I have an ASP.Net application. It is an application where people fill out forms. Well, we would like for people to be able to sign the form electronically(as in, their hand written signature) so that the signatures are held in the server and displayed on the web page.

Is there any kind of support for doing this kinda thing without having to resort to ActiveX controls? We would really strongly like to stay away from those. Is there anything up and coming that could be of some help such as the Canvas HTML5 tag or anything like that? It'd be super neat if we could support both signature pads and tablet PCs.

Also, electronic signatures are required because we would prefer if they signed the form through the computer and stored it on our server rather than printing it off, signing it, and filing it away in some place to become out of date.

Actually what we ended up doing is the following:

On the client's machine a custom made web server is run. The web server does the interfacing with the signature pad. We have control over everyone using our site so this is not a problem.

On our website we have a series of buttons like "sign" "clear" and "done". When the sign button is clicked it will begin a process which will poll the localhost server every 50 or 100ms or so with an image tag created like so <img src="http://127.0.0.1?signature&time=..." /> (where the ... is the current time so no caching issues). This makes it so that the image can be clearly seen in the browser and works well for every browser I've tested it in.

Then when the user clicks done in order to get the image's actual data to be accessible from the server we use a JSONP request(so that we can cross the domain border) to get a base64 encoded value of the image and/or signature data. We store this in a hidden field. Whenever the user clicks save for the form(or whatever) then this hidden field gets sent to the server and saved.

This would also be easy to have so that there is an option for tablet computers so that it uses a <canvas> control or similar to allow direct drawing on the screen.

This isn't exactly an answer to your problem but if you are in the United States you will not need a handwritten signature for the document to be considered legally "signed." As long as the form they are "signing" meets certain authentication criteria, an online agreement is considered fully executed by an electronic acceptance. For example, in our system, people sign a document using the following:

My Name: Mark Graquel
My System ID: 998877
Today's Date: 1/25/2010 

You agree that the Name and/or ID shown above fully, accurately and uniquely 
identifies you in our database. You furthermore agree that your submission of 
this form, via the "I Accept" button, shall constitute the execution of this 
document in exactly the same manner as if you had signed, by hand, a paper 
version of this agreement. 

For more information about the law that covers electronic signatures, see the "Digital Signatures Act."

Perhaps this jquery plugin: https://github.com/thread-pond/signature-pad

APIs from esignature service such as docusign and echosign will assure you of more compliance, and also perhaps of better ease-of-use for your clients/customers through their handling of the different use cases in the esigning process (more than you may think).

For your situation and for passing in docs you've generated, their APIs can be restrictive given pdf wizardry going on. legalesign.com (i'm involved in this project) is a more open system that has the upshot of deeper API integration to handle this. We're in beta and not yet released an API, but pleased to hear about indications of interest.

I hardly doubt whether this is pleadable, as there is no possibility to do signature analysis etc. But I am no lawyer, so this might be worth another discussion :-).

Isn't there something like DigiD available in your country. It's a government issued identification mechanism with verification, that is used in the Netherlands to sign (for example) tax files.

Also check CanvasPaint ^{(domain expired)}. It's code has been open sourced by the author (see here). It is an Paint implementation in pure Javascript, using the <canvas> tag.

When I was learning jQuery I wrote 'Simple Paint' program. This program had 100x100 div and color chooser. I could draw different things keeping left mouse button pressed. It took about 4 hours to write that program (i.e. it's very easy especially if we assume that I was learning jQuery and didn't know how to use it correctly).

P.S. you describe the strangest requirement I've ever heard.

Actually what we ended up doing is the following:

On the client's machine a custom made web server is run. The web server does the interfacing with the signature pad. We have control over everyone using our site so this is not a problem.

On our website we have a series of buttons like "sign" "clear" and "done". When the sign button is clicked it will begin a process which will poll the localhost server every 50 or 100ms or so with an image tag created like so <img src="http://127.0.0.1?signature&time=..." /> (where the ... is the current time so no caching issues). This makes it so that the image can be clearly seen in the browser and works well for every browser I've tested it in.

Then when the user clicks done in order to get the image's actual data to be accessible from the server we use a JSONP request(so that we can cross the domain border) to get a base64 encoded value of the image and/or signature data. We store this in a hidden field. Whenever the user clicks save for the form(or whatever) then this hidden field gets sent to the server and saved.

This would also be easy to have so that there is an option for tablet computers so that it uses a <canvas> control or similar to allow direct drawing on the screen.

If they aren't using a tablet PC then a mouse rendering of the "signature" might look nothing like they would normally sign. Unsure how the legality of this would hold up.

As an alternative implementation and likely equally viable one for online, make available a text box to type their name into as their "electronic signature". Then if the platform allows for a real sig to be carried out properly (e.g. known to be a tablet with pen) then let them sign normally instead.

Their "personal mark" on a filled out form might also simply be the fact they logged in to fill it out. Electronic sigs don't have to take on the format you would normally expect. Online implementations of offline things often don't translate properly or have unforeseen loopholes.

You can do it with an HTML5 canvas. Check out this drawing apps made entirely with HTML5. Awesome!

http://mugtug.com/sketchpad/

Not sure how an average person would sign using a mouse... We have done something like this, but what we did was provide the page of the form requiring a signature for download, which they could then sign, scan and upload again.

Wet signature is a nuisance, but still necessary in some cases...