locked
Securely Transfer User Entered Password RRS feed

  • Question

  • User898346377 posted

    Hi,

     I am new to ASP .Net MVC. I just wondered, how do I encrypt user entered password when he/she logs in into my site? The scenario is as follows:

    1) A registered user visits my side and clicks Log In

    2) Enteres his registered User Name and Password and clicks Log In

    3) Browser sends the above two plain strings (code wise), to the server.

     Here, how do I send the password securely to the server? I am not able to understand how it works in ASP .Net MVC generated HTML files. Can you please help me to understand this?

    Thanks,

    Adengappaa

    Monday, April 7, 2014 8:01 AM

Answers

  • User465171450 posted

    This is where an SSL Certificate on the server is normally used as it encrypts the communication between the browser and the server. This is the mechanism used on the internet to create secure communications. 

    To do it in any other fashion would require you to create an encryption library in javascript so that values can be encrypted before sending them to the server, and then decrypted on the server. This isnt' something that MVC normally bothers with because, again, that's exactly what SSL is for, and anything you do on the client could be decrypted easily because your code would have enough information in it that would provide decent idea on how it is to be decrypted.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 8, 2014 3:29 PM

All replies

  • User-228428399 posted

    Hi,

     I am new to ASP .Net MVC. I just wondered, how do I encrypt user entered password when he/she logs in into my site? The scenario is as follows:

    1) A registered user visits my side and clicks Log In

    2) Enteres his registered User Name and Password and clicks Log In

    3) Browser sends the above two plain strings (code wise), to the server.

     Here, how do I send the password securely to the server? I am not able to understand how it works in ASP .Net MVC generated HTML files. Can you please help me to understand this?

    Thanks,

    Adengappaa

    Hlw Adengappaa,

    You can use Web Security 

    If you start the application in MVC 4 , then it's automatically gave Web Security 

    If you transfer the password to server side, it's known the current user only(not all) So it's does not a problem , and clear all details when the user will signout. 

    Monday, April 7, 2014 8:14 AM
  • User465171450 posted

    This is where an SSL Certificate on the server is normally used as it encrypts the communication between the browser and the server. This is the mechanism used on the internet to create secure communications. 

    To do it in any other fashion would require you to create an encryption library in javascript so that values can be encrypted before sending them to the server, and then decrypted on the server. This isnt' something that MVC normally bothers with because, again, that's exactly what SSL is for, and anything you do on the client could be decrypted easily because your code would have enough information in it that would provide decent idea on how it is to be decrypted.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 8, 2014 3:29 PM