This app is an example server of BCC-CA Desktop Client built on ASP.Net Core 3.1 with PostGRE Database. We are using ASP.Net Core and PostGRE because both of them are open source and can be hosted in cheap Linux Server (Ubuntu, CentOS etc.) with full functionality. If anyone like to use another DB, then here is the whole list of supported databases. For MySQL, along with official connector library, other convenient libraries can be used like Pomelo.EntityFrameworkCore.MySql for MySQL as well as MariaDB. If connection string for databases need to be updated, then they can be updated from this file. If other databases rather than PostGRE need to be used, then the DB should be configured from here. This web app will be used as one of the server examples for the signer app. This app will also be used as XML Signature verification service. Most common commands and links regarding ASP.Net Core is provided in here.
In this web app, provide this mentioned APIs as well as XML verification service along with XML serialization and deserialization.
In this web app, there are mainly 4 APIs implemented for enabling signature-
Among these APIs, Download XML File API and Upload XML File API is directly used by the BCC-CA Desktop Signing Client.
Along with those APIs, conversion of any form data model to XML and XML to that form data is also provided in here and here. Retrieving the signing time from the Signature->SignedInfo->Reference->Id is provided in here. The signing-time is stored in base64 format because Id field does not support any whitespace and Id is one of the best places where custom unalterable string can be stored.
This API is implemented in here. With this API, an authenticated user generates a secured token for downloading and uploading a file. The API is called by the browser before initiating download of a file. After the API is called, a token is provided for 2 minutes for downloading and uploading the file. As the client can't access the authentication of the user in the browser directly, this token generation and maintaining are strictly suggested to maintain authorization. For this example, the API call can be like this-
- Successful Call
- Unsuccessful Call If the user is unauthorised, the AJAX call will not return any token like this-
and
In this architecture of enabling digital signing to any web form, we are storing the web form as XML which is easily signed digitally. The XML is stored in the server as text entry in a database as text in a column, so before initiate the downloading the file, the XML string should be converted to Byte Array and Byte Array should be converted to Memory Stream for creating a file which will be downloaded. So, the XML file is stored in nowhere in the server but stored as an XML text, when needed, the text is converted as XML file. With this API, any XML file can be downloaded, but the XML file download URL can live for a small-time with strong token validation so that the file security can be assured and no unauthenticated person or service can download the file and retrieve the data. To do that, we have created an API for generating a download-upload token in here. It is an API where only XML file can be downloaded with GET request like this-
The implementation code can be found in here.
This API is implemented in here. With this API, any file can be uploaded in server with an authentically generated token. After uploaded to the server, the file is converted to a string and stored in the database with required properties.
Postman example call can be like this-
- Success
- Fail
If File upload failed, then a response will be sent like this-
This API is implemented in here. With this API, any signature can be verified if the signed XML file is perfectly signed or not. A demo call with Postman client is like this-
-
Successfully verified
-
Unverified
