I have the following scenario:
(and unfortunately I can not change anything on the infrastructure, but I can change anything about the Application and WebService code)
AnIntranetwithmultipledatabasesthatcanonlybeaccessedbythosewithinthenetwork.
AWebService(atthetopoftheimage)wascreatedandplacedonthisinternalnetworktomakecertainservicesavailableforspecificexternalapplications.
Aspecificexternalapplication(inAsp.NetMVCatthebottomoftheimage)thatconsumestheservicesavailableintheWebService,manipulatesthedataandmakestheinformationavailabletotheclients.
Thereisadatabase(theleftintheimage)wherealldatageneratedthroughtheapplicationisstored,butitisalsoaccessiblebytheWebService.
Unfortunately,thedatatoaccesseachoftheinternalnetworkdatabasesisintheapplicationdatabase.Extremelysensitivedata!
AsIcannotremovethesensitivedataandcreateanewdatabasewithintheinternalnetworktokeepthem"safe," I thought of the following process:
Afteraclientrequestintheapplication,a"Token" is generated and saved in the application database.
After saving the Token, the application makes a request to the WebService by sending the Token. Since the WebService has access to the application database, then it is easy to validate the Token.
In case everything is right, then the WebService generates the keys using the RSACryptoServiceProvider
class and returns the public key, also keeping the private key somewhere (could it be the session?) .
When receiving the public key, the application encrypts the sensitive data, and also generates the public and private keys in the same way, sending the public key to the WebService together with the encrypted sensitive data.
The WebService receives the data and can decrypt everything with the previously stored private key, then searches the data on the internal network, encrypts everything with the public key it received from the application, and returns the data to it. / p>
The application can then decrypt the data with its private key and give the return to the user.
The questions are:
Is this really the safest way to accomplish the whole process in view of all the limitations and possibilities mentioned? Would it be appropriate ("secure") to store the private key generated in the WebService in a session?