do I make user authentication secure using SSL:
The Secure Sockets Layer or SSL provide clients to server encryption for
all data passed to and from the web server and client.
In order to use SSL you must have a secure certificate from a provider
such as www.verisign.com
you must generate a CSR using the MMC under securtiy, certificates,
new. This will create a CSR or certificate request and ultimatly
verisign will issue a certificate for you to install.
When installed you can establish secure communication using https://
instead of http:// in your site links. This is particularly useful
for logins and passing other sensitive information such as credit card
For some methods such as basic authentication you would need to use SSL
for all traffic since the userid and password are passed with each
request. For others such as cookie you would only need to use SSL
for the login page. Of course, using SSL for your entire site is
rarely feasible and it often makes more sense to use an independent user
database and not expose NT user details.