February 8, 2019 08:27 by
Peter
Today I am here to explain cookies in ASP.Net. You have seen “Remember Me” in every login portal or website. I will tell you how it works in this demo.
Cookies
It is a small text file stored in a client local machine or in the memory of a client browser session. It is used to state management. We can store a small piece of information in this file. It stores information in a plain text file.
How It Works
When the client sends a request to the server then the server sends response cookies with a session Id. If the cookies are saved the first time then the cookies are used for subsequent requests.
I am giving you a small demonstration. In this demonstration I will show you how to use use cookies and what “Remember Me” is.
When the user logs in with “Remember Me” selected then cookies play an important role. If Remember Me is selected then cookies will be created with the userid and an encrypted word. Cookies are easily readable for every user in the local machine. That’s why I use md5 to encryt my word for cookies.
Check cookies on Page_Load:
HttpCookie _objCookie = Request.Cookies["Test"];
if (_objCookie != null)
{
bool bCheck = IsValidAuthCookie(_objCookie, "encrypt");
if (bCheck)
{
Response.Redirect("WelcomePage.aspx?User=" + Convert.ToString(_objCookie.Value.ToString().Split('|')[0]) + "");
}
}
I check cookies on the login page load every time. If cookies exist then I redirect the welcome.aspx directly.
LoginButton_Click
bool IsLogin = IsValidLogin(txtUserId.Text.Trim(), txtword.Text.Trim());
if (IsLogin)
{
if (chkRememberMe.Checked)
{
CreateAuthCookie(txtUserId.Text.Trim(), txtword.Text.Trim(), "encrypt");
}
Response.Redirect("WelcomePage.aspx?User=" + txtUserId.Text.Trim() + "");
}
If “Remember me” is checked then I create cookies with User Id and encrypted word.
Suppose you login with “Remember me” checked and close the application without LogOut. Now when you open again your login page it will redirect you to the welcome.aspx page automatically. And if you logout the application then your cookies will be removed. You will see this scenario on Gmail.com, Facebook.com and so on.
Create Hash word with Md5 encryption as in the following:
public string CreateHash(string word, string salt)
{
// Get a byte array containing the combined word + salt.
string authDetails = word + salt;
byte[] authBytes = System.Text.Encoding.ASCII.GetBytes(authDetails);
// Use MD5 to compute the hash of the byte array, and return the hash as
// a Base64-encoded string.
var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] hashedBytes = md5.ComputeHash(authBytes);
string hash = Convert.ToBase64String(hashedBytes);
return hash;
}
Advantages
Cookies do not require any server resources since they are stored on the client.
Cookies are easy to implement.
Disadvantages
Cookies can be disabled on user browsers
Cookies are transmitted for each HTTP request/response causing overhead on bandwidth
No security for sensitive data.
HostForLIFE.eu ASP.NET Core 2.2.1 Hosting
European best, cheap and reliable ASP.NET hosting with instant activation. HostForLIFE.eu is #1 Recommended Windows and ASP.NET hosting in European Continent. With 99.99% Uptime Guaranteed of Relibility, Stability and Performace. HostForLIFE.eu security team is constantly monitoring the entire network for unusual behaviour. We deliver hosting solution including Shared hosting, Cloud hosting, Reseller hosting, Dedicated Servers, and IT as Service for companies of all size.
January 15, 2019 10:10 by
Peter
Many people are using these terms interchangeably. But the correct term is TLS. Well, let us understand what this TLS is and why we really need it.
Most of us are already aware that HTTP is a plain text protocol which doesn’t have its own transport security mechanisms. In other words, HTTP is a protocol which sends the data to a server and gets a response without any built-in feature or mechanism to protect the data packet against tampering.
To protect our packet which is traveling through HTTP, some sort of secure tunneling is required and that secure tunneling is provided by a protocol called TLS, a.k.a., SSL. Here, HTTP and TLS come together.
Usually, people associate SSL/TLS with encryption, but that is not the only feature SSL provides. There are a few more features, such as -
- Server Authentication – It makes sure that the communication with the right server is made.
- Veracity Protection – It promotes integrity and makes sure that no one in between is reading our data.
- Confidentiality – It makes sure that no one should know what data is being transmitted.
Associating the above features with HTTP makes HTTPS more reliable and authentic. Now, the question arises -- how to achieve this or how to implement this SSL. Wait for my next blog to learn more about SSL certificates.
HostForLIFE.eu ASP.NET Core 2.2.1 Hosting
European best, cheap and reliable ASP.NET hosting with instant activation. HostForLIFE.eu is #1 Recommended Windows and ASP.NET hosting in European Continent. With 99.99% Uptime Guaranteed of Relibility, Stability and Performace. HostForLIFE.eu security team is constantly monitoring the entire network for unusual behaviour. We deliver hosting solution including Shared hosting, Cloud hosting, Reseller hosting, Dedicated Servers, and IT as Service for companies of all size.