Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In ASP.NET application, as far as I know the code behind is located in server and not in the browser. So for example I have a login screen and in the code behind, in the login button click, I am encrypting the user credentials before sending to the server. When the user is pressing login button, how the corresponding event is fired and how the user credentials is encrypted before sending to server?
Can anybody please explain me how the flow is?
If you are encrypting the credentials in the code-behind you are encrypting them on the server itself, they have not been encrypted on the client. Whatever you have entered into the form fields in the browser are transmitted as the body of an POST from the client browser to the server.
If you are using the HTTP protocol, then the data you entered is clearly visible on the wire (you can use Fiddler or Wireshark to see this).
You’ll want to use HTTPS which will encrypt the HTTP packet so that the contents can’t be seen as clear text when the data is transferred to the server. Whether or not you want to also explicitly encrypt the data on the server, before storing in a database for instance, is a separate operation and concern.
This document from 4GuysFromRolla is admittedly dated but hits the high points of how your request is processed.