We are about to start letting CONTACTS come into a public facing website to see reports about PARTICIPANTS they are associated with.
These CONTACTS will have limited access once within the system.
We are going to allow CONTACTS access by loading the EMAIL address they have into a USER table - where the password will be stored - simple so far.
What is common practice for telling a person the PW you have setup for them? Is that PW always a "pre-expired" PW? I wasn't planning on letting the contacts change PW's - but I guess if that is required to be nearly best practice I'll have to.
When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
I need to look for an example of a web application, preferably ASP.NET but any otherweb language will do, that lets Mac and Windows users change their AD password.
Any technique, application, or source code will be great.
P.S: our Macs are not connected to AD and we also have Windows users.
I am writing a simple plugin for IE. I need to store a password and username setting for the user who uses the plugin. I know that I can store the username/password in the registry, I can manually encrypt it using the encription classes with .NET, or I can store it in a config file and encrypt the config file. I was wondering if there is a specific pattern/mechanism that I should use to store password and username.
I'm using the built-in membership in my ASP.NET Web Forms 4 app.
I'm also using the PasswordRecovery control for handling users who have forgotten their passwords. Before I reinvent the wheel, I've decided to post this question.
As one can imagine, in most cases, people give it a few tries before requesting a password change. Of course in the process, they lock out their accounts. The problem is that password recovery does not work for locked out accounts.
How do I first unlock the account if I'm using PasswordRecovery control?
I cannot send email to the the users when they forget their password ( I am using .NET's Forgot password wizard), and I am using the below code in the web.config file. My hosting provider is Go Daddy and it is a shared hoting.
[code]...
I can email the password in my local machine by using the forgot password wizard, but after I have uploaded all the files in Go Daddy, it does not work. That means, I am wrong somewhere at above mentioned code.
I've a code to persist information in cookies about users like UserName and password.
Question is:
Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash string would be too long for it.
I have login page and i have 2 text box and 2 button
1-btnlogin 2-btnforget
When users forget their password they click on btnforget and they go to pass.aspx page in this page they enter their email address and click on send button ...
I want when users click on send button automatically send me an email with their username and email address that they type in textbox ...
I need to look for an example of a web application, preferably ASP.NET but any otherweb language will do, that lets Mac and Windows users change their AD password.
Any technique, application, or source code will be great.
our Macs are not connected to AD and we also have Windows users.
I'd like to use the ASP.NET membership provider in the following (low-security) scenario...
My company will create and administer user accounts on behalf of our clients. These accounts will likely be shared amongst several people in the client company (is that a problem?).
There will be 2 types of users (2 roles): client and administrator. Administrators are the people within my company that will have special privileges to create client user accounts, etc.
Clients will not be able to self-register. They also won't get to choose their own password, and they should not be able to change their password either, since that will just create confusion where several people are sharing the same account.
My internal users (admins) will set the password for each client. Here's the bit I'm struggling with: if a client phones up and asks to be reminded of their password, how can my admin users find out what the password is? Can I configure the provider to store the password in clear text (or other recoverable form), and if so can I get at the password through the .NET API?
As I said at the outset, this is a low-security application, and so I plan simply to show the password in the (internal) web page where I have a list of all users.
Is it possible to allow users to login with Email, UserName, Phone or Password. but landing page should only select record by UserNme
LOGIN
protected void OnAuthenticate(object sender, AuthenticateEventArgs e) { string constr = ConfigurationManager.ConnectionStrings["con"].ConnectionString; int UserID; using (SqlConnection con = new SqlConnection(constr)) { using (SqlCommand cmd = new SqlCommand("Validat_UserTable"))
I have an asp.net website that requires users to login using their Active Directory credentials. All users of the website have AD accounts. Some of the users are at remote locations and share a common computer login (I know this is not recommended but it is what it is, I have no say in that). Every so often a user will log into my website and click the Remember Passwod box which causes the next person that comes along to not be prompted to log in. All users are on IE 7. I have tried having them go into tools and deleting the cookies, saved passwords, etc but when they go to my website they are still not being prompted to log in. I have recently migrated to IIS 7 and I understand there is a way to have the user enter the site through a custom form but I have not gotten that far yet. How can I make sure the users password is removed from IE?
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:
I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.Is there a way to store users but disable password storage on the aspnet_membership table?
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
URL....I use this one as my login, and I addes hyperlink for Forgot Password. But why I can't access the FORGOT PASSWORD.aspx for every time I click it. And when I login it redirects t Forgot Password.How I can access it without logging in?
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
I am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case)Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)?
