Client side encryption

[Harry Simpson]

Is there a way in .Net to encrypt a user id and password that comes as an
HTML request from a login page without having to use a third party solution?
In other words, when the user enters the user id and password and submits to
get authenticated I want the id and password to be transferred encrypted to
the server.

Harry

 

[Kevin Spencer]

SSL is the typical way this is done.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Harry Simpson]

Thanks Kevin but i'm looking for a non-SSL solution for intranets.

Harry

 

[mikeb]

Thanks Kevin but i'm looking for a non-SSL solution for intranets.

Can you explain why? SSL will work in intranets just fine. In fact,
since in an intranet you presumeably have control over the clients you
can generally get away with using your own Certificate Authority to
avoid having to pay for your certs.

If you really can't use SSL, you might want to consider using Digest or
NTLM authentication - but then the login paramters are handled by the
browser - not your form.

If you don't use one of these 'pre-made' solutions, I imagine you'd have
to implement your own public key crypto in Javascript. That's not
something I'd want to do - particularly since SSL is already there to do
it, and SSL has been vetted so it has a pretty good chance of not having
any serious weaknesses, which any homegrown script implementation is
almost certain to have.