Unique Session IDs and password encryption in ASP.Net 2.0

A

anoop

Hello,
I am developing a Website in ASP.Net 2.0 with Login Control as a
Starting page. I have already implemented Membership for login control. Now I
want to know

1. How do I implement unique Session IDs for every login, so as to prevent
Session Replay attack.

2. How do I encrypt the Password so that it travels from Client i.e Browser
to Server in Salted - Hashed format. As Login Control is a Server Control,
how do I implement Encryption at Client Side. If I implement SSL, then also
password can be seen in clear text through the Intercepting proxies such as
PAROS, BURP etc. Please help.

Thank you
 
D

Dominick Baier

Hi,

1) for what? do you want to use sessions - the ASP.NET session state feature
already does that for you. Sessions and Login sessions are two different
things.

2) IIRC you asked this question before. There is no standard way of doing
that. Use SSL - intercepting proxies cannot do an unnoticed man in the middle
attack. SSL is the right way to go here.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top