Menu
I'm attempting to convert a home-grown login system to the standard asp.net login control included in .net. I want all communication on the website for a user not logged in to be in clear text, but lock everything in SSL once the user logs in - including the transmission of the username and password.
I had this working before by loading a second page - "loginaction.aspx" - with a https: prefix, then pulling out the username and password by looking for the proper textbox controls in Request.Form.Keys. Is there a way to do something similar using the .net login controls? I dont want to have a seperate login page, but rather include this control (within a loginview) on every page on the site.
406
You're not going to be able to do what you're talking about simply, because the postback (which is what the login control uses) is going to be whatever the page's security is (SSL or non-SSL).
Your best bet in this scenario is to use an IFRAME which contains an HTTPS (SSL) page that just contains thelogin control. You might have to redirect to another page after login that lets you jump out of the IFRAME.
Plan B would be to have a separate form on the page (outside your main FORM) which has the ACTION property point to another page where you handle the login. You will have to roll your your own login code to handle the forms authentication.
126
I was able to accomplish this by adding an OnClientClick event to the login button control and set it to the following javascript function.
`
function forceSSLSubmit()
{
var strAction = document.forms[0].action.toString();
if (strAction.toLowerCase().indexOf("http:") == 0) {
strAction = "https" + strAction.substring(4);
document.forms[0].action = strAction;
}
}
`
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
