for an example if you have a legacy system (e.g. MF) and you need to write your own low level procedures to handle encryption then

this RFC is for you.(RFC2527)

 

here is a good blog post of how to use the winhttpcertcfg.exe utility to attach x509 certificate to the working process.

 

 

 

 

 

This code sample demonstrate how to check the identity of the caller at the component level, this method can be used to be sure that only the BL layer calling to the DAL.

 

//
// Class library example to demonstrate StrongNameIdentityPermission and
// StrongNameIdentityPermissionAttribute.
using System;
using System.Security.Permissions;
using System.Reflection;
//[assembly: AssemblyVersion("1.0.*")]
//[assembly :AssemblyKeyFile(@"c:\mykey.snk")]
namespace SignedLib
{

    public class Signed
    {
        // Read the windir environment variable.
        public void GetWindirImperative()
        {
            try
            {
                // Use Sn.exe to generate the byte array for the public key.
                byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36,
                    0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34,
                    97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151,
                    178, 0, 230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208, 158,
                    240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112,
                    46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0,
                    171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42,
                    219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210,
                    189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133,
                    70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180 };

                // Specify the version of the calling assembly.
                Version v1 = new Version("1.0.0.0");
                StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
                Console.WriteLine(ComparePublicKeys() ? "Calling assembly has same key as this assembly " : "Calling assembly has different key than this assembly");
                // Create different permissions to exercise the set operations.
                StrongNameIdentityPermission snPerm = new StrongNameIdentityPermission(blob, "StrongNamedExe", v1);
                snPerm.Demand();
                // Return the location of the Windows directory that is found in
                // the windir environment variable.
                Console.WriteLine(Environment.GetEnvironmentVariable("windir"));
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception thrown in called assembly: " + e.Message);
            }
        }
    // Use an attribute to demand that the calling assembly has a specific strong name key.
    // Use Sn.exe to generate the public key string used for the demand.
    [StrongNameIdentityPermissionAttribute(SecurityAction.Demand, PublicKey =
        "0024000004800000940000000602000000240000525341310004000001000100ed92913322617b" +
        "c45aae29aaaddd29c1af270797b200e698da08ceceaa546f911ad09ef0f6dbe4221fa30b8210c7" +
        "6fe004702e540068e526273f35bd009d2026226d00ab72f4223b09e896c0f7af688fab2adb4242" +
        "c2bfda793b5c2a259e0d6cd2bd09cbcc20305bd465c113e36b19854602dc53ce4766f568fc576d" +
        "be3822b4")]
        public void GetWindirDeclarative()
        {
            try
            {
                // Return the location of the Windows directory that is found in
                // the windir environment variable.
                Console.WriteLine(Environment.GetEnvironmentVariable("windir"));
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception thrown in called assembly: " + e.Message);
            }
        }
        public static bool ComparePublicKeys()
        {
            try
            {
                Assembly callingAssembly;

                // Create a target object.
                Int32 integer1 = new Int32();
                Type type1;

                // Set the Type instance to the target class type.
                type1 = integer1.GetType();

                // Create an instance of the assembly class to house the Integer type. 
                callingAssembly = Assembly.GetAssembly(integer1.GetType());

                // Display the name of the calling assembly.
                Assembly entryAssembly = Assembly.GetEntryAssembly();
                string mainAssembly = entryAssembly.FullName;

                Console.WriteLine("Calling assembly = " + entryAssembly.FullName);

                // Get the name of the assembly being called (this assembly).
                string thisAssembly = Assembly.GetCallingAssembly().FullName;

                Console.WriteLine("Called assembly=" + thisAssembly);

                int tokenIndex1 = thisAssembly.LastIndexOf("PublicKeyToken");
                int tokenIndex2 = mainAssembly.LastIndexOf("PublicKeyToken");
                string testString1 = thisAssembly.Substring(tokenIndex1, 31);
                string testString2 = mainAssembly.Substring(tokenIndex2, 31);

                return testString1.Equals(testString2);
            }
            catch
            {
               // Console.WriteLine("This is an unexpected exception");
                throw;
            }
        }
    }
}

 

 

 

here is a good reference for implementing security best practices on your application.

you can find it here