asp.net login controls - how secure are they

Question

0.00/5 (No votes)

See more:

I'm needing to allow users that are not part of our domain to log into a web application that will need to be very secure as it will contain some patient data. I will be doing a mixed login, those on our domain will login in through our secure system (ADS authenication), but those that don't have and ADS login will need to login through another system.

I was thinking of using the .net login provided but need to know how secure it is as we will be dealing with patient information. To give a little background, I work for a university in the school of medicine department and our radiologist read at about 5 different hospitals. We are now needing to have some individuals from one of those hospitals log into a new application we are creating.

Any links about the security or any experience would be very helpful.

Thanks,
Carolyn

Posted 14-Nov-11 5:36am

CARisk3

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Not Active · Answer 1 · 2011-11-14T06:02:00

Solution 1

The control itself is neither secure or unsecure. It is the data that is transmitted that you want to be secured. Use https to make sure the connection is secure and the credentials are being transmitted encrypted.

Posted 14-Nov-11 6:02am

Not Active

Comments

deepakdynamite 15-Nov-11 8:30am

Nice one

OriginalGriff · Answer 2 · 2011-11-14T06:03:00

If you want security, then it's not the page controls that should start to worry you - it's the transfer of information between the client and the server that is the biggest risk. Unless you secure this channel (and HTTPS is a good start here) then your data is broadcast in clear across the internet.

I would strongly recommend that you talk to people within your organisation about the best approach here - taking security advice (or worse, code) from a random website such as this is a recipe for insecurity, because you do not know the source of the code, or what any side effects of it may be. This should be a problem your organisation has already met, and developed a strategy to handle.