Skip to content Skip to sidebar Skip to footer
Home / Asp.net / Html / Login / Security

Ssl Login In Iframe

Post a Comment
My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or 'you are logged in as'. The last bit don't ha

Solution 1:

Are you using the built-in asp.net login controls or do you just use two textbox controls?

You could use your own form tag (not runat="server") with the action attribute set to "https://..." and just use two html input tags and a button to log on.

Again this wouldn't show the user that there credentials are secure when logging in.

Because of some recently discovered SSL attacks, it is always preferable to also put the logon form on a https:// page. Otherwise a hacked can intercept the http stream and change your form action from "https://..." to "http://..." and then sniff the credentials.

Solution 2:

Another option would be to take advantage of the PostBackUrl property of the Button control.

You would need to create your own login LayoutTemplate to take advantage of this though. You would then be able to add the secure scheme to the current page URL, and set the PostBackUrl property of the submit button to that.

This would have a similar issues to your iFrame solution (the user wouldn't see the padlock symbols), however you would have the advantage that you wouldn't be using iFrames.

Another issue using an iFrame is the affects that they can have on the page:

  • They are a separate request, but can cause a block on the JavaScript PageLoad event firing.
  • The login form would only postback within the iFrame, so you'd need to refresh the parent page when the user is successfully logged in to remove it.
    • Additionally to that, errors would be returned in the iFrame, probably not leaving you much space for displaying the form as well, etc.

Solution 3:

You've hit the major problems. You want the login, which needs to be on every page to use SSL, but you don't want the entire page to be SSL.

This is more of a business decision at this point than anything else. Would you rather your customers feel more secure about visiting your site, or do you want the login information present on every screen?

If you need to have both, you may need to also look at making your entire site SSL.

Post a Comment for "Ssl Login In Iframe"