I am using forms authentication (built into ASP.Net) and allow users 5 attempts to login with an invalid password. After that they are locked out. How can I programmatically unlock someone?
[Code]....
I'm using the built-in membership in my ASP.NET Web Forms 4 app.
I'm also using the PasswordRecovery control for handling users who have forgotten their passwords. Before I reinvent the wheel, I've decided to post this question.
As one can imagine, in most cases, people give it a few tries before requesting a password change. Of course in the process, they lock out their accounts. The problem is that password recovery does not work for locked out accounts.
How do I first unlock the account if I'm using PasswordRecovery control?
What is the best way when using the ASP login to display to the user that they are locked out?I want the user to know that their account has been locked and action needs to be taken.
View 2 RepliesI am using framework 4.0 and database is in access. I have saved data in database via admin panel. but when i am updating the existing data, it showing an error as below:
"System.Data.OleDb.OleDbException (0x80004005): Could not save; currently locked by another user."
I web application is in asp.net with Access databasesome times my application giving this error message "Could not read the record; currently locked by another user." or "Could not update; currently locked."I am using IDbConnection and IDbTransaction object.
View 2 RepliesI know this looks similar to other questions here but I don't think my case is the same as theirs.
I have a website that uses the AspNetSqlMembershipProvider to validate users. I would like to use the same database from a console application. According to several articles on the web I can use the System.Web.Security.Membership class from outside ASP.NET by copying the appropriate sections from web.config to app.config. That is what I did.
My console appliction can get the user with the requested name and I can confirm that the user is approved and is not locked out but ValidateUser returns false for a correct username and password pair.
I have found articles where people have had trouble with migrating code which may be due to a machine key mismatch but have also found a reference saying that machine key is only used if the passwordFormat property equals encrypted whereas I am using hashed.
Is the issue that the two pieces of code - the website and the console app - are in different assemblies and the assembly name or other property is being used during password hashing? In both cases the application name property is set to /.
Should I continue with this approach or just access the database directly and hash the password myself?
user phoned me and said he received an error when attempting to login stating that his account had been locked. I had to unlock the user account today manually through the user interface. Several hours later I had to do it again. Afterwards, when I looked at the aspnet_Membership table it showed NO failed login attempts. LastLockout date for that particular user was set to min date. FailedPasswardAttemptCount was zero. FailedPasswordAttemptWindowStart was min date. I then proceeded to fail logging with the users account name.
View 3 RepliesURL.... Still there will be need of url in ajax method if i put javascript in site.master.cs . As what i have understood from that mysite.master.cs will be like this :
protected void Page_Load(object sender, EventArgs e) {
try {
if (Session["Prefix"].ToString().Trim() == "sys_admin") {
UserNameMasterLabel.Text = Session["UserName"].ToString().Trim() + " (ADMIN)";
[code]....
And site.master will be like this :
And I have to put next method in DailyLog.aspx page ? like this
System.Web.Services.WebMethod(EnableSession = true)]
public static int RefreshSession() {
HttpContext.Current.Session["Name"] = "BSD";
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/Web.Config");
SessionStateSection section = (SessionStateSection)config.GetSection("system.web/sessionState");
int timeout = (int)section.Timeout.TotalMinutes * 1000 * 60;
return timeout;
}
But I have several pages in my website , by doing the above story will it work for Builder.aspx ? or any other page rather than dailylog.aspx ?
How do you allow the user to reset their password if they have forgotten it and have the new password sent to their email address?
View 2 Repliesi am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
[code]....
after i can copy my file to another folder i realised that if this webapplication is used by multiple users at once, then some users are going to get locked out because each one is trying to copy those files.
so how do i tell the user thats trying to use a file to wait untill the file is available.
StreamWriter WriterTotxt = new StreamWriter("date.txt", false);
DateTime LastAccess = File.GetLastWriteTime("path.dbf");
WriterTotxt.Write(LastAccess);
WriterTotxt.Flush();
WriterTotxt.Close();
string ReadTextFile = File.ReadAllText(txtFile);
DateTime test = Convert.ToDateTime(ReadTextFile);
if (File.GetLastWriteTime(LatestUpdatedTime).CompareTo(test) > 0)
{
File.Copy(Path.Combine(sourcefile, fName), Path.Combine(destinationfile, fName), true);
}
We have a web application with feature for logging in with credientials The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"When user logsout bit turns to "0"indicating user logged out. However this logic is failing in following scenarios Problem scenario:When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out.
View 5 RepliesIs there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
View 1 RepliesI am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
<add name="MySqlMembershipProvider" connectionStringName="SQL2005DB380ConnectionString" applicationName="MyAppName" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Encrypted" enablePasswordReset="true" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
How can I get old password and reset new password.
ser enters email addressafter submit, an email is sent to the user The email will include a link that will take the user to a reset password page.Now, how do I fetch user's ID based on the email address and encrypt it? Then what should link be? Like, what I want is fetch the User ID then encrypt it somehow so that the link doesn't contain the actual ID and that link will take the user to a page that will have textboxes to reset the password. I am just confused how to go about it.Also is this the secure way? To reset a password like this?
View 2 RepliesI am working on roles. Allocated some tasks to Annonumous User and LoggedIn User. What happen, once I login it shows me the correct task for LoggedIn user. But if I restart the application then by default it shows me LoggedIn users tasks. I am testing chrome and I.E.
View 1 RepliesThis is a mix of programming and sysadmin but I decided its more of a programming issue.
Currently working building a password management web application for managing Oracle user accounts (C#).
The scope calls for verification of the users Oracle username and password before they're allowed to set a new password. Without creating a table of users passwords (hashed or otherwise, this is a security risk), how can I verify the old users password?
My current solution is to make an attempt to connect to the database using the username/password specified by the user. Too many attempts at this would lock the user out on the Oracle end, so brute forcing isn't too plausible. Are there other security risks here I am missing or is there a better way of handling this?
We use AD as primary authentication but the AD accounts aren't tied to the Oracle accounts so it's just a preliminary check.
AD Check for proper domain (intranet) User enters Oracle Username/Password Enters old Password, new Password + Confirmation Reset password if correct
I am creating a website for reset the password in one of the application from the back end.
I have created a webpage with only one button called "RESET".
If user click the button, it should check the user have already access the application from the "USER" table. If no access, the message appears "You do not have an access."
If yes, next step whether the user have authenticate. If yes update the encrypted password from new table called "UMRESET" to the application table "USER" password.
Here’s my code to refresh session by showing message:
<script type="text/javascript">
var interval;
var settimeout;
var newTimeout;
$(function() {
[Code] ....
Now i don’t want to show message to user about session expire, it just refresh the session automatically without data loss and without page refresh.
Is there an easy way to reset all the fields in a form. I have around 100 controls in my asp.net form and there is submit and reset buttons.
How do I make all values in the fields null when user hits reset button?
I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 Repliesthe directoryentry object with wrong password locks the user account and not able to log in again.
View 2 RepliesMy issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
I have a web form, and an "add vendor" button. Click the button, a modal dialog pops up (ajax:ModalPopupExtender). User selects one of two radio buttons which shows a data bound asp:View in an update panel - this view is data bound to a single row and must be populated by the user. However I also want to provide a cancel button which should close the modal dialog and reset the bound view.
However what is happening is that the ModalExtender closes, but when the "add vendor" button is presented again, it's still bound to the same data. Do I need to clear my data source? How so I reset the forms/views so that when the 'add vendor' button is clicked again the form is presented as it should be (IE the 2 select options, picking one re-binds the asp:View)?
I've got a Jquery function that I wrote which blacks out the screen after a certain amount of inactivity, creates a pop-up that allows the user to click a button to stay logged in, and logs them out (closing the application window) if they do not respond in time.
The environment is ASP.NET (VB). We don't technically use master pages, but we do have a parent page in which our header, footer and nav reside, and my Jquery code is called from that window, loaded via an IFrame.My problem is that if one is working in a child window, the parent window doesn't recognize that the system is in use, and will automatically engage at the allocated time.I've tried everything under the sun I can think of and nothing works properly. My event handler is working, and it does call the parent window function, but the timer is not being reset.
I have this function in the parent window:
<script language="javascript" type="text/javascript">
function window.reportChildActivity() {
SESSION_ALIVE = true; [code]....