Skip to content
  • Contact Me
  • About
  • Articles
  • Contact Me
  • Develop Secure

ASP.NET MVC Security

Learn about secure ASP.NET MVC sites

Written by JCJune 23, 2016

Serve Login Page using HTTPS

Login page should be served using HTTPS\SSL. Note this is the serving of the login page not just the post back once user details are entered. Otherwise it is possible for someone to tamper with the page contents and you may find your users posting their details to a different site and stolen.

Many people think of HTTPS\SSL as a technology that encrypts data. The aspects it provides are
1) It ensures the data was received from the correct Server in the first place
2) It ensures the data was not altered
3) Finally it encrypts the data so it cannot be read on the wire

Many people regard 1 + 2 as the main benefits.

Consideration should be given to whether all content should be over HTTPS\SSL as the cost of doing so is minimal (HTTPS requires a little more processing power usually considered to be 1%). In order to set your cookie secure flag https will be required for all authenticated content anyway.

HSTS headers can be used to further encourage all content over HTTPS.

Advertisement

Share this:

  • Twitter
  • Facebook

Like this:

Like Loading...

Related

Posted in Configuration, Deployment.Tagged asp.net, https, Login, mvc, security, SSl.

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Recent Posts

  • Secret Questions and Answer Design
  • Securing Password Change Top 10, well 13
  • Salt and hash your passwords
  • Security Stamping
  • Serve Login Page using HTTPS

Recent Comments

CRSF (ASP.NET MVC):… on CSRF – Cross Site Reques…
CRSF (ASP.NET MVC):… on CSRF – AntiForgeryToken…
WeakBroken Authentic… on CSRF – Cross Site Reques…
WeakBroken Authentic… on RequireSSL – Marking Coo…
WeakBroken Authentic… on Mark Cookies as HTTPONLY

Archives

  • July 2016
  • June 2016
  • March 2016
  • February 2016
  • January 2016

Categories

  • Configuration
  • Deployment
  • Development
  • General
  • Uncategorized

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

Post navigation

Previous Post XSS – Validating User Input
Next Post Security Stamping
Create a free website or blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • ASP.NET MVC Security
    • Already have a WordPress.com account? Log in now.
    • ASP.NET MVC Security
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: