Re: ASP.NET and SSL question
- From: "Naraendirakumar R.R." <nospam@xxxxxxxxxx>
- Date: Wed, 9 Jan 2008 10:46:22 -0800
From my experience the user still remains authenticated as long as the formsauthentication cookie is not marked as a secure cookie. Best I can
remember the forms authentication cookie is not marked as secure by default.
"Eliyahu Goldin" <REMOVEALLCAPITALSeEgGoldDinN@xxxxxxxxxxxx> wrote in
message news:OPzAaZqUIHA.4532@xxxxxxxxxxxxxxxxxxxxxxx
My understanding is that the scope of using SSL is one http request. So if
you navigate from the home page to other pages with https://..., you will
use SSL. If you do with http, you won't.
I am not sure though if you will remain in the same application as you
switch from http to https. Give it a try and see if the user remains
authenticated.
--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"Steve S" <steven.stewart@xxxxxxxxxxxxx> wrote in message
news:9D1D406B-6731-4908-9B55-1758BD956487@xxxxxxxxxxxxxxxx
Hi,
I have an ASP.NET 2.0 application with an ASP.NET login control in the
master page. The user can only access the home page without logging in,
all the other pages require authentication. Once the user has logged in
the login control is hidden.
To secure the users name and password does this mean my entire web site
should use SSL or can I get away with just using SSL on the home page
where they login?
Please feel free to ask for more information.
Thanks
Steve
.
- References:
- Re: ASP.NET and SSL question
- From: Eliyahu Goldin
- Re: ASP.NET and SSL question
- Prev by Date: Re: no /bin folder and no binaries?
- Next by Date: How do you actually display the GridView SelectedIndex?
- Previous by thread: Re: ASP.NET and SSL question
- Next by thread: Re: ASP.NET and SSL question
- Index(es):
Loading
