I have a website running on iis 5.1 with asp.net 2.0. Where in the windows registry can I change the requirtements for some the security features? For example, I do not want to enforce strong passwords and I do not want to use the secret question and answer features.
I m facing major problems as i want to clear fields i.e username password firstname in create user wizard as i have tried follwing option but not working
1) username texbox empty
2) username viewstate false
3) createUser wizard viestep false as nothing is working
I've got a literal control to display the username of the user logged into our companies intranet system, originally I had a LoginName control but couldn't get strip to remove the domain from the username (as the format is domainnameusername) so I'm trying it this way.
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting. ' Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
currently im trying to implement a quiz system on my website in which system will auto mark student's ans. if the student's ans is wrong, system will prompt an incorrect answer, highlight the errors and count the number of errors.
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
I am using forms authentication to protect a website and would like to set it so when someone uses the registration form that the account created is disabled and an email is sent to me notifying me of the new signup. Then I can go and enable the account.
I am very new to this but have gotten the basic registration form and login form working with my SQL 2008 Server but this is a bit above me and I have looked through the MSDN info on the CreateUserWizard and don't see options for this.
So i dont need to use Q and A for password retrevial ( I use email password recovery), but I would like to use Q and A as and Admin, just as that higher level of secuirty.How can I turn off the encryption of the answer of the Q and A, or decrypt it in a report or something ???
So as the title suggested, I'm currently trying to compare the hashed answer in my database against the answer typed in the textfield by the user in the form.
I thought of hashing the answer in the textfield typed by the user first, and after that compare this newly hashed answer to the one in the database (which is already hashed). But when I typed in the SAME answer (before hashing) and hashed it to get the hashed value, by right the 2 hashes (in web form and database) should match? Somehow, it didn't. And I can't seem to get security answer right anymore (even though I typed the SAME security answer).
This is the code behind the button:
[Code]....
I tried in another way too, but still the same thing.
I'm dealing with a scenario where a legitimate user doesn't have a clue about his password, secret question or the answer. So, I was trying to create an admin tool that would help me in situations like these where the admin should be able to type in username and reset the password without having to know/enter answer to secret question. I understand that I need to make some changes to the web.config for this to work. I thought I made all the changes but my ResetPassword() requests are still not working.
I have a CreateUserWizard with three Wizard steps and one CreateUserWizardStep. The first two are accessible from the code behind by ID. The third and fourth are not! If I comment out the references to these two steps in the code behind the page runs fine. I have triple checked the variable names and everything is fine. Everything that should have a runat="server" does, everything is enabled, all of that good stuff.
why some steps in the same CreateUserWizard may not be visible from the code behind and others are?
The above code is my register wizard code, user can register just fine.When the user finish registration, there is a "Continue" button on the complete step.Clicking it will do nothing, how do I redirect the user to specific URL when the user click it?
I used the wizard and went through the steps to set it up and clicked DONE and closed the ASP.NET configuration window/wizard and the database was not created. What might be wrong here?
I am using CreateUserWizard control.. Is there anyway, I can put all the steps in the wizard process into one page. I do not like the idea of sifting through multiple pages to create a user. I would like one page where user goes through different sections (panels/divs) and creates a user ultimately all from one page.