Home
Do you force SSL on sensitive methods like “Login” or “Register”?
  v1.0 Posted at 8/03/2013 5:23 AM by Tiago Araujo

Any sensitive data that is sent over the wire must be protected using a secure transport such as HTTPS. MVC (version 2, Preview 2 or higher) allows you to specify that HTTPS is required for an action. It’s important that the GET method is secure as well as the POST method to avoid people sending sensitive form data over the wire.

public ActionResult Register()
{
   return View();
}
Figure: Bad Example – The Register method isn’t secure
[RequireHttps]
public ActionResult Login()
{
   return View();
}
Figure: Good Example – The Login method is protected by HTTPS

Related rules

    Do you feel this rule needs an update?

    If you want to be notified when this rule is updated, please enter your email address:

    Comments: