Security :: Breaks Password Protection Directories?
Apr 21, 2010
We upgraded the ASP version in IIS to ASP 4 and now experiencing an odd issue with password protected directories. The directory uses a Web.config file that only allows a single login to access the directory. This worked fine until we did the upgrade to ASP 4. Now when the user logins in, it recursively prompts them to login. If the user hits cancel, they are able to access the page like normal. Is this a ASP 4 or IIS bug?
View 3 Replies
Similar Messages:
Jun 7, 2014
I have an aspx file and a aspx.vb file. It's a simple new user Web form in VS 2013:
aspx debug errors:
'password' is not declared. It may be inaccessible due to its protection level.
'strEmail' is already declared as 'Private strEmail As Object' in this class.
'strEmail' is already declared as 'Protected WithEvents strEmail As System.Web.UI.WebControls.TextBox' in this
'strEmail' is not declared. It may be inaccessible due to its protection level.
'username' is not declared. It may be inaccessible due to its protection level.
'username' is not declared. It may be inaccessible due to its protection level.
I have four form fields:
Code:
ID="username"
ID="password"
ID="ConfirmPassword"
ID="strEmail"
In my aspx.vb file I have:
Code:
Imports Microsoft.AspNet.Identity
Imports Microsoft.AspNet.Identity.EntityFramework
Imports Microsoft.AspNet.Identity.Owin
Imports System
[Code] .....
When I preview my form in the browser, I get:
Line 13: Dim strEmail As Object
Compiler Error Message: BC30260: 'strEmail' is already declared as 'Protected WithEvents strEmail As System.Web.UI.WebControls.TextBox' in this class.
Source File: C:UsersSteveDocumentsVisual Studio 2013WebSitesWebSite11AccountRegister.aspx.vb Line: 13
Yet, line 13 in my aspx.vb file is commented out.
View 11 Replies
Jun 10, 2010
I'm trying to see what is the best way to include some protection against XSS in a web app but it needs to be easy for the developer!
Let me explain. I'm going to provide a library for the developers which will include the security controls. I'm thinking I have two choices:
1) Include some HTML encoding functions in that library e.g. AntiXSS and let the developer call the function every time he needs to output something
e.g.
Response.Write(AntiXss.HtmlEncode(value));
2) Create a new write method
Response.Writesecure(value)
The writesecure method would then call the appropriate functions and it would be transparent to the developer.
Additionally, I can write some easy code analyis scripts that will identify the use of the standard Write method...
View 3 Replies
Mar 3, 2010
I am working on a very basic ASP.Net 2.0 website that will have a backend based on SQL Server 2005. The website has three basic pages (Home, About, and Contact) that are fully viewable by everyone. However, there is a fourth page called "Employee Login" that must present a Login/Password system to the visitor of the page. Upon successful login, a few more pages shall become accessible to authenticated users only.I need the simplest Form based authentication here however; the User Names and their Passwords are going to be coming from the SQL Database. Setting up the authentication to Form simply locks out the whole website. I need the basic pages to be login-free. Only certain pages need a login.
View 3 Replies
Mar 14, 2011
I can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
View 7 Replies
Feb 18, 2010
I'm trying to enumerate the directories and sub directories in a Windows Form using a Tree View. I can view the directories but when I want to see the files in the sub directories I only see the files from the root.
[Code]....
View 1 Replies
Feb 2, 2011
I have a website that contains control panel section in saperate folder, Admin. There are 2 login pages, one for root directory (appl for end users) and one for admin directory. I define authentication and authorization in root web.config. It works for root dir. But when i add web.config for Admin dir it gives me build error "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level". Note: I have not added application as virtual dir in IIS. I run it from File System ie by using port no with localhost -http://localhost:xxxx/mysite/
View 3 Replies
Mar 29, 2010
I am developing a web site where there are two groups of users: sponsors and members. I would like each group member to login based on the group they belong to, but through a different login page. It turns out that I cannot add two separate 'loginUrl' elements to my web.config file, so how would I workaround this?
I wanted to use: loginUrl="Members_Login.aspx" and loginUrl="Sponsor_Login.aspx"...
View 13 Replies
Jul 23, 2010
I was reading some tutorials on Internet and Go through some Scott articles. I learn how to make form security with different types and roles. Now I wanted to know is it possible to secure asp.net control as per user login or just web page and directories.
View 17 Replies
Feb 24, 2011
I am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
View 1 Replies
Jan 13, 2010
I using change password control, how can i change the password without enter the current password?
View 8 Replies
Sep 9, 2010
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
View 1 Replies
Feb 4, 2010
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
View 2 Replies
Aug 18, 2010
I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
View 2 Replies
Nov 18, 2010
Is there a way to assign a value to the password and confirm password fields of the CreateUserWizard control programmatically when the page loads? The CreateUserWizard.Password property is read-only.
View 3 Replies
May 27, 2010
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..
View 1 Replies
Jan 27, 2010
Am trying to open a .pps/.ppt file through my vb.net code.....due to secure reasons this file is password protected,
However i will not like the end user to put a password when accessing through my application.
Hence i want to pass a password as a parameter while open such a password protected file.
Here is my code.
Reference URL: http://support.microsoft.com/kb/303717/EN-US/
Dim oApp As Microsoft.Office.Interop.PowerPoint.Application
Dim oPres As Microsoft.Office.Interop.PowerPoint.Presentation
Dim objpresset As Microsoft.Office.Interop.PowerPoint.Presentations
oPres = objpresset.Open(filename, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue)
Where can i provide password while opening a ppt file...
View 2 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Jul 21, 2010
I'm having the problem of my password fields being cleared when a postback occurs on a dropdownlist selection change.
Is it a security threat to fix it with this...
protected void Password_PreRender(object sender, EventArgse)
{
(TextBox)sender).Attributes["value"]
= ((TextBox)sender).Text;
}
View 2 Replies
Mar 8, 2014
I have tried many protectors and obfuscators on my projects but havent anyone that works well. I know there isnt any protection that cannot be cracked but there must be some that is hard = requiring alot of time for the cracker, perhaps too much time so they skip trying?
Another problem with protection is that they often show false AV alerts which scare away many potential customers.
In my last .NET project I used .Net Protector which seems to be working well so far but the problem is that it shows false AV Alerts also what concerns me a little about this protection is that the protector itself have been cracked, check here: [LINK REMOVED BY MODERATOR] .
What protection to use for C#, .NET or C++ as it is these languages I mainly work with.
View 2 Replies
Dec 1, 2010
I've implemented the Membership & Roles infrastructure of ASP.Net and it generally works well [in my ASP.Net 3.5 C# project].
However, testing is revealing something rather peculiar:
Start the web appDeliberately enter the wrong passwordTry again, this time with the correct password - fails to loginTry once again with the correct passwrod - login is successful Clearly this can't be the way it's supposed to work! I'm curious whether anyone else has observed this phenomenon, and if so, how did you fix it?
View 4 Replies
Oct 12, 2010
I have been trying to encrypt password and found a code which is working with Access fine but as i have changed to SQL it is not decoding the encrypted text.. it amazes me..this SQl code is not letting me log on..
[Code]....
Whereas this OlebDB/Access is working fine
[Code]....
View 4 Replies
Jun 23, 2010
I am having a big problem trying to set the password for a login (MS SQL Server Management Studio).
I can create a new login and specify a password. Hitting "OK" reports no errors. Opening the newly created login shows that windows has automatically changed the original password to something else (I can tell because of the password length).
I have no idea why this is happening and have even tried reinstalling SQL.
View 8 Replies
Mar 10, 2010
I am having a issue with my form authenticating the form. I checks to see if there is a password but does not authenticate. Here is my code.
[Code]....
View 5 Replies
Jun 9, 2010
I have develop one website in asp and access. But now a day it is facing a problem of sql injection. So how can I protect the .asp pages from sql injection. I have gone through some of the post and get that some function have to written to overcome the sql injection.Function as below...
[Code]....
View 1 Replies
