0
I am creating an application using MVC. On the server side, I am using c#/Asp.net MVC, on the client side I am using html/angular.
On the server I have a method called Authenticate, which receives the email and password, to search the base and check if the user is registered, works perfectly.
On the client side I have this method that calls the server authentication method, I pass the email and password:
$scope.pessoa = {};
$scope.getPessoa = function (pemai, psenha) {
var url = "http://localhost:23714/Pessoa/getBydesc?json=" + pemai;
$http.get(url, pemai)
.success(function (data) {
$scope.pessoa = data;
})
.error(function (error) {
alert("Erro");
});
};
My question is, how to pass this encrypted password? what is the most appropriate and secure way to handle the password in my scenario?
A MVC tip is not a technology but a way to "organize the project". About the password I think the only one that would be exposed would be who tries to authenticate and if the machine or network is "contaminated", but this does not expose other users. Although SSL might help, I won’t answer yet because I don’t know if it’s the best way. What I found strange is that you are only sending the email (login) but not sending the password.
– Guilherme Nascimento
put the outdated code there, in my current code the password will also.
– alessandre martins
It doesn’t do much good to send the password in an "encrypted" way because it would be like sending a normal password, you know? " Anyone" can capture the encrypted way and send so even though it will authenticate, perhaps the best would be SSL and a pre-session with token. But it is very wide talk, I have no knowledge of C# with web to provide an example of how to generate the token.
– Guilherme Nascimento