How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
I have only username. and want to check and grab the password from the database. It is BEFORE LOGGING IN. so I don't think the build-in asp.net functions could be used, right?
View 5 Repliesi have added login control provided with teh VS 2008 to the form, when i double click Login button of it, it creates the Click event,
what i want is to fetch the values in the boxes username and password, How do that? why i cannot access the id tag of the textboxes from the clickevent?
A Login.aspx has been created to enforce security on several forms of a web site.How can it be best called by each form at page load and return to that form after succesful login? How could that requirement be declared in web.config?
View 3 Repliesam working on a new site and i want to do tothings for security1. I want to encrypt the password of the user who register on my site and also decrypt it to enable him in login again.2. I will make an online exams so I want to disable the user functions to hack the exams materials such as (print page, print screen , or even selecting data manual by mouse )I googled a lot about this matter I found java scripts to make this but what about the users who will disable scripts on their browsers. So I want to do this with C# Code.
View 4 RepliesI have created a forgot password page with a PasswordRecovery control in it.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em" Height="210px"
onsendingmail="PasswordRecovery1_SendingMail" Width="491px">
I want to redirect the user back to the login.aspx page once the user clicks the Forgot Password button.
In my application i have login Page in that i have login Control of asp.net, when user clicks on submit button i am authenticating the user and and redirecting to default url.
now what i want is using address bar i want to authenticate the same process with out opening the login page and give user name and password in the login control. Directly i want to inject the username and password in the address bar and need the same functionality what the submit button does.
i have articles on net using post methods but i am not able to do this.
I want to save the user_email and user_password in my website Session and clear it when loggin out but i wantg to know how secure it is to store passwords?
View 3 RepliesI am struggling to login into my web portal on my new sony vaio laptop. I think that I need to do some settings, or download some plugin. Infact I don't know what to do, as I have spent many hours trying to login, but no success. Below is my office website:[URL]When I enter my credentials and click login, the web page gets refreshed, i.e username and password get erased, rather than taking me into my web-portal. The laptop is having windows 7 home premium, with ie8. I have also tried installing firefox, chrome, opera and safari, but same problem.
as sony has refused to take the laptop back and they are saying that there is problem with website. Similarly, website staff are saying that there is a problem with the laptop and not with the website.
I wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
I have a masterpage that contains a number of links. When I login to the secure area of my website, the links are broken they are trying to access the page as if it was stored in the SecurePages folder. Code below:
[Code]....
i was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 RepliesI am dtrugling with the log in of .net. I have studied a wrox asp.net 2 book and it says add
<authentication mode="Forms">
<forms name="Wrox" loginUrl="Login.aspx" path ="/" />
</authentication>
<authorization>
<deny users ="*" />
</authorization>
to the web.config file. This automaticaly sends me to Login.aspx. The problem I have is I have added this line to the code behind in Login.aspx
protected void submit1_Click(object sender, EventArgs e)
{
FormsAuthentication.RedirectFromLoginPage(User.Text, false);
}
NOW this does not check the password but it should in THEARY send me to the page I was going to. It dosnt it stays on the login page.
I already made a login page and other pages, but I need when I go to the other Page show me a login Page with the page I want to go to. So when I enter UserName and Password go to the page I focus on. For example I need to show authors Page so If I'm not login when It shows. The Login Page shows with the link to authorPage in the URL.
View 4 RepliesI have a doubt regarding secure cookie.
I have four servers 2 App Server(behind firewall) and 2 webservers and each server is accessing through Load Balancer.
App Server is a modules for Data Access layer and webserver is for Presentation layer.
My Issue is My Load Balancer has Secure certificate installed but certificate is not installed on servers and I want to make cookie as secure in site , as per my understanding " cookie should be set as secure only for SSL site other ways new session will get create every time" so should I install SSL certificate on webserver to make my cookie as secure or will it work properly even if only Load Balance has SSL.
how can secure credit card number in database
using Encryption technique. using stored procedure instead of inline query and what more....
[Code]....
View 4 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
i have a single page that needs to be secure (https) , my problem is i dont know how to do it. Can you give me walkthrough on how to do this?
View 1 Replieshow to make login control allow users to login by either username or email address
View 1 RepliesI have a web form, which is to allow user to reset their password. When I clicked on the button, I got this error
"Input string was not in a correct format."
The code behind the button is:
[Code]....
When the user types in the new password, this new password will be hashed upon clicking the button and saved into the database.
How can I send a user to a login page for login where you don't have control(like windowslive) and then after authentication return to the original page?
View 5 Replies