Unique Session IDs and password encryption in ASP.Net 2.0

A

anoop

Hello,
I am developing a Website in ASP.Net 2.0 with Login Control as a
Starting page. I have already implemented Membership for login control. Now I
want to know

1. How do I implement unique Session IDs for every login, so as to prevent
Session Replay attack.

2. How do I encrypt the Password so that it travels from Client i.e Browser
to Server in Salted - Hashed format. As Login Control is a Server Control,
how do I implement Encryption at Client Side. If I implement SSL, then also
password can be seen in clear text through the Intercepting proxies such as
PAROS, BURP etc. Please help.

Thank you
 
D

Dominick Baier

Hi,

1) for what? do you want to use sessions - the ASP.NET session state feature
already does that for you. Sessions and Login sessions are two different
things.

2) IIRC you asked this question before. There is no standard way of doing
that. Use SSL - intercepting proxies cannot do an unnoticed man in the middle
attack. SSL is the right way to go here.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session IDs in ASP.Net and Password encryption in ASP.Net 2.0 0
Encryption in ASP.Net 2.0 0
Web.config encryption in shared hosting scenario 3
Web.config Encryption 2
Help! ASP.NET 2.0 Membership ERROR: The password-answer supplied is wrong. 2
clear text password in login control in ASP.Net 2.0 1
Password changing in aspdbnet db 1
ASP.NET 2.0 Membership (aspnet_Membership.passwordAnswer column) 1

Members online

Total: 36 (members: 1, guests: 35)
Robots: 660

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top