473,804 Members | 3,030 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.NET and SSL question

Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in, all
the other pages require authentication. Once the user has logged in the
login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page where
they login?

Please feel free to ask for more information.
Thanks
Steve

Jan 9 '08 #1
5 1604
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************ @woohoo.uk.comw rote in message
news:9D******** *************** ***********@mic rosoft.com...
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 9 '08 #2
Hi Eliyahu,
Thanks for the reply. I will test this out but I'm not at that stage, I'm
trying to get a heads up and work out the best way to approach this.

I've seen websites where you login under http you are then redirected to a
https page for authentication and then you can access the rest of the web
site under http for example www.king.com. I'm wondering if I could do
something similar in ASP.NET.

Cheers
Steve
"Eliyahu Goldin" <RE************ **************@ mMvVpPsS.orgwro te in
message news:OP******** ******@TK2MSFTN GP02.phx.gbl...
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************ @woohoo.uk.comw rote in message
news:9D******** *************** ***********@mic rosoft.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 9 '08 #3
From my experience the user still remains authenticated as long as the forms
authentication cookie is not marked as a secure cookie. Best I can
remember the forms authentication cookie is not marked as secure by default.

"Eliyahu Goldin" <RE************ **************@ mMvVpPsS.orgwro te in
message news:OP******** ******@TK2MSFTN GP02.phx.gbl...
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************ @woohoo.uk.comw rote in message
news:9D******** *************** ***********@mic rosoft.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve




Jan 9 '08 #4
It all depends.

Just to secure user name and password all you need is an https on the page
that actually transmits user name and password (home page in your case).

the rest of the site might not use SSL.
SSL only protects information passed between browser and server. So on any
given page you might need to make an assessment if that page has information
that needs to be encrypted by SSL or not. If not then you use http.

There is another side called User experience. Regular users know little
about SSL and how it works.
So they can freak out if they do not see that "lock" icon in the browser. So
very often you need to make the whole section of the site to be using SSL.
Like on my E-commerce site if you go to Checkout then even page where you
chose your shipping method is using SSL. Simply because I will hard time to
explain (hence lost sales) that no one cares if that user wants to ship it
with UPS or FedEx

George.
"Steve S" <st************ @woohoo.uk.comw rote in message
news:9D******** *************** ***********@mic rosoft.com...
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 10 '08 #5
Hi George,
Thanks for the email, exactly what I was looking for.
Steve
"George Ter-Saakov" <gt****@cardone .comwrote in message
news:ed******** ******@TK2MSFTN GP03.phx.gbl...
It all depends.

Just to secure user name and password all you need is an https on the page
that actually transmits user name and password (home page in your case).

the rest of the site might not use SSL.
SSL only protects information passed between browser and server. So on any
given page you might need to make an assessment if that page has
information that needs to be encrypted by SSL or not. If not then you use
http.

There is another side called User experience. Regular users know little
about SSL and how it works.
So they can freak out if they do not see that "lock" icon in the browser.
So very often you need to make the whole section of the site to be using
SSL.
Like on my E-commerce site if you go to Checkout then even page where you
chose your shipping method is using SSL. Simply because I will hard time
to explain (hence lost sales) that no one cares if that user wants to ship
it with UPS or FedEx

George.
"Steve S" <st************ @woohoo.uk.comw rote in message
news:9D******** *************** ***********@mic rosoft.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 13 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
3101
Previous/Next Question
by: Mohammed Mazid | last post by:
Can anyone please help me on how to move to the next and previous question? Here is a snippet of my code: Private Sub cmdNext_Click() End Sub Private Sub cmdPrevious_Click() showrecord
Visual Basic 4 / 5 / 6
3
5045
Simple Java/XML question
by: Stevey | last post by:
I have the following XML file... <?xml version="1.0"?> <animals> <animal> <name>Tiger</name> <questions> <question index="0">true</question> <question index="1">true</question> </questions>
.NET Framework
7
2667
ASP.NET 2.0 question on Partial Types with J.I.T.
by: nospam | last post by:
Ok, 3rd or is it the 4th time I have asked this question on Partial Types, so, since it seems to me that Partial Types is still in the design or development stages at Microsoft, I am going to ask it differently. FOUR QUESTIONS: The background: I got three (3) files
.NET Framework
3
3096
Filling question ID automatically by using query or VBA
by: Ekqvist Marko | last post by:
Hi, I have one Access database table including questions and answers. Now I need to give answer id automatically to questionID column. But I don't know how it is best (fastest) to do? table before rowID answID qryrow questionID datafield 1591 12 06e 06e 06e question 1593 12 06f 06f 06f question 1594 12 answer to the question 06f
Microsoft Access / VBA
10
3444
asp question about post vars
by: glenn | last post by:
I am use to programming in php and the way session and post vars are past from fields on one page through to the post page automatically where I can get to their values easily to write to a database or continue to process on to the next page. I am now trying to learn ASP to see if we can replace some of our applications that were written in php with an ASP alternative. However, after doing many searches on google and reading a couple...
ASP.NET
10
3743
Question about "Configuration Error" Message
by: Rider | last post by:
Hi, simple(?) question about asp.net configuration.. I've installed ASP.NET 2.0 QuickStart Sample successfully. But, When I'm first start application the follow message shown. ========= Server Error in '/QuickStartv20' Application. -------------------------------------------------------------------------------- Configuration Error Description: An error occurred during the processing of a configuration file
ASP.NET
53
4099
Question about the clc string lib
by: Jeff | last post by:
In the function below, can size ever be 0 (zero)? char *clc_strdup(const char * CLC_RESTRICT s) { size_t size; char *p; clc_assert_not_null(clc_strdup, s); size = strlen(s) + 1;
C / C++
56
4809
Question about the *= (and similar) operator
by: spibou | last post by:
In the statement "a *= expression" is expression assumed to be parenthesized ? For example if I write "a *= b+c" is this the same as "a = a * (b+c)" or "a = a * b+c" ?
C / C++
2
4287
Matrix question and nested repeaters
by: Allan Ebdrup | last post by:
Hi, I'm trying to render a Matrix question in my ASP.Net 2.0 page, A matrix question is a question where you have several options that can all be rated according to several possible ratings (from less to more for example). I have a question object that has two properties that contain the collections Options and Ratings. now I want this kind of layout: --- Rating1 Rating2 Rating3 Option 1 () () ...
C# / C Sharp
3
2558
question in regard to precedence of CSS selectors
by: Zhang Weiwu | last post by:
Hello! I wrote this: ..required-question p:after { content: "*"; } Corresponding HTML: <div class="required-question"><p>Question Text</p><input /></div> <div class="not-required-question"><p>Question Text</p><input /></div>
HTML / CSS
0
9706
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9579
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10326
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10317
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
6851
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5520
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5651
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3815
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2990
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us