It all depends.
Just to secure user name and password all you need is an https on the page
that actually transmits user name and password (home page in your case).
the rest of the site might not use SSL.
SSL only protects information passed between browser and server. So on any
given page you might need to make an assessment if that page has information
that needs to be encrypted by SSL or not. If not then you use http.
There is another side called User experience. Regular users know little
about SSL and how it works.
So they can freak out if they do not see that "lock" icon in the browser. So
very often you need to make the whole section of the site to be using SSL.
Like on my E-commerce site if you go to Checkout then even page where you
chose your shipping method is using SSL. Simply because I will hard time to
explain (hence lost sales) that no one cares if that user wants to ship it
with UPS or FedEx
George.
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.
To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?
Please feel free to ask for more information.
Thanks
Steve