Creating secure login page

S

sharp2037

Hi Everyone,

I am working on an ASP.net application and I have a homepage to which
everyone visits of course and on that front page I have a user ID and
password box and a login button.

What I don't understand is some sites I visit don't use SSL on the
login page. Instead you visit the homepage and there is no padlock.
Then you type in your user ID and password and then click login and
then it redirects to a secure area.

How do you do this and is it secure? If you want an example visit
(www.chase.com or www.bankofamerica.com). Both feature logins on the
home page but they aren't padlocked when you visit.

I am lost, any help would be great!
 
R

Richard Dudley

The page you're on doesn't have to be padlocked as long as it submits to an
SSL-protected page. I remember an article in the WSJ a few months ago that
banks were changing this because the SSL encryption of the first page (with
the logion box) was eating up too much processing. Their sites work on a
scale much larger than anything I work on does, so I'm usually inclined to
SSL protect the login page as well. Since ASPX pages post back to
themselves, I'm not exactly sure how you'd pull off a secure postback
properly (ASP.NET 2.0 pages can submit to another page, but 1.x can't
without some serious tinkering).

If you view the source of the Bank of America page, you'll find this as part
of the login code:
<form name="frmSignIn"
action="https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller?nosc
ript=true

See the HTTPS now?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top