Creating secure login page

Discussion in 'ASP .Net' started by sharp2037@yahoo.com, Nov 28, 2005.

  1. Guest

    Hi Everyone,

    I am working on an ASP.net application and I have a homepage to which
    everyone visits of course and on that front page I have a user ID and
    password box and a login button.

    What I don't understand is some sites I visit don't use SSL on the
    login page. Instead you visit the homepage and there is no padlock.
    Then you type in your user ID and password and then click login and
    then it redirects to a secure area.

    How do you do this and is it secure? If you want an example visit
    (www.chase.com or www.bankofamerica.com). Both feature logins on the
    home page but they aren't padlocked when you visit.

    I am lost, any help would be great!
    , Nov 28, 2005
    #1
    1. Advertising

  2. The page you're on doesn't have to be padlocked as long as it submits to an
    SSL-protected page. I remember an article in the WSJ a few months ago that
    banks were changing this because the SSL encryption of the first page (with
    the logion box) was eating up too much processing. Their sites work on a
    scale much larger than anything I work on does, so I'm usually inclined to
    SSL protect the login page as well. Since ASPX pages post back to
    themselves, I'm not exactly sure how you'd pull off a secure postback
    properly (ASP.NET 2.0 pages can submit to another page, but 1.x can't
    without some serious tinkering).

    If you view the source of the Bank of America page, you'll find this as part
    of the login code:
    <form name="frmSignIn"
    action="https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller?nosc
    ript=true

    See the HTTPS now?

    <> wrote in message
    news:...
    > Hi Everyone,
    >
    > I am working on an ASP.net application and I have a homepage to which
    > everyone visits of course and on that front page I have a user ID and
    > password box and a login button.
    >
    > What I don't understand is some sites I visit don't use SSL on the
    > login page. Instead you visit the homepage and there is no padlock.
    > Then you type in your user ID and password and then click login and
    > then it redirects to a secure area.
    >
    > How do you do this and is it secure? If you want an example visit
    > (www.chase.com or www.bankofamerica.com). Both feature logins on the
    > home page but they aren't padlocked when you visit.
    >
    > I am lost, any help would be great!
    >
    Richard Dudley, Nov 28, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,434
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    553
    Daniel Malcolm
    Jan 24, 2005
  3. Replies:
    0
    Views:
    560
  4. Replies:
    8
    Views:
    574
    Adrienne Boswell
    Jan 10, 2007
  5. mark | r
    Replies:
    1
    Views:
    136
    Hannibal
    Oct 7, 2003
Loading...

Share This Page