开发者

Remember me login - Asp script

开发者 https://www.devze.com 2023-01-19 14:15 出处:网络
hello i have to create a \"remeber me login\" asp script, have read many scripts about this procedure andhave see that many people use to store username and password inside a cookie.

hello i have to create a "remeber me login" asp script, have read many scripts about this procedure and have see that many people use to store username and password inside a cookie. In my opinion 开发者_Go百科it is not secure (safety), some advice


You don't need to store the password. You only need the username and if you make sure that it is properly encrypted it is OK to save it in a cookie. It is important for the user to not be able tamper with the value and if he does the server should detect it. SHA1 for HMAC generation and AES for encryption are commonly used algorithms.


It's best practice NOT to store usernames and passwords in client side cookies. Store some kind of opaque reference instead that matches something in your server side authentication database.

Even better still encrypt this value before storing it in a cookie.


public partial class Login : System.Web.UI.Page
{
    StudentService.Service1Client studentCleint = new StudentService.Service1Client();
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        lbnLogin.Text = studentCleint.login(txtusername.Text, txtPassword.Text);

        if (lbnLogin.Text == "Succesful")
        {
            Response.Redirect("Students.aspx");

        }
        else
        {
            lbnLogin.Text = "failed";
        }
    }
}
0

精彩评论

暂无评论...
验证码 换一张
取 消