Solved

Secure data transmission from ASP.NET pages

Posted on 2008-10-19
7
458 Views
Last Modified: 2012-05-05
Hi,

I would like to build a page to capture some sensitive information that shouldnt end up in the hands on wrong people (:-))

I will be also provide login facilities for people entering these info on the page.

How can i secure both the login details and sensitive data

Is there any encryption and stuff available for ASP.Net

Thanks

0
Comment
Question by:justin_smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:Wikkard
ID: 22755069
All you need to do is use SSL on the web server.

This will secure the connection from the user to the server.

After that if you think the security on your server may be an issue you can store the data gathered in an encrypted format.
.net does have excellent support for crytography built in.
0
 
LVL 4

Expert Comment

by:CDirenzi
ID: 22755080
0
 
LVL 8

Accepted Solution

by:
Wikkard earned 500 total points
ID: 22755100
Normally user passwords would be encrypted using a one way hashing function.  You store this encrypted version of the user password in your database, then when a user login occurs you simply hash the input password and compare the result with the hashed password which you have stored. This way the users password is never exposed.

This site has some good info on the .net cryptography namespace which should get you started.
http://www.codeproject.com/KB/security/Cryptography_NET.aspx

If you are using SQL Server 2005 or later you may want to consider using the built in crypto features it can provide on specific columns or tables.
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:justin_smith
ID: 22755205
Thanks everyone....

most of the crypto stuff give me a shield between the web server and the database..

i may be wrong here.. if i use just HTTP the username and password will be cleartext.

When you say SSL, i have to use HTTPS.. is it ok even if dont posses a valid digital certificate?
0
 
LVL 4

Expert Comment

by:CDirenzi
ID: 22755213
Yes you will need to use HTTPS
0
 

Author Comment

by:justin_smith
ID: 22755219
ok.. the security side functionality will still work even if i use HTTPS without a valid certificate
0
 
LVL 8

Assisted Solution

by:Wikkard
Wikkard earned 500 total points
ID: 22755461
Yes it will however the users browser will complain that the certificates aren't valid.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Google Maps with Webforms 1 46
CSS question 16 63
Disable the weekends on datepicker control 6 52
How do I "share" on social sites? 2 40
This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question