Form authentication is the most commonly used authentication methods of all in ASP.NET programming. Depending on the Client requirement, as a programmer one might want to consider using the SSL throughout the site or at least on the login page. But overall, this approach is not so secure as it sends the User’s credentials to the server in clear context.
Lack of password policy, passing incorrect internal messages to the browser, using cookies and other insecure means to store the Users’ credentials, etc. are the possible deficiencies with decision of authentication policy in ASP.NET programming.
A web application’s authentication in ASP.NET can be further enhanced with the following:
> Password policy… enforcement of a password policy including strong passwords, password expiration, and possibly locking User accounts after some unsuccessful login attempts.
> Hashing of password… if you manage your authentication store, make sure to hash your all the passwords for the system
> Brute Force Attacks… introduction of a random delay of a few seconds on every login attempt will make the brute force attacks impractical to execute
At SPEC INDIA, our trained team of ASP.NET developers is eager to take care of any custom requirement from our probable Clients and prospects from all over the globe. If you have any requirement or queries, feel free to drop an email at our id lead@spec-india.com, we will be happy to assist you.
Happy ASP.NET programming!
Lack of password policy, passing incorrect internal messages to the browser, using cookies and other insecure means to store the Users’ credentials, etc. are the possible deficiencies with decision of authentication policy in ASP.NET programming.
A web application’s authentication in ASP.NET can be further enhanced with the following:
> Password policy… enforcement of a password policy including strong passwords, password expiration, and possibly locking User accounts after some unsuccessful login attempts.
> Hashing of password… if you manage your authentication store, make sure to hash your all the passwords for the system
> Brute Force Attacks… introduction of a random delay of a few seconds on every login attempt will make the brute force attacks impractical to execute
At SPEC INDIA, our trained team of ASP.NET developers is eager to take care of any custom requirement from our probable Clients and prospects from all over the globe. If you have any requirement or queries, feel free to drop an email at our id lead@spec-india.com, we will be happy to assist you.
Happy ASP.NET programming!
0 comments:
Post a Comment