Forms Authentication and requireSSL, what's the recommended best practice

Ask a Question related to ASP.NET Security, Design and Development.

  1. mikemad #1

    Default Forms Authentication and requireSSL, what's the recommended best practice

    I have an ASP.NET 1.1 Web app and am now implementing SSL. It used
    forms authentication. Everything works fine but I get unexpected(by me)
    behavior when I set the requireSSL in the config file.

    My scenario is, I want to login securely in a secure directory and then
    redirect to the home page of the site. Pretty standard. If they are
    logged in, then display a header bar with a few menu items such as
    "Profile", etc. I am checking the Request.IsAuthenticated and if it is
    true, I show the header bar. Well, IsAuthenticated is false when I'm
    not under the SSL directory so it doesn't display my header bar. What's
    the recommended way of doing this kind of common operation. I could
    just set a Session variable when I login and display the menu if that
    session variable is set. Is there a better way??
    Thanks,

    Mike Maddox
    Creative Journey Consulting

    mikemad Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Accessing htm files without authentication (forms authentication)
      I have application with forms authentication. All works fine. When user opens .aspx file gets login form, login and then get the .aspx page. But...
    2. ASP.Net Forms authentication with basic authentication popup
      Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user...
    3. Authentication in ASP.NET: best practice?
      I'd like to poll for some best practices about ASP.NET application security. Here's what it's about: I wanna develop an ASP.NET web application...
    4. Forms authentication then redirection to a secure web with NT authentication?
      Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've...
    5. Authentication ticket, cookieless, forms authentication?
      Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the...
  2. mikemad #2

    Default Re: Forms Authentication and requireSSL, what's the recommended best practice

    Anyone have any ideas? Since the Auth cookie is only passed when I'm
    under SSL, what about the Session cookie. If I set a value in SESSION
    to signify that I logged in, wouldn't that work? Am Imissing something??

    mikemad Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139