Account Creation and Security

G

Guest

Hi

I'm trying to design a web application where people can create user Ids and
passwords while signing up and then use that information to login to an
account. (I know, very basic). I just can't get my mind around how to make
this system most secure. the user id and password is verified at the time of
logging in and at that point, I would like to create something like a session
key before openning the new page. I basically don't want to start the new
page by passing regular parameters through the URL because that's very easy
to manipulate and break. Can someone give me some information about creating
a secure system like this and/or forward me some useful sources?? btw.. I'm
using, IIS as my server, ASP.Net and VB.Net.

Thanks

Farsad
 
C

Curt

Farsad,

You should consider employing form authentication. Google the
FormsAuthentication object, there is a extensive information on the web for
this.

I use both FormsAuthentication.SetAuthCookie and
FormsAuthentication.RedirectFromLoginPage methods on different applications.
With forms authentication, you designate a page that is accessible to all
users. Until the user is authenticated, he cannot access other pages in the
application.

I hope this helps, good luck!
Curt
 
J

John Rivers

If security is really an issue you should consider using SSL
that is about the only way to protect session hijacking etc.

NTLM is also pretty good but managing the accounts can be
a pain

a nice solution is to use your own basic authentication over ssl
this allows you to manage and use the user database as you wish
whilst skipping getting involved in windows authentication
and letting users login using the login prompt in browsers and save
their passwords if they wish, plus you get to use the realm parameter
to say something cool !

all you need to do it is read up on www-authenticate header and base64
encoding
this also allows for "roaming web sessions" - where one of your
customers can
login at home and then later at work and still be in the same session
(ie: his
shopping basket has the same products in as at home)

it is the slickest solution outside of ntlm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User Account Security 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
generic web page creation ??? 0
Invalidating a windows account token 0
Security!!! 2
Looking for someone to take alook at this code and help 2
Active Directory user creation with python-ldap 0
cx_freeze and temporary files - security related question 0

Members online

No members online now.
Total: 33 (members: 0, guests: 33)
Robots: 369

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,066
Latest member
VytoKetoReviews

Latest Threads

Top