FormsAuthentication.Encrypt and SSL

[Gawel]

Hajo,
in book about security in ASP.NET I read that
if I use Form authentication and need to make its
data secure then I need to use SSL for all pages, not only for
e.g. login page. It is interesting because form ticket is encrypted with
FormsAuthentication.Encrypt and it seems that there is no need
for additional ssl usage. Am I right ?

Gawel

 

[Gawel]

One more question, what algorithm is used in
FormsAuthentication.Encrypt() method ?

Gawel

 

[Joerg Jooss]

Yes, It depends on your requirement but Form authentication is most
suitable for intranet applications.

Using SSL is more suitable for internet applications as it provides
more security

Forms Authentication and SSL are complementary technologies. Why should
Forms Authentication be most suitable for Intranet apps?

Cheers,