificate on SQL Server, and on my Windows application. But I am not getting clear picture on how to do it as well as not sure how effective it would be. Can someone throw me some idea, helpful link to articale, or sample code?
One of my friend suggested me to create “Web Service” and host it on IIS, since we can configure certificate on IIS for the “Web service”. And call that WebService from my windows Application. But I am not sure how good this solution is.
Thank you in advace for putting effort for helping me.
This link here explains step by step (How To: Use SSL to Secure Communication with SQL Server)- http://msdn.microsoft.com/en-us/library/ff649255.aspx
Step 1. Request and Install a Server Authentication Certificate
Step 2. Verify that the Certificate Has Been Installed
Step 3. Install the Issuing CA's Certificate on the Client
Step 4. Force All Clients to Use SSL
Step 5. Allow Clients to Determine Whether to Use SSL
Step 6. Verify that Communication Is Encrypted
And, then read here - How to enable SSL encryption for SQL Server 2000 if you have a valid Certificate Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;276553
This might give you some ideas & direction.