ASP.Net secure Ajax authentication_问答_开发者

开发者 https://www.devze.com 2023-03-20 20:08 出处：网络

I want to make my ASP.Net site authentication seamless using Ajax call. So I consider using client side authentication se开发者_JS百科rvice of microsoft that should be used via HTTPS because it sends

I want to make my ASP.Net site authentication seamless using Ajax call. So I consider using client side authentication se开发者_JS百科rvice of microsoft that should be used via HTTPS because it sends username and password in plain-text format. And the problem is that I can't use SSL in my site.

So I found a way to hash data before passing to web service that is described here but the problem is there is a salt in DB that should passed to client for creating hashed password (that equals to DB saved password). and this is not safe.

Is there a better way for doing that?

I found a way. We will use RSA for encrypting username ans password. in summery I'll have a web service that creates RSA keypair and save it (this key will be regenerated every day to be more secure).

I will have a textbox or hidden field that calls this service and get the public key. the for encrypt username and password with jCryption library client side and pass this to my authentication service using ajax call.

so the server will decrypt them with private key and the authenticate user.

I found a way.

Check this out: Secure AJAX Authentication without SSL

Just in case you were looking for an ASP.NET version of jCryption for bi-directional communication, which you mentioned you tried, you can find one on GitHub here: jCryptionNET