Re: Re-write of <form action=https

From: Justin P (reply@toGroup.com.au)
Date: 06/26/02

• Next message: Curia Damiano: "Forms authentication and SmartNavigation"
• Previous message: james: "HOWTO get UserName in Forms base authentication?"
• In reply to: Kevin T. Price: "Re: Re-write of <form action=https"
• Next in thread: Kevin T. Price: "Re: Re-write of <form action=https"
• Reply: Kevin T. Price: "Re: Re-write of <form action=https"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Justin P" <reply@toGroup.com.au>
Date: Wed, 26 Jun 2002 14:33:04 +1000

Got it. OK, then does asp.net assume that "login.aspx" is = "https://....
login.aspx" in web.config, like-

<forms name=".ASPXCOOKIEDEMO" loginUrl="login.aspx" protection="all"
timeout="30" path="/">

Ta,
Justin
p.s. Pl bear with me- why does hotmail.com appear to have a regular url
before you log in??

"Kevin T. Price" <kpckids@cox.net> wrote in message
news:OY9Qh#KHCHA.2212@tkmsftngp12...
> Since in ASP.NET the form will most likely submit to itself, and in good
> practice, the HTTPS page should already be protected versus submitting a
> non-secure page with someone's login information to a secure processing
> page. That defeats the purpose of SSL.
>
>
>
> --
> Kevin T. Price
> Co-Author - .NET Framework Security
> "Justin" <reply@toGroup.com.au> wrote in message
> news:O$IlXjoGCHA.1988@tkmsftngp08...
> > In the login page, how do we tell asp.net to use https in the url when
we
> > login, to ensure that the contents are submitted through SSL? See:
> >
> > <form runat=server>
> >
> > <input type=text name=username runat=server>
> > <input type=password name=password runat=server>
> > ...
> >
> > </form>
> >
> > In my confused post before, I thought you might have to use classic asp.
> > There are some things you can't do with asp.net html server controls I
> > think, like when you want to submit to a different page. For SSL, maybe
> you
> > just use <form action="https://www.mysite.com/login.aspx"> ...
> >
> > Tks
> > J
> >
> >
> >
>
>

• Next message: Curia Damiano: "Forms authentication and SmartNavigation"
• Previous message: james: "HOWTO get UserName in Forms base authentication?"
• In reply to: Kevin T. Price: "Re: Re-write of <form action=https"
• Next in thread: Kevin T. Price: "Re: Re-write of <form action=https"
• Reply: Kevin T. Price: "Re: Re-write of <form action=https"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Re-write of <form action=https ... the HTTPS page should already be protected versus submitting a ... That defeats the purpose of SSL. ... > In the login page, how do we tell asp.net to use https in the url when we> login, to ensure that the contents are submitted through SSL? ... (microsoft.public.dotnet.framework.aspnet.security) Re: SSL php code ... > Sean I am planning on exclusievely using secure pages (ssl) after the user requests to login. ... This will securely redirect to a login ... (comp.lang.php) Re: sendmail with smtp relay authentication ... LOGIN PLAIN')dnl ... the mail log and also attached the auto mail response I got. ... m31N0w2T002913: return to sender: User unknown ... 505 5.0.0 Message is sent with SSL but SSL is not allowed ... (comp.mail.sendmail) RE: Authorize.Net Plain Text Login Transmission ... service provider to find out personally whether or not they are vulnerable. ... Authorize.Net Plain Text Login Transmission ... > function as if you had gone to the correct SSL version of the page. ... (Bugtraq) Re: Google Secure Access ... >> email INCLUDING CLICKING ON THAT LITTLE SSL OPTION. ... Google then SENDS YOUR LOGIN DETAILS IN THE CLEAR TO YOUR ISP. ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint