M
mail747097
I have created a website that uses forms authentication
<authentication mode="Forms"/>. I have traced the response sent from
the web browser after the user has entered a password and pressed
Login. The password is then sent in clear text. Is the only way not to
have the users password in clear text to load the login page with
HTTPS or is there some other way? Does this mean that forms
authentication is not more secure than Basic authentication done by
IIS?
<authentication mode="Forms"/>. I have traced the response sent from
the web browser after the user has entered a password and pressed
Login. The password is then sent in clear text. Is the only way not to
have the users password in clear text to load the login page with
HTTPS or is there some other way? Does this mean that forms
authentication is not more secure than Basic authentication done by
IIS?