Click here to Skip to main content
15,886,873 members
Search within:


How to protect password to display in HttpRequest in asp.Net
Please Sign up or sign in to vote.
0.00/5 (No votes)
I am working in a project in which our clients wants to protect the LoginPage password during postback. At first I thought it is due to ViewState, so I added the following config under system.web
XML
<pages enableEventValidation="false" enableViewStateMac="true" viewStateEncryptionMode="Always"  controlRenderingCompatibilityVersion="4.0">


But even then, when I have a look into the HTTP headers, my password is visible very clearly (refer the link below)
http://www.sharexfiles.com/image/2015-02-17_153654.jpg

Is there is anyway we can encrypt the password on the client side while the Login Request?

In our project we use https, even then I can see the password clearly as given in the link. Is there is any way can we protect this password?
Posted
Updated 22-Feb-15 23:52pm
v2
Add a Solution

2 solutions

My advice is: Use SSL[^].

Cheers,
C

(there's a good reason why everyone is doing it...)
 
Share this answer
 
Posted
Updated 23-Feb-15 0:48am
v3
Comments
Kornfeld Eliyahu Peter 23-Feb-15 6:04am    
You better use TLS, me think... (and the link is broken)
Joezer BH 23-Feb-15 6:49am    
fiCSed
Protect against what? Man-in-the middle?
Use HTTPS (preferably with TLS) and only the two ends (client and server) will be able to see the password as plain text...
 
Share this answer
 
Posted
Comments
Prasaad SJ 23-Feb-15 23:10pm    
Hi Kornfield, More like Man in the Middle or any attacker technique. You can have a look at the following links, Before using enableViewStateMac="true" viewStateEncryptionMode="Always" : http://www.sharexfiles.com/image/2015-02-24_113847_0.jpg. After using : http://www.sharexfiles.com/image/2015-02-24_114302.jpg. In the above you could see the Block in Red remains unchanged. My concern is will that be explicit when the request goes from one point to the other and can we secure this password (block in red) in any way?
Kornfeld Eliyahu Peter 24-Feb-15 1:22am    
As I told you already, use HTTPS (and yes Fiddler running on the same machine is like the browser itself - it has nothing to do with the actual encryption...)!!!
All those view-state flags are not for encryption, but to ensure that the origin of the request not faked...
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How can I add wss-passwordtype 'passwordtext' to a httprequest
How can we check any file is password protect or not in C#
Display secure password protected and watermark PDF file in browser without password prompt.
How to Fetch Data from Password Protected Access Database in ASP.Net?
Password Protect Pages in ASP.Net
Password protected folder
how to set password protection in asp.net with c#
Need to display password automatically in password textbox
HttpRequest Vs HttpWebRequest
how to protect a zip file with a password

Advertise
Privacy
Cookies
Terms of Use
Last Updated 23 Feb 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900