ASP.NET Login via SSL doesn't persist when switching to non-SSL | ansaurus

tags:

views:

35

answers:

1

+1 Q:

ASP.NET Login via SSL doesn't persist when switching to non-SSL

I have an application I would like to force SSL on the login page and on the page that the CC is entered on. I would prefer to keep the rest of the application free of SSL.

I have the code working to force SSL on certain pages, and remove SSL on others. The problem I have is that if I log in with SSL enabled the user is only authenticated on the pages that are SSL. The reverse holds true as well, if the user logs in without SSL they are only authenticated on pages without SSL.

What can I do to have this persist between the two. Is this using cookies or the session?

Thanks!

A:

Classically, one would use the session for this.

You can use cookies as well.

In either case, you need to keep in mind that they can be spoofed, so you want to only keep a "logged in" token that you can verify on them.

Oded 2010-04-05 19:47:41

I am using the out of the box membership, do you know if that uses the session or cookies? I have not changed it from the defaults.

divtag 2010-04-05 19:53:19

It uses cookies.

Greg 2010-04-20 21:29:54

related questions

Is it better to create Model classes, or just stick with generic database utility class?

What are effective options for embedding video in an ASP.NET web site?

Visual Studio 2008 debugger already attached work-around

Tracking state using ASP.NET AJAX / ICallbackEventHandler

ASP.NET Display SVN Revision Number

ASP.NET URL Rewriting

How can I change the background of a masterpage from the code behind of a content page?

Easy way to AJAX WebControls

How do I define custom web.config sections with potential child elements and attributes for the properties?

ASP.NET MVC "CRUD" Database Sample

Are Multiple DataContext classes ever appropriate?

How to RedirectToAction in ASP.NET MVC without losing request data

Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?

ASP.NET built in user profile, Vs old stile user class/tables

What's a good book for learning ASP?

Bandwith throttling in IIS 6 by IP Address

ASP .Net Custom Client-Side Validation

How to get the value of built, encoded ViewState?

Decent, simple, GIS/mapping component for ASP.NET?

Checklist for IIS 6/ASP.NET Windows Authentication?

How to write to Web.Config in Medium Trust ?

ASP.NET, Visual Studio and Subversion - how to integrate?

Floating Point Number parsing: Is there a Catch All algorithm?

How do I sync the SVN revision number with my ASP.NET web site?

ASP.NET Site Maps