Security :: How To Turn Off The Encryption Of The Answer Of The Q And A, Or Decrypt It In A Report Or Something
Feb 19, 2010
I have these settings.. in my webconfig..
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
So i dont need to use Q and A for password retrevial ( I use email password recovery), but I would like to use Q and A as and Admin, just as that higher level of secuirty.How can I turn off the encryption of the answer of the Q and A, or decrypt it in a report or something ???
View 3 Replies
Similar Messages:
Sep 16, 2010
Not sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
View 3 Replies
Jul 4, 2010
how to count the number of incorrect words from the answer from the website when comparing with database answer?
View 10 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Jun 3, 2010
currently im trying to implement a quiz system on my website in which system will auto mark student's ans. if the student's ans is wrong, system will prompt an incorrect answer, highlight the errors and count the number of errors.
Im using asp.net C#.
View 6 Replies
Jan 30, 2011
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
View 5 Replies
Jul 12, 2010
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
View 2 Replies
Jan 20, 2011
I use login control in asp.net 4.0 and i just like to delete Security question and answer and add other field EX: address,fullname....
How should i do it?
View 3 Replies
Sep 17, 2010
I have a website running on iis 5.1 with asp.net 2.0. Where in the windows registry can I change the requirtements for some the security features? For example, I do not want to enforce strong passwords and I do not want to use the secret question and answer features.
View 4 Replies
Jan 15, 2011
So as the title suggested, I'm currently trying to compare the hashed answer in my database against the answer typed in the textfield by the user in the form.
I thought of hashing the answer in the textfield typed by the user first, and after that compare this newly hashed answer to the one in the database (which is already hashed). But when I typed in the SAME answer (before hashing) and hashed it to get the hashed value, by right the 2 hashes (in web form and database) should match? Somehow, it didn't. And I can't seem to get security answer right anymore (even though I typed the SAME security answer).
This is the code behind the button:
[Code]....
I tried in another way too, but still the same thing.
[Code]....
View 4 Replies
Oct 29, 2010
I'm dealing with a scenario where a legitimate user doesn't have a clue about his password, secret question or the answer. So, I was trying to create an admin tool that would help me in situations like these where the admin should be able to type in username and reset the password without having to know/enter answer to secret question. I understand that I need to make some changes to the web.config for this to work. I thought I made all the changes but my ResetPassword() requests are still not working.
Here's my web.config settings for the provider.
[Code]....
View 4 Replies
May 2, 2010
I have an asp.net page where I have used FormsAuthentication.HashPasswordForStoringInConfigFile. Encrypted password is saved in database. I have created a forgotPassword page. Where I need to send user his password. How can I decrypt it and send it to user. if SHA1 can not be decryoted what other option should I use to encrypt the passwords?
View 5 Replies
Apr 11, 2010
how to Encrypt and Decrypt Password?
I want to store the password in database by encrypting it and want to decrypt when user will log in on to the application.
View 2 Replies
Jul 8, 2010
[Code]....
How do I call the "decrypt" and "Encrypt"? I want to display the result in TextBox1.text
View 2 Replies
Jan 19, 2011
I am doing a project in VS2008 with asp.net,C#. I need to encrypt loginId which is of type Guid. How is this done.
View 3 Replies
Apr 3, 2010
I'm teaching myself ASP.net. I'm creating an application that needs to store sensitive data. So, I found the following Blog to encrypt and decrypt data.
[URL]
I'm sure it's my app, but I wanted to make sure I'm not missing anything obvious. For some reason, my app and Encryptor only works when I pass < then 7 characters. If a pass 8, it doesn't commit to the database. If I remove Encryptor, the app will store
View 1 Replies
Sep 27, 2010
i am encrypting textbox value in md5 using this coding and passing as querystring , and on other page i want to decrypt.....
[code]....
View 1 Replies
Mar 5, 2010
Ok this one might be a bit tough to figure out, but each day when users open their application the following error is generated and they can not enter the application: "Failed to decrypt using provider 'EncryptionProvider'. Error message from the provider: The RSA key container could not be opened." Guess what fixes it... I have to open the application 1 time and then all of the users can being to open the application. This is not an issue with the encryption/decryption of the .config never having worked; it works just fine - but not all of the time. It sounds like a permissions issue to me, like me opening the app grants access to the key file for a time period, and the next day the issue starts all over again. Here is what I have already done (actually when I set up encryption originally), as the many, many posts with this issue are resolved with, but none have worked:
- aspnet_regiis -pa "MyWebKeys" "NT AuthorityNETWORK SERVICE"
- aspnet_regiis -pa "MyWebKeys" "ASPNET"
- Gave ASPNET account read access to "C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys" folder
- Gave NETWORK SERVICE account read access to "C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys" folder
I did not do the following, since I am not using the deafult machinekeys, but rather the imported "MyWebKeys" container
- aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AuthorityNETWORK SERVICE"
- aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
Here is how the file is encrypted:
aspnet_regiis -pef "appSettings" "C:MyProject" -prov "MyEncryptionProvider"
"MyWebKeys" are an imported key container on the server, that upon importing reside in the default "C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys" directory. So it appears I have covered everything, right? What am I missing? Do I have to add individual users or groups with the pa command that use my application to allow access to the container? Remember the encryption/decryption does work 95% of the time. It just seems that each day in the morning, I must open the app once prior to the users being able to open the application, which tells me it is a permissions issue because I am an Admin on the server and they are not, but I thought all of this runs under the NETWORK SERVICE account anyways?)
View 1 Replies
Mar 18, 2010
Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: [URL]
I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this?
I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it?
View 1 Replies
Aug 4, 2010
I am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL
View 4 Replies
Jul 24, 2010
I would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.
View 1 Replies
Dec 16, 2010
If a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?
View 2 Replies
Feb 12, 2011
I am working on encryption and decryption and able to encrypt and decrypt a Text file but not able to do the same for MS Word or any other file other than Text file. I am using a below code.
[Code]....
View 5 Replies
Oct 6, 2010
When i try to encrypt it goes fine.. but when i right after try to decrypt it i get an:"Length of the data to decrypt is invalid" error... the error occours when i try to run the code FlushFinalBlock();here is my code:
[Code]....
View 2 Replies
Mar 19, 2010
I inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.
I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).
I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>
Here is the code that is generating the hash.
MD5CryptoServiceProvider encryptionServiceProvider = new MD5CryptoServiceProvider();
var bytes = ASCIIEncoding.ASCII.GetBytes(inputString);
View 1 Replies