Security :: Secure Login From A Non Secure HTTP Page?
Oct 24, 2010
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
View 3 Replies
Similar Messages:
Jul 13, 2010
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
View 1 Replies
Dec 31, 2010
How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 Replies
Oct 25, 2010
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replies
Jul 13, 2010
I wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
View 6 Replies
Feb 25, 2010
I have a masterpage that contains a number of links. When I login to the secure area of my website, the links are broken they are trying to access the page as if it was stored in the SecurePages folder. Code below:
[Code]....
View 8 Replies
Jun 18, 2010
i was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 Replies
Sep 17, 2010
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
View 3 Replies
Feb 9, 2011
I would like to create a secure login page for a pre-defined set of users (so no creating username/passwords by the users themselves). I've looked up a few sites and they all seem to using Microsoft's Membership or something. I am not very sure as to why that's used, but all you need to know is that I will be creating the login details. I just need to make the login secure, ie, no duplicate logins, no logins from different browsers and cookies and sessions and encryption and all that.
View 2 Replies
Apr 4, 2011
I would like to create a secure login page for a pre-defined set of users (so no creating username/passwords by the users themselves). I've looked up a few sites and they all seem to suggest using Microsoft's Membership or something. I am not very sure as to why that's used, but all you need to know is that I will be creating the login details. I just need to make the login secure, ie, no duplicate logins, no logins from different browsers and cookies and sessions and encryption and all that. Any one have the code/links to where I can get all this?
View 1 Replies
May 28, 2010
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
View 1 Replies
Jan 24, 2010
i have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 Replies
Nov 9, 2010
I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
View 1 Replies
May 28, 2010
How can I force page to use secure connection "https". Client might call the page using insecure connection. I want the page to to check connection, if insecure connection "http" is being used, reload the page with secure "https" connection
View 8 Replies
Dec 16, 2010
I need to learn the following security-related questions pertaining to ASP.NET membership system (which I am currently using):
1) How to set up "secure" log-in for site members (when other sites say "secure login", what exactly is meant?) --- is that easy for a novice programmer to set up?; are there third parties?; is this done in collaboration with the site host?...Or by using the ASP.NET member system (which I have already set up), is that by default "secure" already?
2) When signing members up, what is best way to block out spammers from the registration process? Is there also third party software I can use? Perhaps someone can give quick answers to these, or point me in the right direction to read a good updated resource on this.
View 4 Replies
Aug 10, 2010
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
View 1 Replies
Jan 18, 2010
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 Replies
Nov 23, 2010
I want to develop a site with secure login. i followed various tutorials, and created a site, based on the default master page. I believe i set up the asp.net configurations correctly. under security, changed authentication type to "from the internet", added roles, added users based on those roles. when i compile the project and test the log in, it works fine. but, in visual studio 2010's Solution Explorer the App_Data folder is grayed out and i cannot get into it to view the database. how do i view the tables and create new tables?
View 4 Replies
Mar 5, 2011
I've recently read one of Jeff's articles about XSS and it got me thinking about how to better protect the login cookies in my home cooked authentication system.
[code]....
so one of the questionable things I do is use the UserAgent string. Is there harm in doing this? Or browsers which will change their UserAgent string under normal operation(as in, without being updated)? My goal is basically for if an attacker gets a login cookie, for them to not be able to do anything with it. At the moment, the only info I store in the cookie plain text is the username.
View 1 Replies
Mar 6, 2010
Background: I have a asp.net webapplication project that should contain a public and a member area. Now I want to implement a SSL decription to secure communication between the client and the server. (In the university we have a unsecured wireless network and you can use a wlan sniffer to read username/password. I do not want to have this security problem for my application, so I thought of a ssl decription)
The application is running on a IIS 7.5. It it possible to have one webapp that has unsecured pages (like the public area) and a secured area (like the member area, which requires a login)? If yes, how can I relealise the communication between these too areas?
Example:
My webapp is hosted on http://foo.abc.
I have pages like [URL]
In the same project is page like /member/default.aspx which is protected by a login on the page
[URL]
So I would need to implement SSL for the page /login.aspx and all pages in /member/
How can I do that? I just found out how to create SSL certificates in IIS 7.5 and how to add such a binding to a webapp. How how can I tell my webapp which page should be called with https and not with http. What is the best practise there?
View 3 Replies
Jan 19, 2012
Any secure method to check for login details..How to check for username and password against database in a secure way.. I do not want to use datareader object.. Is there any other way?
View 1 Replies
Jun 7, 2010
i am creating a web app for a small buisness enterprise in which i have added a node in my menu (stocks) accessible to limited users
every time a user try to access this node , it will ask for his/her credentials. iam using asp.net login control( in built ) for this . Also i used
<authentiaction mode='forms' />
<authorization>
<deny users='?'>
</authorization>
for these pagesin my web.config file now apart from that , how can i made it more secure using asp.net membership provider.
View 2 Replies
Jan 13, 2011
I'm creating a ASP.NET/SQL Server 2005 Express app which requires users to upload supporting attachment or documents in .docx and .pdf format. The web server is IIS 6/Win 2003. I'm trying to come up with a good way of securing these documents so anonynous users cannot see them and creating a separate Windows login for every user is not an option. SQL Server Express does not have blob data types. I'm storing each user's authentication information in the SQL database and not really using forms authentication.
View 1 Replies
Apr 9, 2010
I would like to send email securely to third party with attachments containing sensitive info. The website is configured with SSL. I'd like to know how to send email securely via asp.net app.
View 3 Replies
Apr 30, 2010
I've got IIS 6 with a self-signed certificate installed. This is now securing the whole site (all urs are HTTPS). How do I only apply HTTPS to logged in areas, leaving publicly viewable data with HTTP?
View 8 Replies
