encrypted request from unencrypted page

M

mtanner

I have a aspx page that is not secured via SSL, and the page must
remain unencrypted. However, the page includes a web user control
(ascx) that contains textboxes and submit button for login. The click
event of the submit button is handled in the code behind of the user
control. The problem I have is that the username and password are sent
back to the server as clear text. How can I encrypted (with SSL) the
request/response content of the user control while leaving the rest of
the page unencrypted?

NOTE: I would also like to avoid the IE dialog that warns about secure
and non-secure content on the page.

Thanks,
-MT
 
P

Patrice

Try to change the action to point to an https page (and check as I'm not
sure if it will post securely or if it wiill just get the result securely).
IMO this is not a good practice as the user for example won't see the page
is secured...

As a site note, encryption should be totally transparent . You may want to
explain why not encrypting this page is a requirement.

Finally the warning is AFAIK a client side settings that is user
controlled... (avoiding mixing secure and non secure content would avoid it
else the user will have to disable it).
 
J

Joerg Jooss

mtanner said:
I have a aspx page that is not secured via SSL, and the page must
remain unencrypted. However, the page includes a web user control
(ascx) that contains textboxes and submit button for login. The click
event of the submit button is handled in the code behind of the user
control. The problem I have is that the username and password are
sent back to the server as clear text. How can I encrypted (with
SSL) the request/response content of the user control while leaving
the rest of the page unencrypted?
Click to expand...

Pages and UserControls don't exist at a HTML page level. It's all just
a huge chunk of HTML (text) that's either transferred encrypted or not
in its entirety.

Also, loading a login page via HTTP is inherently insecure, even if it
posts back via HTTPS. How can the user tell that he entered his
credentials on the real login page?
NOTE: I would also like to avoid the IE dialog that warns about secure
and non-secure content on the page.
Click to expand...

Access all resources referenced by the page either by HTTP or HTTPS,
but don't mix them. Only then you can avoid the warning.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem in getting dashboard page from login page in python pycharm using POST command 0
React native post-request is not working 1
HCaptcha - How to stop page from refreshing on submit if captcha is not checked/validated 1
Sending data from web page to Raspberry Pi 0
Page do not work, when adding php code 1
Image shifts to the right when export the page to pdf 4
Help with my responsive home page 2
Jquery not triggering / acting as expected. 0

Members online

Total: 24 (members: 2, guests: 22)
Robots: 394

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top