0

In my ASP.NET MVC application Im not using SSL but I need to send password in encrypted form to server. I need some implementation like this:

in C# code : Generate public, private keys send the public key to client(JS code)

in JS code: encrypt the password using the public key

in C# code: decrypt the encrypted password

how to achieve this?

Improve this question
5
  • 2
    This looks like a perfect opportunity for Man-in-the-middle attack. Commented Apr 22, 2014 at 8:34
  • 2
    I can highly recommend NOT making this all yourself. Using an SSL certificate definitely is the way to go and by creating it yourself you'll only create more possible errors. The certificates don't cost that much these days anyway. If you're interested in it I would refer you to this question: stackoverflow - Simple string encryption in .NET and Javascript Commented Apr 22, 2014 at 8:37
  • MD5 or SHA encryption with a salt (maybe the public key used as salt) is pretty universal and should allow you to encrypt with JavaScript before sending the password to the server-side code. You wouldn't need to decrypt since you should be storing encrypted passwords anyway. So comparing the received encrypted password and comparing it to the username & password stored on your side, should get you what you want without having to resort to SSL. Commented Apr 22, 2014 at 8:43
  • I need to decrypt. I validate network login as well as DB users. Commented Apr 22, 2014 at 8:47
  • This question stackoverflow.com/questions/19418021/… provides partial answer to my question. Partial because the problem reported in the question does not seem to have been solved Commented Apr 22, 2014 at 10:39
Related questions
1
Decrypting data with javascript - ASP.NET website
2
How to Decrypt using Javascript
2
Simple algorithm for encrypting with Javascript and decrypting with C#
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.