FormsAuthentication.Encrypt and SSL

G

Gawel

Hajo,
in book about security in ASP.NET I read that
if I use Form authentication and need to make its
data secure then I need to use SSL for all pages, not only for
e.g. login page. It is interesting because form ticket is encrypted with
FormsAuthentication.Encrypt and it seems that there is no need
for additional ssl usage. Am I right ?

Gawel
 
G

Gawel

One more question, what algorithm is used in
FormsAuthentication.Encrypt() method ?

Gawel
 
J

Joerg Jooss

MCP said:
Yes, It depends on your requirement but Form authentication is most
suitable for intranet applications.

Using SSL is more suitable for internet applications as it provides
more security
Click to expand...

Forms Authentication and SSL are complementary technologies. Why should
Forms Authentication be most suitable for Intranet apps?

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL from squarespace to my EC2 0
Question about cookie protection and FormsAuthentication.Encrypt 5
ASP.NET and SSL question 5
Sharing SSL 5
SSL site administration secure? 0
VWD and SSL 0
SSL and user controls 5
SSL and postback 1

Members online

No members online now.
Total: 22 (members: 0, guests: 22)
Robots: 439

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top