Click here to Skip to main content
14,449,842 members
Rate this:
Please Sign up or sign in to vote.
See more:
Basically I am working on eCommerce portal which has number of users who are going to login daily so,
I want make secure login using asp.net mvc with ajax and jquery,so that user get quick access without server issues
Anyone can give me more suggestions.!

What I have tried:

Recently i using simple login process, i am following not using await and async
Posted
Updated 3-Feb-20 2:50am
Rate this:
Please Sign up or sign in to vote.

Solution 2

The first - and pretty much only - thing to keep in mind is this: security is not for people who do not know what they are doing. What you think of as "secure" may not be in practice, and thanks to GDPR the fines if you get it wrong can be ... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for failing to take appropriate measures.

And the first mistake is to encrypt passwords ... which is completely insecure ...

I would strongly recommend that you start by reading up on authorisation and perhaps consider existing solutions such as OAuth if appropriate instead of a "home grown" solution.
   
Rate this:
Please Sign up or sign in to vote.

Solution 1

If you want to minimise people's access issues then implement a "remember me" so people don't have to log in every time.
   
Comments
Richard Deeming 3-Feb-20 10:30am
   
But make sure to do it properly, and not by following one of the dozens (hundreds?) of low-quality blog posts or YouTube tutorials which teach you the absolute worst and least secure ways to do it. :)

Troy Hunt: How to build (and how not to build) a secure “remember me” feature[^]
F-ES Sitecore 3-Feb-20 11:22am
   
Those cookie issues aren't a problem, I use a script that overrides the f12 button so users can't use the browser dev tools. Every problem has a solution when you attack it from the right direction.
Richard Deeming 3-Feb-20 11:25am
   
🤣
Be careful: some people might not notice the subtle sarcasm in that reply, and assume you're being serious.

"Plz send us magic codez to hide our security blunders NAO; iz urgent!!!1!" :)
Rate this:
Please Sign up or sign in to vote.

Solution 3

We can add OTP verification on login time to verify the user via sending the OTP code to the registered mobile number or on the registered email
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100