SSW Foursquare

Do you force SSL on sensitive methods like “Login” or “Register”?

Last updated by Brook Jeynes [SSW] 8 months ago.See history

Any sensitive data that is sent over the wire must be protected using a secure transport such as HTTPS. MVC (version 2, Preview 2 or higher) allows you to specify that HTTPS is required for an action. It’s important that the GET method is secure as well as the POST method to avoid people sending sensitive form data over the wire.

public ActionResult Register()
{
   return View();
}

Figure: Bad example – The Register method isn’t secure

[RequireHttps]
public ActionResult Login()
{
   return View();
}

Figure: Good example – The Login method is protected by HTTPS

We open source. Powered by GitHub