在SSL的iFrame登录 [英] SSL Login in iFrame
问题描述
我的UI原型需要我展示网站登录信息的所有时间。要么我应该表现出平时的用户名和密码文本框或者你是在记录为。最后位不必是安全的,因为它是对用户唯一信息,什么都没有,我将使用服务器端。但是,第一部分应该发送安全服务器。
My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or "you are logged in as". The last bit don't have to be secure, as it's only info to the user, nothing I will use server side. But the first part should send secure to the server.
看来,我将不得不使用https该网站上的所有网页即可。我想只使用SSL所需要的是安全的事情。
It seems that I would have to use https for all pages on the site then. I would like to only use ssl for the things that are required to be secure.
一种方法是把登录信息到的https://../login.aspx 并表演它在我的炫魅作为一个IFrame。
One way is putting the login information into a https://../login.aspx and show it on my mainpage as an IFrame.
一个缺点,我可以看到的是,用户不会知道HTTPS正在被使用,除非它们读取源$ C $ c中的IFRAME SRC。
One disadvantage I can see is that the user won't know that https is being used, unless they read the IFrame src in the source code.
你怎么想的?
推荐答案
您使用内置asp.net登录控件或者你只是使用两个文本框控件?
Are you using the built-in asp.net login controls or do you just use two textbox controls?
您可以使用自己的表单标签设置为https:// ...action属性(不=服务器)。而只使用两个HTML input标签和一个按钮来登录
You could use your own form tag (not runat="server") with the action attribute set to "https://..." and just use two html input tags and a button to log on.
同样,这将不会显示有凭据登录时是安全的用户。
Again this wouldn't show the user that there credentials are secure when logging in.
由于一些最近发现的SSL攻击,它总是preferable也将登录表单上一个https://开头的页面。否则,黑客可以拦截HTTP流,并从https://开头...改变你的形式采取行动的http:// ...,然后嗅探的凭据。
Because of some recently discovered SSL attacks, it is always preferable to also put the logon form on a https:// page. Otherwise a hacked can intercept the http stream and change your form action from "https://..." to "http://..." and then sniff the credentials.
这篇关于在SSL的iFrame登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
