How to pass text box values like username and password securely from one page to another in ASP.net C#

Question

I'm building a web application in asp.net C#, and what I'm doing is, if user tries to access his/her account with a wrong username and password for 5 times and attempts for 6th time,he/she gets redirected to a Captcha page, where he is asked to enter the captcha text. After the entry of captcha text, if it's true, I'm comparing the username and password passed from login page using usermanager.How can I do this, how to securely pass username and password from one page to another?

Update: Only if the captcha is true, the 6th combination of username and password is validated. I'm working on local host

Answer 1

Your workflow doesn't make much sense to me. If login failed 5 times and you ask for a Captcha, the username/password combination is still invalid, so I don't see why you need to carry that information around at all.

What you really want is to incorporate the Captcha on the login page and only require/show it when a few login attempts have failed from that session/ip/...

Also, the username/password gets encoded in clear text already in the form submission from the browser to the server. Therefore, if you want to protect that information, it's best to use SSL.

Answer 2

You need to use SSL. After 5th failed login you send credentials back from server and store it e.g. in hidden form fields of captcha form. Than you send back POST request with credentials over SSL.

But basically you could just redirect user back to login after capcha was successful.

Answer 3

Things like user and pass should be encrypted if you want to pass them to other pages, so you should create a function to encrypt it and then you could pass them as session variable, or in the url for example.