asp.net forms authentification security issues

Posted by Andrew Florko on Stack Overflow See other posts from Stack Overflow or by Andrew Florko
Published on 2010-05-05T20:51:09Z Indexed on 2010/05/05 20:58 UTC
Read the original article Hit count: 205

Filed under:

ASP.NET

|

forms-authentication

|

security

Hi there,

I have a kind of asp.net forms authentication with the code like that:

FormsAuthentication.SetAuthCookie(account.Id.ToString(), true);
HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null);

What kind of additional efforts shall I take to make authentication cookie (that is user id) more securable? (https, encoding for example)

Thank you in advance!

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about forms-authentication

Single Sign On with Forms Authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to set up Single sign on for 2 websites that reside on the same domain e.g. http://mydomain (top level site that contains a forms-auth login page) http://mydomain/admin (seperately developed website residing in a Virtual Application within the parent website) Have read a few articles… >>> More
Hitting a ADO.NET Data Services from WPF client, forms authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hey all! There are a number of questiosn on StackOverflow that ALMOST hit this topic head on, but they are either for other technologies, reference obsolets information or don;t supply an answer that I can suss out. So pardon the almost duplication :) I have a working ADO.NET Data Service, and a… >>> More
Forms authentication ignored in virtual application

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an admin site swet up as a virtual applcation inside of another website. I would like visitors to the sub directory (the virtual application) to be promtped for credentials using the same Forms autheentication set up on the main parent site Have tried all sorts of things but can't get it… >>> More
Create non-persistent cookie with FormsAuthenticationTicket

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello! I'm having trouble creating a non-persistent cookie using the FormsAuthenticationTicket. I want to store userdata in the ticket, so i can't use FormsAuthentication.SetAuthCookie() or FormsAuthentication.GetAuthCookie() methods. Because of this I need to create the FormsAuthenticationTicket… >>> More
Forms Authentication logs out very quickly , locally works fine !!!

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello to all, There's a problem that i am facing with my hosting company, I use a project that uses FormsAuthentication and the problem is that though it successfully logs in, it logs out VERY QUICKLY, and i don't know what could be the cause of that, so in my web.config file i added those lines: <authentication… >>> More