473,378 Members | 1,066 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > using https for a login page

Join Bytes to post your question to a community of 473,378 software developers and data experts.

using HTTPS for a login page

I have a login page on a Windows IIS server: login.aspx

I'd like to enable the user to optionally use HTTPS to login
so that their password would not be easily snooped out.

What does this involve exactly?
I know that you use a https prefix instead of http, but that's it.

Is there configuration of directories necessary?
Got a good website for this basic info on https?

Also, I'll issue the user with a cookie (not persistent) once they log
in. It will be a session cookie created using the user name and
MachineKey alone... if this cookie were intercepted would an attacker be
able to use this for a replay attack? i.e. would I need to use https for
every page on the site where you need to be logged in to access or just
the login page? I know that Yahoo mail only uses https on the login page

Cheers!
--

"I hear ma train a comin'
.... hear freedom comin"
Nov 18 '05 #1
7 2000
rf
Stimp wrote:
I have a login page on a Windows IIS server: login.aspx

I'd like to enable the user to optionally use HTTPS to login
so that their password would not be easily snooped out.


Optionally?

Hmmm.

A user who does not know what HTTPS means (most of them) would be unlikely
to worry about choosing one way or the other.

A user who does know what HTTPS means would *expect* you to use this and a
few other things as well to make things secure. [1].

If you need to ask this question here then IMHO you really need to rethink
your entire security setup :-) Or is this just for a blog?

[1] One of the institutions I deal with uses HTTPS etc but if I forget my
password I can get it back, online, using two peices of information: 1) My
account number and 2) my date of birth. Now, if somebody finds out my
account number (a very loosely guarded secret) they can surely find out my
DOB, which is after all in the public domain at the registry of births
deaths and marriages. I no longer deal with that institution online.

--
Cheers
Richard.
Nov 18 '05 #2
rf
Stimp wrote:
I have a login page on a Windows IIS server: login.aspx


Ah, another bloody idiot who has set followups to something other than the
many disparate newsgroups mentioned in the original post.

Do you know that people in those other newsgroups (like alt.html) will not
see any of the posts made by other people from those groups? They will
assume nobody has answered the question and thus will waste their time
anwering again.

--
Cheers
Richard.
Nov 18 '05 #3
On Mon, 23 Aug 2004 rf <rf@.> wrote:
Stimp wrote:
I have a login page on a Windows IIS server: login.aspx

I'd like to enable the user to optionally use HTTPS to login
so that their password would not be easily snooped out.
A user who does not know what HTTPS means (most of them) would be unlikely
to worry about choosing one way or the other.


Take a look at Yahoo Mail.. it allows the user to select 'Standard' or
'Secure' login.. obviously they will know that a 'Secure' login will
make their password 'more hidden' from surprise attacks

You should probably give people more credit
account number (a very loosely guarded secret) they can surely find out my
DOB, which is after all in the public domain at the registry of births
deaths and marriages. I no longer deal with that institution online.


The rest of your post has no useful information whatsoever.. what a
waste of your time :)

--

"I hear ma train a comin'
.... hear freedom comin"
Nov 18 '05 #4
"rf" <rf@.invalid> wrote in message
news:V9****************@news-server.bigpond.net.au...
Ah, another bloody idiot who has set followups to something other than the
many disparate newsgroups mentioned in the original post.

Do you know that people in those other newsgroups (like alt.html) will not
see any of the posts made by other people from those groups? They will
assume nobody has answered the question and thus will waste their time
anwering again.


If the OP hadn't cross-posted in the first place...
Nov 18 '05 #5
Poor thing. Sounds like someone wasn't picked for the kickball team in
kindergarden and is still bitter. Lighten up, dude.

"rf" <rf@.invalid> wrote in message
news:V9****************@news-server.bigpond.net.au...
Stimp wrote:
I have a login page on a Windows IIS server: login.aspx


Ah, another bloody idiot who has set followups to something other than the
many disparate newsgroups mentioned in the original post.

Do you know that people in those other newsgroups (like alt.html) will not
see any of the posts made by other people from those groups? They will
assume nobody has answered the question and thus will waste their time
anwering again.

--
Cheers
Richard.

Nov 18 '05 #6
On Mon, 23 Aug 2004 rf <rf@.> wrote:

Ah, another bloody idiot who has set followups to something other than the
many disparate newsgroups mentioned in the original post.

"USENET troll in obnoxious posting shocker!"

--

"I hear ma train a comin'
.... hear freedom comin"
Nov 18 '05 #7
PL
> What does this involve exactly?
I know that you use a https prefix instead of http, but that's it.


Buing a certificate for your domain and installing in into IIS.

If it's an "intranet" type of application you can download the
IIS Resourcekit Tools and generate one to use, but you'll
never get past the warnings.

PL.
Nov 18 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Login using https becomes anonymous in http protocol
by: Rujuta Gandhi | last post by:
Hi All, I am facing a very crucial problem. Im developing a web application using .net studio 2005(beta). I want my Login.aspx page to be secured(https) for encrypted login information...
.NET Framework
2
Need help with Login using SSL
by: tperri | last post by:
Hi all. What I'm wondering how to implement the following scenario: I have the main page for my site with login and password fields. I want to be able to do some processing of the login in an...
ASP.NET
1
Logging into a website using urllib2
by: dmbkiwi | last post by:
I've been using urllib2 to try and automate logging into the google adsense page. I want to download the csv report files, so that I can do some analysis of them. However, I don't really know...
Python
2
[Framework 1.1] HTTP and HTTPS form in one aspx
by: sebastien.varoteaux | last post by:
Hi all, I have an aspx page which must contains two forms... I know that it's impossible but my client wants a login form in all pages... The login must be secured and all the website can't be...
ASP.NET
0
posting login credentials and __VIEWSTATE using HttpWebRequest fails
by: msnews.microsoft.com | last post by:
I have been raking my brains on why this does not work. I get back the same login screen again instead of the home page redirection which should occur after a successful login: 'create a cookie...
ASP.NET
12
https-Question
by: Wilhelm Kutting | last post by:
Hello, i got a little understanding Problem. on some http-Sites i can log into my Account with Name/Passwort. The Form-Login-Page ist only http with form action directing to a "secure" https page....
HTML / CSS
1
http vs https
by: jdp | last post by:
I've created an asp.net 2.0 site that has secure and non secure pages so, obviously, it has a login page. The web.sitemap file has the url set to the relative location of the page, meaning https...
ASP.NET
6
Https form post using Httpwebrequest brings back the same page.
by: nganapat | last post by:
I am trying to post form values to a https web page programmatically using Httpwebrequest but no matter what I do the same login page is returned instead of the next page. I would very much...
.NET Framework
6
https dialog
by: Ulrich Schmidt | last post by:
Hello NG, I'm looking for a while for doc's to understand how to delelop my own https client to automate some tasks. The website, I try to use for example, contains a javasript to provide for...
Javascript
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!