1

In my dot net MVC application, I have a Login page where user enters username and password. On clicking submit button the username and password are sent in plain text over the wire. Is there a simple way in which I can send encrypted username/passwords from the login form and decrypt then in the controller on server side. OR if there is any simpler way to prevent passwords being sent in plain text? Thanks.

Improve this question

1 Answer 1

Reset to default
2

Just use HTTPS, it's what it is designed for and it will ensure that the username and password won't be sent in clear text over an unencrypted channel.

Also in your web.config you could require SSL for the authentication cookie which will ensure that it will never be transmitted over a non-encrypted channel.

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" requireSSL="true" />
</authentication>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi, Thanks for the answer. I'm new to web technologies so Can you please guide me or provide a link on how to deploy my website so that it is SSL enabled. I'm using dot net mvc4 on IIS7. Thanks
You will need to install an SSL certificate on your web server. Configuring your web server is off-topic for StackOverflow. There are discussions about this on serverfault.com. Or just Google it. Here's the first hit I got: digicert.com/ssl-certificate-installation-microsoft-iis-7.htm

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.