469,623 Members | 1,928 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,623 developers. It's quick & easy.

Creating secure login page

Hi Everyone,

I am working on an ASP.net application and I have a homepage to which
everyone visits of course and on that front page I have a user ID and
password box and a login button.

What I don't understand is some sites I visit don't use SSL on the
login page. Instead you visit the homepage and there is no padlock.
Then you type in your user ID and password and then click login and
then it redirects to a secure area.

How do you do this and is it secure? If you want an example visit
(www.chase.com or www.bankofamerica.com). Both feature logins on the
home page but they aren't padlocked when you visit.

I am lost, any help would be great!

Nov 28 '05 #1
1 1978
The page you're on doesn't have to be padlocked as long as it submits to an
SSL-protected page. I remember an article in the WSJ a few months ago that
banks were changing this because the SSL encryption of the first page (with
the logion box) was eating up too much processing. Their sites work on a
scale much larger than anything I work on does, so I'm usually inclined to
SSL protect the login page as well. Since ASPX pages post back to
themselves, I'm not exactly sure how you'd pull off a secure postback
properly (ASP.NET 2.0 pages can submit to another page, but 1.x can't
without some serious tinkering).

If you view the source of the Bank of America page, you'll find this as part
of the login code:
<form name="frmSignIn"
action="https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller?nosc
ript=true

See the HTTPS now?

<sh*******@yahoo.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Hi Everyone,

I am working on an ASP.net application and I have a homepage to which
everyone visits of course and on that front page I have a user ID and
password box and a login button.

What I don't understand is some sites I visit don't use SSL on the
login page. Instead you visit the homepage and there is no padlock.
Then you type in your user ID and password and then click login and
then it redirects to a secure area.

How do you do this and is it secure? If you want an example visit
(www.chase.com or www.bankofamerica.com). Both feature logins on the
home page but they aren't padlocked when you visit.

I am lost, any help would be great!

Nov 28 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Sarah Tanembaum | last post: by
reply views Thread by a_ahsan786 | last post: by
reply views Thread by Rob Meade | last post: by
12 posts views Thread by Mats Lycken | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.