Make PasswordRecovery Control Work With Locked Out Users?

Apr 12, 2010

Example scenario in an ASP.NET application using SQL Server membership provider :

1) a user can't remember their exact password, and tries many times in a short space of time to login with an invalid password (say 5 times in a 10 minute window). This locks out the user (i.e. sets the IsLockedOut flag of the aspnet_Membership table to 1).

2) user goes to the "forgot my password" screen to try to get a new password emailed to them. This screen uses the PasswordRecovery control. User enters their correct user id, but then cannot go further in the password recovery process, since the IsLockedOut flag is 1. (They don't even get to see their security question).

3) The user would then have to phone tech support to get themselves unlocked etc.

To reduce the burden on support staff, we are trying to reduce the times step 3 is required, by making the PasswordRecovery control (if possible), work with locked out users. i.e. when they enter their login ID, the security question comes up, and IF they enter the correct answer, the system will unlock the user, and email the new temporary password to them. I'm wondering if it is possible to tweak the PasswordRecovery control to do this.

View 1 Replies


Similar Messages:

Count Number Of Users Locked Out / Approved?

Aug 1, 2010

I have got the total number of registered user's and the total number of users online working without any problems after a search on here.

[Code]....

but I would like to expand this a little. Can any one tell me how I would display the total number of users who are approved and the total number who are locked out.

View 5 Replies

Security :: Password Reset For Locked Out Users?

Feb 21, 2011

I'm using the built-in membership in my ASP.NET Web Forms 4 app.

I'm also using the PasswordRecovery control for handling users who have forgotten their passwords. Before I reinvent the wheel, I've decided to post this question.

As one can imagine, in most cases, people give it a few tries before requesting a password change. Of course in the process, they lock out their accounts. The problem is that password recovery does not work for locked out accounts.

How do I first unlock the account if I'm using PasswordRecovery control?

View 4 Replies

AJAX :: NumericUpDownExtender / Can't Make This Control Work?

Feb 25, 2010

I can't make this control work, the code i'm using to test it is:

[Code]....

But what I get when I run it is:

So the buttons are not showing, I could add them manually but then a postback would occour on everyclick.

View 6 Replies

Make Updownnumericextender User Control To Work Like Autocomplete One?

May 11, 2010

I have a user control which encapsulates a NumericUpDownExtender. This UserControl implements the interface ICallbackEventHandler, because I want that when a user changes the value of the textbox associated a custom event to be raised in the server. By the other hand each time an async postback is done I shoe a message of loading and disable the whole screen. This works perfect when something is changed in for example an UpdatePanel through this lines of code:

Sys.WebForms.PageRequestManager.getInstance().add_beginRequest(
function (sender, args) {
var modalPopupBehavior = $find('programmaticSavingLoadingModalPopupBehavior');
modalPopupBehavior.show();
}
);

The UserControl is placed inside a detailsview which is inside an UpdatePanel in an aspx. When the custom event is raised I want another textbox in the aspx to change its value. So far, When I click on the UpDownExtender, it goes correctly to the server and raises the custom event, and the new value of the textbox is assigned in the server. but it is not changed in the browser.

I suspect that the problem is the callback, since I have the same architecture for a UserControl with an AutoCompleteExtender which implement IPostbackEventHandler and it works. Any clues how can I solve this here to make the UpDownNumericExtender user control to work like the AutComplete one? This is the code of the user control and the parent:

using System;
using System.Web.UI;
using System.ComponentModel;
using System.Text;
namespace Corp.UserControls
{
[Themeable(true)]
public partial class CustomNumericUpDown : CorpNumericUpDown, ICallbackEventHandler
{
protected void Page_PreRender(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
currentInstanceNumber = CorpAjaxControlToolkitUserControl.getNextInstanceNumber();
}
registerControl(this.HFNumericUpDown.ClientID, currentInstanceNumber);
string strCallServer = "NumericUpDownCallServer" + currentInstanceNumber.ToString();
// If this function is not written the callback to get the disponibilidadCliente doesn't work
if (!Page.ClientScript.IsClientScriptBlockRegistered("ReceiveServerDataNumericUpDown"))
{
StringBuilder str = new StringBuilder();
str.Append("function ReceiveServerDataNumericUpDown(arg, context) {}").AppendLine();
Page.ClientScript.RegisterClientScriptBlock(typeof(CorpNumericUpDown),
"ReceiveServerDataNumericUpDown", str.ToString(), true);
}
nudeNumericUpDownExtender.BehaviorID = "NumericUpDownEx" + currentInstanceNumber.ToString();
ClientScriptManager cm = Page.ClientScript;
String cbReference = cm.GetCallbackEventReference(this, "arg", "ReceiveServerDataNumericUpDown", "");
String callbackScript = "function " + strCallServer + "(arg, context)" + Environment.NewLine + "{" + Environment.NewLine + cbReference + ";" + Environment.NewLine + "}" + Environment.NewLine;
cm.RegisterClientScriptBlock(typeof(CustomNumericUpDown), strCallServer, callbackScript, true);
base.Page_PreRender(sender,e);
}
[System.ComponentModel.Browsable(true)]
[System.ComponentModel.Bindable(true)]
public Int64 Value
{
get { return (string.IsNullOrEmpty(HFNumericUpDown.Value) ? Int64.Parse("1") : Int64.Parse(HFNumericUpDown.Value)); }
set
{
HFNumericUpDown.Value = value.ToString();
//txtAutoCompleteCliente_AutoCompleteExtender.ContextKey = value.ToString();
// TODO: Change the text of the textbox
}
}
[System.ComponentModel.Browsable(true)]
[System.ComponentModel.Bindable(true)]
[Description("The text of the numeric up down")]
public string Text
{
get { return txtNumericUpDown.Text; }
set { txtNumericUpDown.Text = value; }
}
public delegate void NumericUpDownChangedHandler(object sender, NumericUpDownChangedArgs e);
public event NumericUpDownChangedHandler numericUpDownEvent;
[System.ComponentModel.Browsable(true)]
[System.ComponentModel.Bindable(true)]
[System.ComponentModel.Description("Raised after the number has been increased or decreased")]
protected virtual void OnNumericUpDownEvent(object sender, NumericUpDownChangedArgs e)
{
if (numericUpDownEvent != null) //check to see if anyone has attached to the event
numericUpDownEvent(this, e);
}
#region ICallbackEventHandler Members
public string GetCallbackResult()
{
return "";//throw new NotImplementedException();
}
public void RaiseCallbackEvent(string eventArgument)
{
NumericUpDownChangedArgs nudca = new NumericUpDownChangedArgs(long.Parse(eventArgument));
OnNumericUpDownEvent(this, nudca);
}
#endregion
}
/// <summary>
/// Class that adds the prestamoList to the event
/// </summary>
public class NumericUpDownChangedArgs : System.EventArgs
{
/// <summary>
/// The current selected value.
/// </summary>
public long Value { get; private set; }
public NumericUpDownChangedArgs(long value)
{
Value = value;
}
}
}

using System;
using System.Collections.Generic;
using System.Text;
namespace Corp
{
/// <summary>
/// Summary description for CorpAjaxControlToolkitUserControl
/// </summary>
public class CorpNumericUpDown : CorpAjaxControlToolkitUserControl
{
private Int16 _currentInstanceNumber; // This variable hold the instanceNumber assignated at first place.
public short currentInstanceNumber
get { return _currentInstanceNumber; }
set { _currentInstanceNumber = value; }
}
protected void Page_PreRender(object sender, EventArgs e)
{
const string strOnChange = "OnChange";
const string strCallServer = "NumericUpDownCallServer";
StringBuilder str = new StringBuilder();
foreach (KeyValuePair<String, Int16> control in controlsToRegister)
{
str.Append("function ").Append(strOnChange + control.Value).Append("(sender, eventArgs) ").AppendLine();
Append("{").AppendLine();
str.Append(" if (sender) {").AppendLine();
str.Append(" var hfield = document.getElementById('").Append(control.Key).Append("');").AppendLine();
str.Append(" if (hfield.value != eventArgs) {").AppendLine();
str.Append(" hfield.value = eventArgs;").AppendLine();
str.Append(" ").Append(strCallServer + control.Value).Append("(eventArgs, eventArgs);").AppendLine();
str.Append(" }").AppendLine();
str.Append(" }").AppendLine();
str.Append("}").AppendLine();
Page.ClientScript.RegisterClientScriptBlock(typeof(CorpNumericUpDown), Guid.NewGuid().ToString(), str.ToString(), true);
}
str = new StringBuilder();
foreach (KeyValuePair<String, Int16> control in controlsToRegister)
{
str.Append(" funcsPageLoad[funcsPageLoad.length] = function() { $find('NumericUpDownEx" + control.Value + "').add_currentChanged(").Append(strOnChange + control.Value).Append(");};").AppendLine();
str.Append(" funcsPageUnLoad[funcsPageUnLoad.length] = function() { $find('NumericUpDownEx" + control.Value + "').remove_currentChanged(").Append(strOnChange + control.Value).Append(");};").AppendLine();
}
Page.ClientScript.RegisterClientScriptBlock(typeof(CorpNumericUpDown), Guid.NewGuid().ToString(), str.ToString(), true);
}
}
}

and to create the loading view I use this: //The beginRequest event is raised before the processing of an asynchronous postback starts and the postback is sent to the server. You can use this event to call custom script to set a request header or to start an animation that notifies the user that the postback is being processed.

Sys.WebForms.PageRequestManager.getInstance().add_beginRequest(
function (sender, args) {
var modalPopupBehavior = $find('programmaticSavingLoadingModalPopupBehavior');
modalPopupBehavior.show();
}
);

//The endRequest event is raised after an asynchronous postback is finished and control has been returned to the browser. You can use this event to provide a notification to users or to log errors.

Sys.WebForms.PageRequestManager.getInstance().add_endRequest(
function (sender, arg) {
var modalPopupBehavior = $find('programmaticSavingLoadingModalPopupBehavior');
modalPopupBehavior.hide();
}
);

View 1 Replies

Security :: Bug In PasswordRecovery Control?

Apr 5, 2010

I have asked the following question multiple times but did not receive any proper reply.

I have a web page which is using PasswordRecovery control.

Its working fine but I have a scenario in which I have to disable Viewstate for the whole application.

Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).

View 1 Replies

Web Forms :: PasswordRecovery Control In Modalpopup?

Jan 24, 2011

I want to use PasswordRecovery control in modalpopup. After successfully completing first step of password recovery.I close the modal popup and now again when i open modal popup it shows with second step of the password recovery. But I want default first step when user close the modal popup.

View 1 Replies

Security :: Change Display Of PasswordRecovery Control?

Aug 11, 2010

For reasons to long to go in to I have to change the behaviour/appearance of the Success page on our password recovery page.

We've been tasked with making the Success template identical to the UserName template i.e. with a label and text box for UserName and identical messages on both pages.

Basically our client wants no difference between successful password retireval and failure - the same message will display regardless e.g. "An email has been sent to <username> with your password."

Which reminds me - in the success/failure message they'd like the entered UserName to appear but I can only get it to appear if it's a valid username - if it's nonsense the UserName is blank.

View 2 Replies

Web Forms :: PasswordRecovery Control - Errors Trying To Send Email

Oct 28, 2010

I have a password recovery control on my login page. I want to have it send the user specified (and after question/answer filled out correctly) password in an email. I keep throwing an error though, saying that the SMTP needs authentication. I've used a lot of email capabilities in my application, but I set all the SmtpClient properties programmatically, so I never had to rely on system.net mailSettings section of the web.config file. But now I am relying on it, because I am not intercepting any events (unless that would be easiest) of the password recovery control. Here is my system.net excerpt from my web.config file:

[Code]....

What am I not doing here to specify SMTP authentication? Why am I throwing this error? I'm putting my credentials in there with username and password. Am I not configuring the PasswordRecovery control correctly?

View 4 Replies

Security :: Access The Submit Button In Passwordrecovery Control?

Nov 17, 2010

I am using passwordrecovery control.

After entering username and keying enter key(from keyboard) it was not firing submitbutton_click event. So i have added defaultbutton property in the panel control, and it is working fine. And my problem here is..

Clicking on submit button it is showing security question. After answering the security question, i have to click on the submit button either by mouse click or tab enter.

What i need to do is.. after answering the security question, I should be able to hit enter key instead of mouse clicking on submit button.

View 3 Replies

Security :: PasswordRecovery Control Is Not Working With Disable Viewstate?

Mar 31, 2010

I have a web page which is using PasswordRecovery control.

But I have a scenario in which I have to disable Viewstate for the whole application.

Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).

View 2 Replies

Web Forms :: Add Customized Question And Answer To PasswordRecovery Control

Aug 15, 2012

I am using password recovery control in forgotpassword.aspx page. By default the password recovery control validates the Login id and the security question of a particular user. But i want to give an alternate option. That is, If the user forgets the security answer he can give his PAN Number as identificaiton. Its should be an option like either he can provide security answer or his PAN number. Can we acheive this functionality. Because from my knowledge it looks like Security Answer is mandatory.  But i want to provide alternate option that user should give his security answer, if he forgets he can use PAN number for his identificaition. UpmMembershipProvider has default property (requiresQuestionAndAnswer) which is set as true.

View 1 Replies

How To Set SSL True For PasswordRecovery Control When Using GMAIL SMTP Server

Jul 12, 2012

My PasswordRecovery Control is not working. It is giving me SMTP problem. I set my proper gmail address with port number, valid user name and password. But not working? Do I require to set more settings?

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. pg3sm5232120pbc.2

 Web.config :

<system.net> <mailSettings> <smtp from="myemailid@Gmail.com"> <network host="smtp.gmail.com" password="mypassword" port="587" userName="myemailid@Gmail.com" /> </smtp> </mailSettings> </system.net>

View 1 Replies

Security :: How To Make Login Control Allow Users To Login By Either Username Or Email Address

Oct 12, 2010

how to make login control allow users to login by either username or email address

View 1 Replies

AJAX :: Making Custom Accordion / Just Make A Button That Would Hide First Pane But Cant Get To Make It Work?

Sep 3, 2010

I would like to make a custom accordion, in which I have 2 panes, but where you couldn't open the second one until you clicked a validation button in the first one that would open the second...

I tried to just make a button that would hide the first pane but I cant get to make it work.

[Code]....

[Code]....

View 7 Replies

Security :: Use The PasswordRecovery Control To Recover A Password Using The Email Address Instead Of The User Name?

Jan 26, 2010

Is it possible to use the PasswordRecovery control to recover a password using the email address instead of the user name?

Ideally I'd like to have the PasswordRecovery control allow users to enter their email address instead of their user name and then proceed to answer the security question.

View 3 Replies

AJAX :: Make This Work For Several Days But It Just Doesn't Work?

Oct 7, 2010

i'm trying to make this work for several days but it just doesn't work.

this is my code:

aspx page:

[Code]....

webservice:

[Code]....

this was downloaded from this website.

the problem is that the page loads fine but no autocomplete occurs.

View 5 Replies

Configuration :: PasswordRecovery Control: "SMTP Host Was Not Specified." Nightmare?

Jan 17, 2011

Firstly, I'm a newbie to ASP.net, but have around ten years of ('classic') ASP and VB6 experience.I have spent the last 12 hours or so googling for a solution to this problem, so it's nothing obvious (to myself or anyone else I can find talking about it, at least). Things I have ruled out so far include:1) Lack of SMTP server (fixed)2) Firewall issues3) Web.config <mailsettings> directivesI am developing my app locally (VS-2010, Windows 7 Premium ). When I kick off my application containing a form with the PasswordRecovery control in it, and run the password recovery control, I get the error:

[Code]....

This I figured is because I am running Windows 7, which doesn't have IIS7.5 (and thus an SMTP server) running by default. So I enabled IIS 7.5 in component settings, and lo and behold there it was. However there was no SMTP server included (those kind folk at Microsoft like to randomly remove things in system upgrades).So I dug around and installed a free smtp mailserver "hMailServer", and set it up with a the relay mail server address I use with my O2 email, with default credentials.I ran the test and it confirmed that I was indeed reaching the server OK. It also said I could therefore reference Localhost as my smtp server.I also realised I was missing the web.config <mailsettings> directives, so included (under <system.net> <mailsettings>):

<smtp deliveryMethod="Network" from ="zenid@here.com">
<network host="localhost" defaultCredentials="true" port="20" />
</smtp>

[code]...

View 11 Replies

Security :: Work With The Users From The Different Web Application?

Feb 28, 2010

I need to retrieve the user data from the different web application. In the web.config I can specifydifferent profiles, but I cannot figure out how can I use it in the application. This is what I did:

<profile defaultProvider="i90PartnerProfileProvider">
<providers>
<clear/>

[code]...

View 3 Replies

SQL Server :: Trying To Make A GUID For New Users Signing Up

Aug 2, 2010

I am making a database with SQL server 2008 express edition and trying to make a GUID for new users signing up. I have the UserID field as a NVARCHAR(36) with a default value of NEWID() but all it keeps providing are all 0's for all 36 characters. How do I fix it where it provides a true GUID with all random letters/number?

View 1 Replies

Databases :: Make Table Available To All Users In MySql?

Nov 9, 2010

I'd like to have to two tables Countries and states and make it so that any MySql user can access them for the purpose of building databiund drop down lists. What permissions do I need to assign the tables or what's the best way to do this?

View 1 Replies

Web Forms :: Make Sub Domains Or Redirecting Files For Users

Dec 30, 2010

On a membership website that every user has an acount how to give a user place or page in the way below: assume that website is [URL] then we have a user with acount Jimmy now I want to have a link like : [URL] that gives general information about jimmy to other users. one solution is to make a sub directory on root named jimmy and have an index.aspx file in that. it is space consuming and I do not want to do it. Is there any other briliant solution for this problem that for example I can use just one page and take jimmy as query string or something like that to show jimmy's information?

View 1 Replies

How To Make HTML Code Not Viewable To Clients Or Users

Jan 5, 2011

I am wondering are there any standard mechanisms available to protect the asp.net asp code in the client browser ? I found some references to windows script encoders. Question is,are these script encoders encodes both aspx and code behind source ? If aspx is encoded with the windows script encoders then how client browsers can decode it? Are they aware of the encoding algorithms ?Or can we control the client browsers ( IE, Firefox, Chrome etc) to disable the view source option in the Tasks Menu when web site a loaded in them?

View 6 Replies

How To Make The Blog Comments Posted By Users Safe

Mar 10, 2011

I'm in the process of creating a blog engine on my website. Nothing fancy. The user will register some basic information, including the comment itself that is the issue of this question.Inside the comment field, the user can write some text, but there are currently nothing stopping him from writing anything harmful there, that would mess up the page when rendering it with comments

View 2 Replies

Make Administrator Create Users From A Specific Role

Mar 19, 2011

I've been reading about asp web administration tool. I read about creating roles and stuff and forcing a controller to use authentication in order to be viewed. My question is, say create on the administration tool a user called Peter and I assign him the Administrator role. Then I want to create another role called LimitedAdministrator. But I want Peter to create new users on his View (I'm using MVC). Can anyone point me in the direction of how to do this.

I want peter to see on his page, like "Create user" and this user will be created as a LimitedAdministrator.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved