securing ASP.NET forms authentication token on cli

2019-04-11 17:57发布

In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages.

How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

标签： asp.net security forms-authentication

1条回答

叛逆

2楼-- · 2019-04-11 18:16

Session:
Fast, Scalable, and Secure Session State Management for Your Web Applications

Authentication:
How To: Protect Forms Authentication in ASP.NET 2.0

Step 1. Configure

Ensure that your forms authentication tickets are encrypted and integrity checked by setting protection="All" on the element. This is the default setting and you can view this in the Machine.config.comments file.

<forms protection="All" ... />

Step 2. Use SHA1 for HMAC Generation and AES for Encryption

<machineKey 
   validationKey="AutoGenerate,IsolateApps"
   decryptionKey="AutoGenerate,IsolateApps"
   decryption="Auto" 
   validation="SHA1" />

Step 3. Protect Authentication Tickets with SSL

<forms loginUrl="Secure\Login.aspx"
       requireSSL="true" ... />

0人赞添加讨论(0) 举报

securing ASP.NET forms authentication token on cli

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间