Reputation: 847
Dot net MVC secure Forms Authentication
In my dot net MVC application, I have a Login page where user enters username and password. On clicking submit button the username and password are sent in plain text over the wire. Is there a simple way in which I can send encrypted username/passwords from the login form and decrypt then in the controller on server side. OR if there is any simpler way to prevent passwords being sent in plain text? Thanks.
Upvotes: 1
Views: 517
Answers (1)
Reputation: 1038710
Just use HTTPS, it's what it is designed for and it will ensure that the username and password won't be sent in clear text over an unencrypted channel.
Also in your web.config you could require SSL for the authentication cookie which will ensure that it will never be transmitted over a non-encrypted channel.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" requireSSL="true" />
</authentication>
Upvotes: 2
Related Questions
- ASP.NET MVC application that uses forms authentication
- Form Authentication in MVC
- Forms Authentication & authorization MVC 4
- Form Authentication in mvc4 using c#
- Forms Authentication and Security
- ASP.net 4.5 / Forms Authentication
- Implementing forms authentication in asp.net mvc application
- confused regarding forms authentication in ASP.NET MVC
- .Net Forms Authentication
- How to use form authentication with asp.net mvc?