Introduction
SafeNet Authentication Service (SAS) Authentication API for Microsoft .NET allows agents to support all the functions required to interact with the SAS. A SAS agent is a third-party application with embedded plug-in code that passes collected user names and one-time passwords (OTPs) to the SAS for authentication.
Applicability
The information in this document applies to the following:
- SafeNet Authentication Service - Cloud (SAS Cloud) — The SafeNet cloud-based authentication service.
- SafeNet Authentication Service - Service Provider Edition (SAS SPE) — The on-premises, server version targeted at service providers interested in hosting SAS in their data center(s).
- SafeNet Authentication Service - Private Cloud Edition (SAS PCE) — The on-premises, server version targeted at organizations interested in hosting SAS in their private cloud environment.
Prerequisites
- .NET Framework v4.6.2 (or later)
- .NET 8 (or later)
Note
SAS Authentication API (BSIDAPI.dll) is built on .NET Standard 2.0, making it compatible with both .NET Framework and .NET applications.
Security notes
To enhance security, we strongly recommend the following actions.
| Subject | Action | More details |
|---|---|---|
| Installation folder | During installation, change the default destination folder to a system-protected folder accessible only to accounts with the required privileges. | See Installation and upgrade, step 5 |
| SSL Server Certificate Validation | SSL server certificate validation is enabled by default. To disable it, set EnableSSLCertificateValidation to 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Thales\BSIDAPI. A value of 1 enables SSL server certificate validation. |
See API C# class — SSL server certificate validation |
| FIPS AES Mode | FIPS AES mode is enabled by default (IsFipsAesEnabled = 1). To disable it, set IsFipsAesEnabled to 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Thales\BSIDAPI. This flag controls AES encryption only and does not affect RSA operations. |
HKEY_LOCAL_MACHINE\SOFTWARE\Thales\BSIDAPI\IsFipsAesEnabled |
| Agent Key File | Place the key file in a system-protected folder accessible only to accounts with the required privileges. | See Agent key file and additional deployment — Loading key file |