Membership / Show The Password In The (internal) Web Page Where A List Of All Users?

Mar 25, 2010

I'd like to use the ASP.NET membership provider in the following (low-security) scenario...

My company will create and administer user accounts on behalf of our clients. These accounts will likely be shared amongst several people in the client company (is that a problem?).

There will be 2 types of users (2 roles): client and administrator. Administrators are the people within my company that will have special privileges to create client user accounts, etc.

Clients will not be able to self-register. They also won't get to choose their own password, and they should not be able to change their password either, since that will just create confusion where several people are sharing the same account.

My internal users (admins) will set the password for each client. Here's the bit I'm struggling with: if a client phones up and asks to be reminded of their password, how can my admin users find out what the password is? Can I configure the provider to store the password in clear text (or other recoverable form), and if so can I get at the password through the .NET API?

As I said at the outset, this is a low-security application, and so I plan simply to show the password in the (internal) web page where I have a list of all users.

View 2 Replies


Similar Messages:

Security :: Migrating Existing Cleat Text Users Password To Hashed Password Membership Provider?

Sep 9, 2010

I had been trying to solve this but there is a hidden key i wish someone point me to.

I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .

Now a new requirement say that the password must be hashed and reset .

I configure the Membership password to hash , and Implemented the Reset Password Module.

My problem is as follow.

If the user is new registered user with the new configuration the password and the security answer is hashed.

also when I go and reset the password it continue to be hashed.

Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.

old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .

Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .

View 1 Replies

Forms Data Controls :: How To Show Online Users Name List On Master Page Using Gridview

May 6, 2010

Im using Visual Web Developer 2010 , ASP.NET and VB

Im using the "ASPNETDB.MDF" database for membership and others ,

1-- i created a gridview in my masterpage
2-- Connected to to " ASPNETDB.MDF" and "asp_Users Table"
3 -- Selected all
4-- My Select the Field "UserName"

Now im trying to get the On-line Users .

Im having a problem , becouse i can't see it when i debug the page, i changed the font , background color , i havent got any erros , what i need to do ?

View 4 Replies

Active Directory/LDAP :: Use Membership But Bypass / Disable Password Usage For Users?

Aug 12, 2010

I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.Is there a way to store users but disable password storage on the aspnet_membership table?

View 2 Replies

Security :: How To Show Membership Users That Are Not In Any Role?

Apr 15, 2010

I am using the asp.net membership provider tables in sql server. I'm trying to figure out how to query a list of users that are NOT in any role.

View 4 Replies

Security :: Export List Of Users From Site Membership To Xls File

Jan 8, 2011

I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(

UserName
Email
PasswordQuestion
Comment
IsApproved
IsLockedOut
LastLockoutDate
CreationDate
LastLoginDate
LastActivityDate
LastPasswordChangedDate
IsOnline
ProviderName
)

but i can't see a way to export the following info for example;

<profile enabled="true" defaultProvider="AccessProfileProvider">
<providers>
<add name="AccessProfileProvider" type="AccessProviders.AccessProfileProvider" connectionStringName="ProfileAccessProvider" applicationName="MandS_2010" description="Stores and retrieves profile data from an personal Access database."/>
</providers>
<properties>
<group name="SupplierProfile">
<add name="CompanyName" type="String"/>
<add name="HoldingCompany" type="String"/>
<add name="Address" type="String"/>
<add name="Telephone" type="String"/>
<add name="Fax" type="String"/>
<add name="TypeOfSupplier" type="String"/>
<add name="DirectSupplierCode" type="String"/>
<add name="Alist" type="String"/>
<add name="otherCode" type="String"/>
</group>

View 1 Replies

Security :: Multiple Role Membership / How To Populate A Dropdown List With Users

Oct 13, 2010

I need to populate a dropdown list with users who match certain role criteria. For example, if I have the following roles: Manager, Employee, Supervisor I would like to populate the list with only the Manager and Employee roles. Some individuals have multiple roles and they should be excluded if they also have the Supervisor role as illustrated below:

Name: A , Role(s): Manager, Employee, Supervisor

Name: B, Role(s): Employee

Name: C, Role(s): Manager, Employee

The final list should only contain names B & C.

I can use Roles.GetUsersInRole("Employee") but I am not sure if this is efficient or not.

View 2 Replies

Security :: Redirecting Users From Forgot Password Page To Login Page?

Feb 7, 2011

I have created a forgot password page with a PasswordRecovery control in it.

<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em" Height="210px"
onsendingmail="PasswordRecovery1_SendingMail" Width="491px">

I want to redirect the user back to the login.aspx page once the user clicks the Forgot Password button.

View 2 Replies

Security :: Membership Users Different Page Direction?

Feb 25, 2010

i have some link buttons that On click direct to some page iwant to add some if statement that if the user is online direct to same page and if not direct to other page?

View 6 Replies

C# Membership Provider - Reset Password Features - Email Confirmation And Password Change?

Jun 28, 2010

Does anyone has a solution (sample code) for the following features:

Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password

My provider is currently parametrized this way:

[code]....

The security issues with this type of procedure have been discussed here before.

View 2 Replies

Security :: Change Password Without Enter Current Password For Membership Provider?

Jan 13, 2010

I using change password control, how can i change the password without enter the current password?

View 8 Replies

Web Forms :: Reset Password" Form, The First Text Box Set With TextMode Set To "Password" Is Populated With The Users Saved Password?

Mar 11, 2011

When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?

View 4 Replies

To Deploy And Secure .NET Web App To Be Available To Internal And Outside Users?

May 21, 2010

My company has several web applications written in ASP.NET. We need to make these applications available to Intranet users as well as authenticated external users. Most of the features are the same for the two groups, though there are some extra features available to the Internal users. The two different sets of users would use a slightly different security setup... our internal people will be authenticated using LDAP against Exchange, whereas the external users will have accounts in SQL Server.

What is the best approach for deploying our web apps? Should we deploy 2 copies to different servers, one configured for an Intranet and one for outside users? Or is there a better way to share the code between the 2 servers, yet have the flexibility to use different web.config settings for security??

View 1 Replies

Membership Generate Password Alphanumeric Only Password?

Apr 12, 2010

How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords.

View 2 Replies

Old Password Still Working After Password Change In Membership?

Sep 21, 2010

Am using ASP.NET membership authentication in a small website and i just noticed some thing funny during testing. Am trying to enable user to change their login password any time they wish, i dragged a change password control to the form, i changed the password for my test account, but now all passwords are still working.

I can login with the old password as well as the new password with this particular test account. If i try with any other random characters as the new password, i cant successfully login (which OK). But if type the old password, am able to login, if i type the new password, am still able to login, am finding this very strange.

View 2 Replies

Security :: Authenticating Internal Users Against Active Directory?

Mar 23, 2011

I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.

I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?

From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?

View 1 Replies

Authenticate And Authorize Internal And External Users To Log And Then Re-route To Web Applications For The Organization

Mar 26, 2010

Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?

View 1 Replies

Create A Page - Show All Users With Filter?

Sep 29, 2010

i want to create a page like asp.netwebadminfiles/security/users/manageUsers.aspx

View 9 Replies

C# - How To Show Password In Asterik Format When Generate Random Password

Sep 17, 2010

i am generate random password and show it in a textbox. when i am set textbox property textmode to password then it doesn't show in textbox but when i set it singleline then password shows in textbox. I am using following code --

textbox1.attributes.add("value",passwordvalue);

for show i am using --

textbox1.text = textbox1.attributes["value"].tostring();

Same happing with when i edit record. password doesn't show in textbox.

View 5 Replies

Security :: Not To Show The Login Page When Users Are Logged In?

Apr 11, 2010

I have a Login.aspx in my application.

After users logged in, if they press "back" in the browser, it goes to the Login.aspx page.

But I don't want to show users the Login.aspx page when they are logged in. how to restrict users to see the login.aspx page if they are logged in??

I am using sql role based membership provider and standard login control provided by Visual web developer 2008.

View 7 Replies

Web Forms :: Forgot Password - Page Not Accessible To Non-LoggedIn Users In Forms Authentication

May 7, 2015

URL....I use this one as my login, and I addes hyperlink for Forgot Password. But why I can't access the FORGOT PASSWORD.aspx for every time I click it. And when I login it redirects t Forgot Password.How I can access it without logging in?

View 1 Replies

Show Full Details Of 500 Internal Server Error?

Jan 24, 2011

How do I see the full error message here

All I see is a 500 internal server error with no exact details of the details of the error?

View 3 Replies

How To Show Plain Text In Password Field And Then Make It Regular Password Field On Focus

Jan 2, 2010

how to show plain text in password field and then make it regular password field on focus

View 3 Replies

How To Get The List Of Users And Also To Update/Delete Users

Aug 11, 2010

I have used Login Control + Change Password + Create User Wizard in my project. Everything is working fine. I want to know that how to get the List of Users and also to Update/Delete users.

View 1 Replies

Membership Reset Password?

May 1, 2010

I am using membership control in my webapplication.On reseting password, i want control should generate password such that i can define the length of the password.

View 5 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved