473,513 Members | 2,563 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.NET and SSL question

Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in, all
the other pages require authentication. Once the user has logged in the
login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page where
they login?

Please feel free to ask for more information.
Thanks
Steve

Jan 9 '08 #1
5 1595
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 9 '08 #2
Hi Eliyahu,
Thanks for the reply. I will test this out but I'm not at that stage, I'm
trying to get a heads up and work out the best way to approach this.

I've seen websites where you login under http you are then redirected to a
https page for authentication and then you can access the rest of the web
site under http for example www.king.com. I'm wondering if I could do
something similar in ASP.NET.

Cheers
Steve
"Eliyahu Goldin" <RE**************************@mMvVpPsS.orgwrote in
message news:OP**************@TK2MSFTNGP02.phx.gbl...
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 9 '08 #3
From my experience the user still remains authenticated as long as the forms
authentication cookie is not marked as a secure cookie. Best I can
remember the forms authentication cookie is not marked as secure by default.

"Eliyahu Goldin" <RE**************************@mMvVpPsS.orgwrote in
message news:OP**************@TK2MSFTNGP02.phx.gbl...
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.

I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve




Jan 9 '08 #4
It all depends.

Just to secure user name and password all you need is an https on the page
that actually transmits user name and password (home page in your case).

the rest of the site might not use SSL.
SSL only protects information passed between browser and server. So on any
given page you might need to make an assessment if that page has information
that needs to be encrypted by SSL or not. If not then you use http.

There is another side called User experience. Regular users know little
about SSL and how it works.
So they can freak out if they do not see that "lock" icon in the browser. So
very often you need to make the whole section of the site to be using SSL.
Like on my E-commerce site if you go to Checkout then even page where you
chose your shipping method is using SSL. Simply because I will hard time to
explain (hence lost sales) that no one cares if that user wants to ship it
with UPS or FedEx

George.
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 10 '08 #5
Hi George,
Thanks for the email, exactly what I was looking for.
Steve
"George Ter-Saakov" <gt****@cardone.comwrote in message
news:ed**************@TK2MSFTNGP03.phx.gbl...
It all depends.

Just to secure user name and password all you need is an https on the page
that actually transmits user name and password (home page in your case).

the rest of the site might not use SSL.
SSL only protects information passed between browser and server. So on any
given page you might need to make an assessment if that page has
information that needs to be encrypted by SSL or not. If not then you use
http.

There is another side called User experience. Regular users know little
about SSL and how it works.
So they can freak out if they do not see that "lock" icon in the browser.
So very often you need to make the whole section of the site to be using
SSL.
Like on my E-commerce site if you go to Checkout then even page where you
chose your shipping method is using SSL. Simply because I will hard time
to explain (hence lost sales) that no one cares if that user wants to ship
it with UPS or FedEx

George.
"Steve S" <st************@woohoo.uk.comwrote in message
news:9D**********************************@microsof t.com...
>Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.

To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?

Please feel free to ask for more information.
Thanks
Steve



Jan 13 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
3083
Previous/Next Question
by: Mohammed Mazid | last post by:
Can anyone please help me on how to move to the next and previous question? Here is a snippet of my code: Private Sub cmdNext_Click() End Sub Private Sub cmdPrevious_Click() showrecord
Visual Basic 4 / 5 / 6
3
4997
Simple Java/XML question
by: Stevey | last post by:
I have the following XML file... <?xml version="1.0"?> <animals> <animal> <name>Tiger</name> <questions> <question index="0">true</question> <question index="1">true</question> </questions>
.NET Framework
7
2629
ASP.NET 2.0 question on Partial Types with J.I.T.
by: nospam | last post by:
Ok, 3rd or is it the 4th time I have asked this question on Partial Types, so, since it seems to me that Partial Types is still in the design or development stages at Microsoft, I am going to ask...
.NET Framework
3
3059
Filling question ID automatically by using query or VBA
by: Ekqvist Marko | last post by:
Hi, I have one Access database table including questions and answers. Now I need to give answer id automatically to questionID column. But I don't know how it is best (fastest) to do? table...
Microsoft Access / VBA
10
3390
asp question about post vars
by: glenn | last post by:
I am use to programming in php and the way session and post vars are past from fields on one page through to the post page automatically where I can get to their values easily to write to a...
ASP.NET
10
3682
Question about "Configuration Error" Message
by: Rider | last post by:
Hi, simple(?) question about asp.net configuration.. I've installed ASP.NET 2.0 QuickStart Sample successfully. But, When I'm first start application the follow message shown. ========= Server...
ASP.NET
53
4021
Question about the clc string lib
by: Jeff | last post by:
In the function below, can size ever be 0 (zero)? char *clc_strdup(const char * CLC_RESTRICT s) { size_t size; char *p; clc_assert_not_null(clc_strdup, s); size = strlen(s) + 1;
C / C++
56
4696
Question about the *= (and similar) operator
by: spibou | last post by:
In the statement "a *= expression" is expression assumed to be parenthesized ? For example if I write "a *= b+c" is this the same as "a = a * (b+c)" or "a = a * b+c" ?
C / C++
2
4252
Matrix question and nested repeaters
by: Allan Ebdrup | last post by:
Hi, I'm trying to render a Matrix question in my ASP.Net 2.0 page, A matrix question is a question where you have several options that can all be rated according to several possible ratings (from...
C# / C Sharp
3
2539
question in regard to precedence of CSS selectors
by: Zhang Weiwu | last post by:
Hello! I wrote this: ..required-question p:after { content: "*"; } Corresponding HTML: <div class="required-question"><p>Question Text</p><input /></div> <div...
HTML / CSS
0
7259
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7158
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7380
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7523
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5683
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
4745
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3221
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1592
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
455
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us