Home/ Questions/Q 925739
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T19:34:03+00:00

In my website, I am not using any authentication or authorization. I’ve created login

  • 0

In my website, I am not using any authentication or authorization. I’ve created login page to capture the user credentials and check against database. If the user successfully authenticates, it’s storing the user data in session and navigating to other pages.

How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Session:
    Fast, Scalable, and Secure Session State Management for Your Web Applications

    Authentication:
    How To: Protect Forms Authentication in ASP.NET 2.0

     Step 1. Configure

    Ensure that your forms authentication
    tickets are encrypted and integrity
    checked by setting protection=”All” on
    the element. This is the
    default setting and you can view this
    in the Machine.config.comments file.

    <forms protection="All" ... />

     Step 2. Use SHA1 for HMAC Generation and AES for Encryption

    <machineKey 
   validationKey="AutoGenerate,IsolateApps"
   decryptionKey="AutoGenerate,IsolateApps"
   decryption="Auto" 
   validation="SHA1" />

     Step 3. Protect Authentication Tickets with SSL

    <forms loginUrl="Secure\Login.aspx"
       requireSSL="true" ... />
    • 0