Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / February 2008

Tip: Looking for answers? Try searching our database.

Forms Authentication,Login&Password is clear text through the netw

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
frank - 03 Feb 2008 04:53 GMT
Hi,

I have a question about asp.net  Forms Authentication:
When User Login from client to web server, the UserName&Password is clear
text or not if we do not use SSL.

Thanks!
Reply to this Message
frank - 03 Feb 2008 05:02 GMT
I guess clear text is used, I am just hope I can prove that from some where.

Does anybody know some resource for the explanation?

Thanks!

> Hi,
>
[quoted text clipped - 3 lines]
>
> Thanks!
Reply to this Message
bruce barker - 03 Feb 2008 05:15 GMT
unless you use ssl, its clear text (just a form field).

-- bruce (sqlwork.com)

> Hi,
>
[quoted text clipped - 3 lines]
>
> Thanks!
Reply to this Message
frank - 03 Feb 2008 05:56 GMT
I appreciate for reply.

Could you please provide some useful resources for better understanding?

Thanks!

> unless you use ssl, its clear text (just a form field).
>
[quoted text clipped - 7 lines]
> >
> > Thanks!
Reply to this Message
frank - 03 Feb 2008 18:08 GMT
between browser to webserver, if the UserName&Password is clear text, what
is the purpose of web.config?

<configuration>
 <system.web>
   <authentication mode="Forms">
     <forms name=".COOKIEDEMO"
            loginUrl="login.aspx"
            protection="All"
            timeout="30"
            path="/">
       <credentials passwordFormat="SHA1" />
     </forms>
   </authentication>
   <authorization>
     <deny users="?" />
   </authorization>
 </system.web>
</configuration>

> I appreciate for reply.
>
[quoted text clipped - 13 lines]
> > >
> > > Thanks!
Reply to this Message
bruce barker - 04 Feb 2008 16:51 GMT
forms authenication uses a cookie or url munging to store the user name in
the browser (else you'd have to answer every page). this is encrypted. only
on the login page is the username/password in clear text.

-- bruce (sqlwork.com)

>  between browser to webserver, if the UserName&Password is clear text, what
> is the purpose of web.config?
[quoted text clipped - 33 lines]
> > > >
> > > > Thanks!
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.