I have a simple asp.net web-form which also has login section. When login form is submitted does asp.net web-form encrypt data before sending it over HTTP.
I have this doubt due to netspark website scan.
I have same application in MVC and as well as asp.net web form also.
When i run netspark community edition
on both application with similar login form then i only get Vulnerability warning as Password Transmitted over HTTP
only for MVC based application but not asp.net webform based application.
No, HTTP does not encrypt form data. ASP.NET just uses the HTTP protocol, and is no better than that.
What you should use is HTTPS, the secure variant of the HTTP protocol, which relies on certificates in order to encrypt the data between server and client so it is less likely you become victim of a man-in-the-middle attack.
I guess there is a different configuration (HTTP vs. HTTPS) on both applications, which may explain the issue.