How To Redirect The User To Password Recovery Page With Forms Authentication
Nov 29, 2010
I am a beginner of asp.net..I currently have a login page with forgot password link button on the bottom of the screen. I am also using forms authentication to prevent an unauthorized user from accessing the other pages. The authentication seems to be working fine except for one thing. It prevents the user from accessing the password recovery page once the user click on the link button. How do I allow all users access to the login/password pages and also prevent them from viewing the other pages if they are not authenticated?The code below is to prevent from other anonymous view other pages without access. But i got no idea on how to allow them to access password recovery page...
<authentication mode="Forms">
<forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?"/>
</authorization>
A question has been raised concerning password recovery revealing valid user ids. Stage 1 of the password recovery asks for a userid and when progressing to stage 2 will display an error message 'Invalid user id'. In theory this would allow valid user id'sto be identified.Is there a setting we are missing? Something that would allow the user id and question to be asked, then a message saying the 'User/Question combination is invalid'.
I have the authentication which will redirect the unregister user to Login.aspx. At the bottom of the page,there are a link button will redirect the user to forgotPassword.aspx With having the authentication, i discover it don't allow the unregister user to go forgotPassword.aspx but staying in the same page. so some expert have shown me this code..
can provide me the code in web.config here?
some expert have provided me the code..but i find no where to locate this code in web.config, none of them tell me where to locate it..click this link.
Doing password recovery, after a user enters their user name a verification page appears. The page seems to appear from out of nowhere as I did not create it.I would like to have controll over it and reformat it.PS: I have a number of small issues like this with Login. Is there a complete running sample somewhere that shows these things. C# code
once user answers security question and clicks submit that you can then re direct them to a new page and display their password on screen? rather than send an email?
I'm using vs2008, asp.net3.5, c#. In the Password Recovery control, there is only user name at the UsernameTemplate. How can I , or can I, add an additional field for user to also enter their SSN? How do I verify this myself if Password Recovery cannot do the verification for me. I mean, where, like when the submit button is click? And then how do I cancel the submit for PR if tax id is not valid?
I have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.
This is my code:-
[Code]....
This code always returns the result of "Invalid User Credentials", so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something..
But this does not work..
You can see what i mean here:-
[URL]
If you select "What street did you grow up in?" from the dropdown and then put in "deeplish" in the security answer, the result should be "**EXISTS".
I'm using the ASP.NET Membership provider and using the Password Recovery control to reset the user password if they forget it. On the whole it all works fine, but with one catch when it comes to validation.
I have expanded the PasswordRecovery control out to use the template feature to customise the appearance, which is all fine. I have set the user lookup error handler using:
in the opening tag and if I load up the page, type in some junk name and click submit this fires as expected, in all browsers. The snippet of VB code makes an error div visible and sets some text.
However, if upon loading the page for the first time I type a duff name into the username box and hit the enter key to submit the form, in Internet Explorer (version 8), the UserLookupError event fails to trigger. It triggers just fine in Chrome or Firefox, just not in IE. I know it's not a focus issue on the form, as I can see the form is being submitted.
If I click the submit button first, then following that hit the enter key it does fire, it's just that first time it doesn't, and only in IE.Also to add that if I set breakpoints in the VB code to check to see if the page is being submitted, I can see the Page_Load event fire when I hit the enter key, but not the sub PasswordRecovery1_UserLookupError. It looks like a bug in IE (no really???), but I need to nail it down.
3) After all this, when the test user enters the correct answer to the security question, nothing happens. I don't even receive the SuccessTemplate message--much less the test email with the password.
Is the problem that the correct answer to the security question is somehow not really being registered? Is the problem server-related? What I could I be doing wrong?
I am using password recovery control to recover the forget password and it throws me an error message at smtp.send(mm) step in aspx.cs fileHere is the error message i received "SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1. Authentication required"
The error that I keep recieving is:The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. 35sm26203922ibs.22
I don't want to reinvent the wheel with the password recovery control but I do want to customize the email message sent to the user. I have the following code but when I use this, I'm getting an error that states that the system is not configured to retrieve passwords.
I think this is due to the fact that out-of-the-box, the membership system is not configured retrieve password due to password encryption. Then how do I customize "ONLY" the email sent -- with the tem password -- without getting into complete customization of the password recovery control?
I doing sign up page now. Inside my sign up page, i also have forgot password table. Now the problem is, can i display my <successTemplate> out of <passwordrecovery>? Because i tried to display normal successful label failed.
I am using Password Recovery Control and cannot get this to work.
Here is the settings I have. I tried ports like 25, 587, 254,
[Code]....
I get errors like
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
OR sometimes...
An existing connection was forcibly closed by the remote host
How do I set up an automatic password recovery feature? (This is an internet application using forms authentication.)
I am trying to set up the common senario where when a user who has forgotten his password, clicks a button to request I send him a new password. I then open his browser's default email client (that is no problem, that part I already have coded and it is working fine.) The user then clicks a button to send me his email. Now comes the problem. How do I detect that he has done that?
Am I approaching this problem correctly? Should I be requiring the user to send me an email in order to have his password reset? Or should I just have him fill in textboxes giving me his username & password? Wouldn't this allow a malicious user to abuse the system?
I have an application that uses ASP.NET Forms Authentication. For the most part, it's working great, but I'm trying to add support for a simple API via an .ashx file. I want the ashx file to have optional authentication (i.e. if you don't supply an Authentication header, then it just works anonymously). But, depending on what you do, I want to require authentication under certain conditions.
I thought it would be a simple matter of responding with status code 401 if the required authentication was not supplied, but it seems like the Forms Authentcation module is intercepting that and responding with a redirect to the login page instead. What I mean is, if my ProcessRequest method looks like this:
[code]....
Then instead of getting a 401 error code on the client, like I expect, I'm actually getting a 302 redirect to the login page.
For nornal HTTP traffic, I can see how that would be useful, but for my API page, I want the 401 to go through unmodified so that the client-side caller can respond to it programmatically instead.
