What should I keep in mind while working on ecommerce login screen.?

Question

0.00/5 (No votes)

See more:

Basically I am working on eCommerce portal which has number of users who are going to login daily so,
I want make secure login using asp.net mvc with ajax and jquery,so that user get quick access without server issues
Anyone can give me more suggestions.!

What I have tried:

Recently i using simple login process, i am following not using await and async

Posted 3-Feb-20 0:43am

Amar P Sutar

Updated 3-Feb-20 1:50am

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2020-02-03T01:50:00

The first - and pretty much only - thing to keep in mind is this: security is not for people who do not know what they are doing. What you think of as "secure" may not be in practice, and thanks to GDPR the fines if you get it wrong can be ... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for failing to take appropriate measures.

And the first mistake is to encrypt passwords ... which is completely insecure ...

I would strongly recommend that you start by reading up on authorisation and perhaps consider existing solutions such as OAuth if appropriate instead of a "home grown" solution.

F-ES Sitecore · Answer 2 · 2020-02-03T00:51:00

Solution 1

If you want to minimise people's access issues then implement a "remember me" so people don't have to log in every time.

Posted 3-Feb-20 0:51am

F-ES Sitecore

Comments

Richard Deeming 3-Feb-20 10:30am

But make sure to do it properly, and not by following one of the dozens (hundreds?) of low-quality blog posts or YouTube tutorials which teach you the absolute worst and least secure ways to do it. :)

Troy Hunt: How to build (and how not to build) a secure “remember me” feature[^]

F-ES Sitecore 3-Feb-20 11:22am

Those cookie issues aren't a problem, I use a script that overrides the f12 button so users can't use the browser dev tools. Every problem has a solution when you attack it from the right direction.

Richard Deeming 3-Feb-20 11:25am

🤣
Be careful: some people might not notice the subtle sarcasm in that reply, and assume you're being serious.

"Plz send us magic codez to hide our security blunders NAO; iz urgent!!!1!" :)

ishan_shah · Answer 3 · 2020-02-11T18:05:00

Solution 3

We can add OTP verification on login time to verify the user via sending the OTP code to the registered mobile number or on the registered email

Posted 11-Feb-20 18:05pm

ishan_shah

Updated 11-Feb-20 19:46pm