advertisement

Article:
  ASP.NET Forms Authentication - Part 1
Subject:   ASP.NET Forms Authentication
Date:   2003-11-26 12:33:14
From:   sergeir
Quick question...!


My network administrator has concerns regarding username and password values being entered on an .aspx page and then posted for forms authentication. His concern is that the actual values entered in the text boxes can somehow be sniffed as the page is posted to the server. I don not yet know enough about .NET or Internet explorer to support or dispute his claims of this being unsafe.


Nay help would be greatly appreciated...
Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • ASP.NET Forms Authentication
    2005-08-13 01:08:50  c#.asp.net [Reply | View]

  • ASP.NET Forms Authentication
    2003-12-11 18:56:42  fleminga [Reply | View]

    you need to place the login page into a directory which has https or ssl enabled
    • ASP.NET Forms Authentication
      2004-06-10 16:44:44  altanic [Reply | View]

      ^^ agreed. And your administrator has good reason to be concerned. The cookie will be resubmitted every time the user requests another protected page.

      Check here for more info:
      http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT16.asp