Jan312008

New Application

A long time ago ( like a year ago ), i was asked to write a web app, and i couldnt unfortunately finish this project on time cause of some other higher priority projects. This time i will start it and finish it; to keep that promise; i will write my progress on this blog; discuss the challenges on this blog, Category of this project will be ClientVisitsTrackingWebApp,

This web app basically is for tracking the clients' visits; the reporting, billing etc. As the database will hold information like social security number, health information ,client's disability, date of birth; there involves encryption and security concerns. As HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996  states, any health information stored in the database has to be encrypted. Also the visits to the clients are billed, so there is credit card information in the system which also has to be encrypted.

Anyways, the clients table that i designed is as below:

I think every column is straight forward. If you take a close look at the data type for dob, ssn columns; it is varbinary. This is for encryption. The system will send encrypted data to these columns which an array of bytes. So if our database is stolen ( like our backup tapes are stolen or so ), it wont be that easy to to read the data.

So basically our client has a first and a last name, optional middle name, some columns for address, phone, date of birth, social security number, disabilities, notes section, service location which represents where the the client is to be served, an agent id, which represents which agent referred this client. Agent id wont be used in the first release, it is for future use.

My first step is to fire up visual studio 2008. Create a new blank solution : VeteransAppProject, and add some projects to this solution ( listed below )

  • Add a class library : Utilities. Some generic utility functions will leave here.
  • Add a Test Application : VeteransAppTest, so test some of the functions.
  • Add a class library : VeteransDBClasses : classes representing tables.
  • Add a class library : VeteransDBAPI : static classes and functions that webapp will use to read/write database
  • Add a web application: VeteransWebbApp : Web application that clients will use

Let's start with Encryption class. I created a class in the utilities project. I called this class EncDec3DES class. I will be using triple des for encryption. So our class will be as below :

The field algo name will be "TripleDES". Here is functions :

  • public static byte[] GenerateKey(bool bWriteToFile, string TargetFile) : will generate an encryption key, and if bWriteToFile is true, will write the key in the TargetFile; and returns the key
  • public static byte[] GetKeyFromFile(string File) : will read the encryption key from the File and return it.
  • public static string DecryptData(byte[]key, byte[]data) : will decrypt the data using the key; and will return the clear string.
  • public static byte[] EncryptData(bytep[key, string data) : will encrypt data using key, and will return the encrypted byte array.

The implementation of these functions are fairly simple, before posting the code it will be waiting for code highlighting extension :)

[code:c#]

public class EncDec3DES
    {
        private static string AlgoName = "TripleDES";
        public static byte[] GenerateKey(bool WriteToFile, string TargetFile)
        {
            byte[] key = null;
            try
            {

                SymmetricAlgorithm des3Algo = SymmetricAlgorithm.Create(AlgoName);
                // des3Algo.KeySize = 192;       
                des3Algo.GenerateKey();
                key = des3Algo.Key;
                if (WriteToFile == true)
                {
                    using (FileStream fs = new FileStream(TargetFile, FileMode.Create))
                    {
                        fs.Write(key, 0, key.Length);
                    }
                }
            }
            catch
            {
                key = null;
            }

            return key;
        }
        public static byte[] GetKeyFromFile(string File)
        {
            byte[] key = null;
            try
            {
                using (FileStream fs = new FileStream(File, FileMode.Open))
                {
                    key = new byte[fs.Length];
                    fs.Read(key, 0, (int)fs.Length);
                }
            }
            catch
            {
                key = null;
            }
            return key;
        }
        public static string DecryptData(byte[] key, byte[] data)
        {
            SymmetricAlgorithm algo = SymmetricAlgorithm.Create(AlgoName);
            algo.Key = key;
            MemoryStream memStream = new MemoryStream();
            int ReadPos = 0;
            byte[] IV = new byte[algo.IV.Length];
            Array.Copy(data, IV, IV.Length);
            algo.IV = IV;

            ReadPos += algo.IV.Length;
            CryptoStream cs = new CryptoStream(memStream, algo.CreateDecryptor(), CryptoStreamMode.Write);
            cs.Write(data, ReadPos, data.Length - ReadPos);
            //  cs.Write(data,0,data.Length);
            cs.FlushFinalBlock();
            return Encoding.UTF8.GetString(memStream.ToArray());
        }
        public static byte[] EncryptData(byte[] key, string data)
        {
            //convert data in the byte arr
            byte[] clearTextData = Encoding.UTF8.GetBytes(data);
            SymmetricAlgorithm algo = SymmetricAlgorithm.Create(AlgoName);
            algo.Key = key;

            MemoryStream memStream = new MemoryStream();
            //append IV
            algo.GenerateIV();
            memStream.Write(algo.IV, 0, algo.IV.Length);
            CryptoStream cs = new CryptoStream(memStream, algo.CreateEncryptor(), CryptoStreamMode.Write);
            cs.Write(clearTextData, 0, clearTextData.Length);
            cs.FlushFinalBlock();
            cs.Close();
            return memStream.ToArray();
        }
    }

[/code] 

Tomorrow we start creating class for Client :)



Tags:

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses