Security :: Search Page In Firefox Requesting Username And Password Repeatedly On Classified Website
Oct 16, 2010
Over the past two weeks or so, I've been getting feedback from users on my site that a popup box is interferring with their use of my search page. From the research I've done, it appears only Firefox users are having this problem. I haven't changed my site, so I can't figure out why this is happening. Has anyone successfully corrected this problem. It's costing me traffic, so I have to figure this out. My site is based on the classified starterkit.
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
In my application i have login Page in that i have login Control of asp.net, when user clicks on submit button i am authenticating the user and and redirecting to default url.
now what i want is using address bar i want to authenticate the same process with out opening the login page and give user name and password in the login control. Directly i want to inject the username and password in the address bar and need the same functionality what the submit button does.
i have articles on net using post methods but i am not able to do this.
I've recently enabled Digest Authentication on an intranet website/application I am creating for my company in ASP.NET.
The reason I have done so is because Windows Authentication seemed to only work for some users, and not for others. I could not figure out why nor do I know enough about IIS to try and trace the issue. After some trial and error, I found that digest authentication seemed to give me the behaviour that I wanted. That is: allow only users with a valid account on the domain to log in to the website with their credentials.
The problem now, is that Firefox (3+) seems to ask for the user to authenticate on every HTTP request sent to the server. This does not appear to occur in Internet Explorer (6+) or Chrome.
I've tried searching for solutions but I always arrive at dead-ends. I'll find a discussion about the issue, and every posted solution leads to a dead link...or it's on Experts Exchange and I don't have access to view to solution.
The issue appears to be related (from what I've read) to the way the different browsers send their authentication headers vs how IIS interprets them. I'm not sure what I can do to change this though? One of the solutions I had found mentioned writing an ISAPI filter to fix this, but of course the link to the finished filter was broken and I have no idea how to go about making one myself.
I've tried messing with the NTLM and other auth related strings in about:config to try and force Firefox to trust my server but that doesn't seem to work either.
From a few other sources I've read, it appears that everything should work if I switch back to Windows Authentication, but then I'm back at square one where the authentication would work only for some users and not others.
A solution for either problem would work for me, but I have very little information for the Windows Authentication issue. If someone could guide me through tracing the problem I'd gladly post more information for it as well.
I made a custom MembershipProvider to work with Oracle and my own database schema. I also have my own layout of controls and am not using the built in ASP log in controls. I don't even want to use it templatized. Reason being is that I don't want to show all those controls on one page.I want on the top of every page on the siteUsername textbox Password textbox Sign In button Register buttonI created a register form as the first step of trying out my provider. Everything has landed in the database correctly.Now my problem is that when a user clicks the Register button from any page, I need to note what page is requesting the registration form and then send them back when registration is complete. The built in controls seem to automate this behavior, but I do not know how to do it myself.So question is: How can I program the site to remember what page a user came from when clicking a register button, then send the user back when registration is completed?
I have created a test user/password on my web site. The intent is to have prospective clients login and try out the tool. Instead of telling them the userid/password of the test user, I'd like to tweak the Login wizard.
In the Load event, I was able to specify login1.UserName = "test user"
But when I try to specify the password, I'm told it is a readonly field. How can I 'force' a specific password? Or, how can I call the login event directly and pass the needed values?
I want to use autouser login in my website using ASP.NET C#.i.e., If I say that autouser login, this means user has to include user id and password to url for verification.
Example: http://10.9.80.210/Rmax/abc.aspx?Username=xyz,Password=1234Here, 'UserName and password' will be as autouser login, '10.9.80.210/Radmax' is the website url, 'abc.aspx' page is any of the page of website.
For testing I used this:[URL]Encrypts only the password is not encrypted and username.Why not?For security reasons, I would like also to encrypts username.
I have an intranet run with IIS, with basic authentication config. See more in this screenshot:
[URL]
Of course, then, when user login, this screen will appear:
[URL]
After successfully login, is there any method to get UserName (very easy to get) and also Password (don't know yet) from asp.net coding (run at server)
I am trying to implement a small site which requires users to login using Forms based authentication. I have followed the tutorials found on various sites on the net and in particular the one at [URL] This enabled me to get a sample environment in place but it seems as though I am having a problem authenticating a user for which I know the username and password are correct.
I have a ASP.Net 3.5 site with my login.aspx form in a folder named login, my default.aspx in the root of the site and my protected content in a folder called main.
I am authenticating against a SQL Server Express database, so I have ran the aspnet_regsql.exe command to populate my database.
I have added the following authentication/authorization lines to my web.config
I believe that my connection string and my database are ok because if i use the ASP.NET Configuration from within Visual Studio I can create and manage my users and I can also see them in the tables in the SQL Server. Also if I do enter any incorect credentials in my login page the page tells me that the password is incorrect.
I got a username and password field which made by myself and a User database which is all manually made
So now I wish to know how to authenticate user using the username and password data enter by the user and match with the database data to verify user is a member and login?
For what i know, the code should be something like this
SELECT UserName, Password FROM dbo.User WHERE UserName - @UserName
@UserName = ?
How do i assign the value from my username text field to @UserName?
I am trying to login usng form authentication from my web.config but it does not work. In the web.config i have the following: (i am going to make the password secure but just need to work with the basics
so I will admit this is a pretty stupid question. To my defense, I have never done it before. So take pity. I followed Joe Stagner's video on using the built-in authentication. Now, I would like to query a database using VB.net codebehind to verify if the user exists. I am clueless. Yes, I have a connection string already.
I had created an application which authenticate the user from the Active Directory,I had published the code on the server but when the page executes it ask for the username/password.i don't want this to happen, how to suppress this username/password screen.
I am writing a simple plugin for IE. I need to store a password and username setting for the user who uses the plugin. I know that I can store the username/password in the registry, I can manually encrypt it using the encription classes with .NET, or I can store it in a config file and encrypt the config file. I was wondering if there is a specific pattern/mechanism that I should use to store password and username.
I have a website that uses master page. I want a pop up to display so that user has to enter valid user name/psw in order to see pages. There will be only one username/password so web.config will store that info.
how to display pop up and check username and password.
I have only username. and want to check and grab the password from the database. It is BEFORE LOGGING IN. so I don't think the build-in asp.net functions could be used, right?
