Security :: How To Manually Check A User's Security Question Answer
Jan 30, 2011
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
View 5 Replies
Similar Messages:
Feb 18, 2011
My requirements is when one other website call my service (httphandler) and in response i will provide one parameter which is
value of form authentication cookie
now that website call my website with that cookie value as query string , how to check from that cookie value that particular use is authenticated or not ?
View 3 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Jul 12, 2010
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
View 2 Replies
Oct 15, 2010
sing a SqlMembershipProviderI like to manualy register new users and to save mutch more data from them in a separate table.since these tables are liked with the UserID generated by the SQL MembershipProvider I want to login the new user after he is added to the membership system.
[Code]....
View 1 Replies
May 18, 2010
I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access.
So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table:
[Code]....
The problem is the password value, does anyone know how the password it is hashed?
View 3 Replies
May 4, 2010
i have following issue: I am creating a new user register form manually without CreateUserWizard control, and all works perfectly unitil I intentionaly (for test purposes) enter existing username (for example BLABLABLA) into username.textbox. After that i get my error message as expected that says "username BLABLABLA allready exist", now when I tray (as a future user who could be in the same situation) to correct the username and enter another one (for example TRATRATRA), it still gives me this error "username BLABLABLA allready exist!" This is the second day that I'm traying to solve this!
Here is a part of my code:
[Code]....
View 4 Replies
Jan 30, 2011
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the ASP.Net membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
View 1 Replies
Jul 25, 2010
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
View 2 Replies
Feb 19, 2010
I have these settings.. in my webconfig..
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
So i dont need to use Q and A for password retrevial ( I use email password recovery), but I would like to use Q and A as and Admin, just as that higher level of secuirty.How can I turn off the encryption of the answer of the Q and A, or decrypt it in a report or something ???
View 3 Replies
Mar 24, 2010
I have 3 pages which they use Master page. I want to check if user is authenicated in page load event of master page.
1-Is it correct method to check authenication is page load of master page?
2- I want to know which of the following lines should I user and is there any difference between them?
Request .IsAuthenticated
Page.User.Identity .IsAuthenticated
HttpContext .Current .User .Identity .IsAuthenticated
View 3 Replies
Apr 4, 2010
I want to check if user is autheneicated in control (ascx). I use HttpContext.Current.User.Identity.IsAuthenticated; for this purpose.
When I browse pages using ASP.Net Developement server -VS 2008- it works fine, But when I use IIS 7 then it always return false , even if user is authenicated.
Note that it's even work fine with IIS 6 but With IIS no hope (Classic/Integrated mode). does it related to IIS 7 or what the method that I use?
View 2 Replies
Apr 14, 2010
I have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
View 8 Replies
Jan 20, 2011
I use login control in asp.net 4.0 and i just like to delete Security question and answer and add other field EX: address,fullname....
How should i do it?
View 3 Replies
Sep 17, 2010
I have two server one server runs (windows 2003 server Moodle opensource - PHP url : [URL] and another server contains Course Matterial video(url :[URL]. so user success full login i have transfer to another server. how can i know it is successful login and it is request comes from xxx.yyy.zzz.aaa ip.
i want write code in C# (asp.net)
View 1 Replies
Dec 13, 2010
I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
[Code]....
View 1 Replies
Jun 3, 2010
I want to prevent cross site scripting in my website.....is dat good to use innerhtml,htmlencode?
View 3 Replies
Sep 15, 2010
I use a class method that looks something like this to check for user and pass at login:
[Code]....
and I just wanted to ask, if there is a shorter/faster way (the user table is on an SQL Server? Also is this way secure?Note: I set the collation for the password field on the SQL Server to be case sensitive so I don't have to account for it in the code.
View 7 Replies
Feb 22, 2011
i have using aspnet DataBase, and i know that i can Check if the User is OnLine or not By Using
Membership.GetUser.isOnLine; this is when invoke method in asp.net Page , But i want to Know if there is another way to Check If the User OnLine or Notfrom aspnet dataBase
View 4 Replies
Nov 15, 2010
I need to do the following:
[Code]....
how do i write this?
View 6 Replies
Sep 17, 2010
I have a website running on iis 5.1 with asp.net 2.0. Where in the windows registry can I change the requirtements for some the security features? For example, I do not want to enforce strong passwords and I do not want to use the secret question and answer features.
View 4 Replies
Jan 15, 2011
So as the title suggested, I'm currently trying to compare the hashed answer in my database against the answer typed in the textfield by the user in the form.
I thought of hashing the answer in the textfield typed by the user first, and after that compare this newly hashed answer to the one in the database (which is already hashed). But when I typed in the SAME answer (before hashing) and hashed it to get the hashed value, by right the 2 hashes (in web form and database) should match? Somehow, it didn't. And I can't seem to get security answer right anymore (even though I typed the SAME security answer).
This is the code behind the button:
[Code]....
I tried in another way too, but still the same thing.
[Code]....
View 4 Replies
Oct 29, 2010
I'm dealing with a scenario where a legitimate user doesn't have a clue about his password, secret question or the answer. So, I was trying to create an admin tool that would help me in situations like these where the admin should be able to type in username and reset the password without having to know/enter answer to secret question. I understand that I need to make some changes to the web.config for this to work. I thought I made all the changes but my ResetPassword() requests are still not working.
Here's my web.config settings for the provider.
[Code]....
View 4 Replies
Jun 26, 2010
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 Replies
Jan 18, 2011
how to remove the "username","secret question","secret answer" from the signUp Wizard and at the same time use the email for loginig In
View 1 Replies