Prevent asp.net forms from submitting certain fields

Question

What is the best way to prevent a standard ASP.NET form from submitting certain fields in the onsubmit event? Specifically, I have a registration page where I first validate the fields (RequiredFieldValidator) and then submit the form. However I would like to only submit the password hash from a hidden field, without the actual plain text password field.

I could override the default onsubmit function to nullify the fields before submitting, but then I won't be able to validate the password. What is the best way to handle the situation?

I am writing in C# on ASP.NET 3.5.

Thank you.

Answer 1

You could keep the plain text inputs outside of the <form> or remove them with javascript right before submitting the form or just ignore those fields on the server when handling the post.

As for hashing the password client-side, check out this answer...

The only (currently practical) way to protect against login interception (packet sniffing) during login is by using a certificate-based encryption scheme (e.g. SSL) or a proven & tested challenge-response scheme (e.g. the Diffie-Hellman-based SRP). Any other method can be easily circumvented by an eavesdropping attacker. On that note: hashing the password client-side (e.g. with Javascript) is useless unless it is combined with one of the above - ie. either securing the line with strong encryption or using a tried-and-tested challenge-response mechanism (if you don't know what that is, just know that it is one of the most difficult to prove, most difficult to design, and most difficult to implement concepts in digital security). Hashing the password is effective against password disclosure, but not against replay attacks, Man-In-The-Middle attacks / hijackings, or brute-force attacks (since we are handing the attacker both username, salt and hashed password).