 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / January 2005Forms Authentication and requireSSL, what's the recommended best practice
I have an ASP.NET 1.1 Web app and am now implementing SSL. It used forms authentication. Everything works fine but I get unexpected(by me) behavior when I set the requireSSL in the config file. My scenario is, I want to login securely in a secure directory and then redirect to the home page of the site. Pretty standard. If they are logged in, then display a header bar with a few menu items such as "Profile", etc. I am checking the Request.IsAuthenticated and if it is true, I show the header bar. Well, IsAuthenticated is false when I'm not under the SSL directory so it doesn't display my header bar. What's the recommended way of doing this kind of common operation. I could just set a Session variable when I login and display the menu if that session variable is set. Is there a better way?? Thanks, Mike Maddox Creative Journey Consulting Anyone have any ideas? Since the Auth cookie is only passed when I'm under SSL, what about the Session cookie. If I set a value in SESSION to signify that I logged in, wouldn't that work? Am Imissing something?? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.