I'm trying to improve my password change function in my app that allows members to change their passwords. I do have some password rules e.g. min 7 characters, etc.
There's a nice MembershipCreateStatus enumeration in the framework for creating new members. Is there a similar tool for catching password exceptions where the user's newly selected password doesn't match the rules?
RemoteOnly" defaultRedirect="~/Errors.aspx">
<error statusCode="404" redirect="~/Error.aspx?code=404"/>
</customErrors>
hrow new HttpException(404, "404 Not Found");
If I am just logging exception details in my web app, do I really need to put in exception handling logic for each tier? Why not just let them all bubble up the stack trace to the global.asax and log them there?
View 5 RepliesI was wondering what will be the method to catch any exception at server end and to show the error message in a div with error icon on top of the page using jquery. All the examples I have browsed show how to display the div on click of some button or link but in my case the scenerio is different. I want to use it for displaying messages to user and make use of Jquery's animations as well.
View 7 RepliesI am fairly new to the asp.net scene. Having build a dashboard gathering info on my OLAP system's health status, I can't seem to figure out how to make sure that I catch the no connection exception.I use the following statements on the datagrid:a) want to change the color of ssas2 button to red if an exception is throw
MyDBConn.ConnectionString =
"Provider=MSOLAP.4;Data Source=core-ssas2;Integrated Security=SSPI;Initial Catalog=Financials;Connect Timeout=6000"
MyDBConn.Open()
MyDBConn.CreateCommand.CommandTimeout = 120
I have a couple of questions on exception handling in .net: 1- Why do we have to catch specific exceptions other than the reason of displaying a particular error to the user? What if we wanted to always display a generic error to the user and not give him much details, would it be okay to catch only generic xceptions?
2- Is throwing exceptions from the data access layer to the UI layer best practice, or is it recommended to return a string or perhaps a boolean values from the data access layer to the UI layer?
Looking for best practice focused answers here with explanations.
Should the presentation layer of an ASP.Net app catch and handle exceptions thrown from the business layer, or should these be allowed to bubble out, where they can all be logged and handled uniformly in the Global.ascx's Application_Error handler?
[code]....
I am fairly new to the asp.net scene. Having build a dashboard gathering info on my OLAP system's health status, I can't seem to figure out how to make sure that I catch the no connection exception.use the following statements on the datagrid:a) want to change the color of ssas2 button to red if an exception is thrown
View 5 RepliesI can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
I'm building the standard 3-tier ASP.NET web application but I'm struggling as to where to do certain things - specifically handling exceptions.
I've tried to have a look around on the web for some examples but can't find any which go as far as a whole project showing how everything links together.
In my data-tier I'm connecting to SQL Server and doing some stuff. I know I need to catch exceptions that could be raised as a result but I'm not sure where to do it.
From what I've read I should be doing it in the UI tier but in that case I'm not sure how to ensure that the connection to the database is closed. Is anyone able to clarify how to do this? Also if anyone knows as to where I could find an example 3-tier web application that follows best practices that would be great too.
I am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
View 1 RepliesI using change password control, how can i change the password without enter the current password?
View 8 RepliesI had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
I have a simple method that is secured
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void lnkClearCache_Click(object sender, EventArgs e)
{
}
If this is clicked without the role, it generates a System.Security.SecurityException: Request for principal permission failed. as expected.
I use ELMAH to handle logging for my errors, and I have a custom ELMAH event in my global.asax to transfer to the error pages in ways that preserve status codes which works correctly.
[Code]....
This works all well and fine and redirects to my error page which works properly, however instead of displaying the content as expected. I immediately get a second request for the error page but this time using the value of customErrorsSection.DefaultRedirect that does not come from my code in any way that I can see.
As far as I can tell it's almost as if when .NET raises an exception for PrincipalPermission and then lets the entire request complete, then after the request is complete it throws away the application response and instead responds with the default custom error.
When I'm debugging I do break on 2 separate exceptions for PrincipalPermission, whether this is a just a rethrow by .NET I'm not sure but my .NET code never sees the 2nd throw, nor does ELMAH. I always end up with a single response, single error logged, but that the url that finally renders to the browser is the default url and not 403 url that I specifically server.transferred to. If I browse to a /location that is secure I properly get the 403 error page.
i am not sure to which head does this problem belongs ....but this seems to be a security issue to me..I am writing this post after googling aroung for 2-3 days..Frown but still can't find any resolution to my problems. Let me describe my problem:-
I have created a website which does the following tasks:
1) Creates a user
2)Enables/Disables users
3)Delete users
4)Unlocks users
5)Reset password of a user
in Active Directory.
I have used impersonation in my application which uses the admin credentials to perform above tasks.When i run this application in debug mode through Visual Studio 2005 ,all the tasks are performed successfully .Now comes the deadly exceptions i am facing after publishing the website and hosting it on IIS. Task 2 & 3 are still working fine and i can enable/disable and delete user from AD even after hosting website but the problem comes in
Resettind password
Exception Details:-Exception has been thrown by the target of an invocation. || Trace: at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
at ADHelper.ResetPassword(String currentDomain, String userToResetPwd, String newPassword) in e:New ProjectAD [code]...
I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
Is there a way to assign a value to the password and confirm password fields of the CreateUserWizard control programmatically when the page loads? The CreateUserWizard.Password property is read-only.
View 3 RepliesWe have a asp.net application and want to implement logging. The first idea was to use the Application_Error method in the global.asax file.
The problem is that ASP.NET very often seem to throw exceptions internally that are not caused by the application and which seem not to interfer with the users normal workflow. For example we often get HTTPExceptions, UnauthorizedAccessExceptions and others caught in this method, although there is no real error in the application.
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..
View 1 RepliesAm trying to open a .pps/.ppt file through my vb.net code.....due to secure reasons this file is password protected,
However i will not like the end user to put a password when accessing through my application.
Hence i want to pass a password as a parameter while open such a password protected file.
Here is my code.
Reference URL: http://support.microsoft.com/kb/303717/EN-US/
Dim oApp As Microsoft.Office.Interop.PowerPoint.Application
Dim oPres As Microsoft.Office.Interop.PowerPoint.Presentation
Dim objpresset As Microsoft.Office.Interop.PowerPoint.Presentations
oPres = objpresset.Open(filename, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue)
Where can i provide password while opening a ppt file...
Here is the code copied from [URL] In asp.net code behind, I use try-catch try to catch any error but never catch it. In SQL database, if I rename Employees to Employeesx or change column DepartmentID to DepartmentIDx, record will not be deleted (it is right) without any error (it is wrong, suppose catch an error).
CREATE PROCEDURE DeleteDepartment
(
@DepartmentID int
)
AS
BEGIN TRANSACTION
DELETE FROM Employees
WHERE DepartmentID = @DepartmentID
IF @@ERROR <> 0
BEGIN
ROLLBACK
RAISERROR ('Error', 16, 1)
RETURN
END
DELETE FROM Departments
WHERE DepartmentID = @DepartmentID
IF @@ERROR <> 0
BEGIN
ROLLBACK
RAISERROR ('Error', 16, 1)
RETURN
END
OMMIT
i am trying to save last user logon on database,the event will done when user logout or close browser
i tried to call web_service on javascript but in vain,the javascript doesnt see the webService,but i added reference to ScriptManager
[Code]....
i got username from the cookie,i access the DB to update his table.
the question as iam beginner on asp
where and when to use this method,when to cupture the user's web browser close,
how to do this in aspx.cs code behind "iam not good at JS"
and i want to know? when the user close the browser or page? am i still connecting with him to make changes as his account(cookie)?
I get this error in the browser:
Code:
Thread was being aborted.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Threading.ThreadAbortException: Thread was being aborted.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ThreadAbortException: Thread was being aborted.]
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +486
System.Web.ApplicationStepManager.ResumeSteps(Exception error) +501
System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +123
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +379
Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
I have try{}catch(Exception ex){} in the right place:
Code:
protected void Button1_Click(object sender, EventArgs e)
{
try
{
// all processing occurs inside here
}
catch(Exception ex)
{
}
}
I even created a global.asax file and on the Application_Error event, I wrote a code that would email me the error (and i'm not getting an email regarding that error when I get the error shown above). I know for a fact that the thread is going inside the "try" statement because I send emails to myself whenever it finishes certain codes inside of it. So how come I'm getting that error in my browser instead of it being handled in my "catch" statement? I have two problems here, one, why is the exception not going to my "catch" statement, and two, why am I getting that error in the first place.
Note: my web app calls a webservice.
i have a datagrid control which displays users created using sqlMembership..it has a row deleting event which is only accessed by administrators here is the code..
[Code]....
my problem here is to catch the securityexception and display in label