Security :: Info On Establishing "secure" Login And Anti - Spam Registration
Dec 16, 2010
I need to learn the following security-related questions pertaining to ASP.NET membership system (which I am currently using):
1) How to set up "secure" log-in for site members (when other sites say "secure login", what exactly is meant?) --- is that easy for a novice programmer to set up?; are there third parties?; is this done in collaboration with the site host?...Or by using the ASP.NET member system (which I have already set up), is that by default "secure" already?
2) When signing members up, what is best way to block out spammers from the registration process? Is there also third party software I can use? Perhaps someone can give quick answers to these, or point me in the right direction to read a good updated resource on this.
View 4 Replies
Similar Messages:
Jun 29, 2010
I am building an email feature in my website (jobs site). By using this functionality, recruiters will be able to send emails to candidates. I want an option so that the user can also set 'From Address' and the email should be ANTI-SPAM compliant.
View 2 Replies
Oct 24, 2010
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
View 3 Replies
May 25, 2010
I've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
View 2 Replies
Jul 24, 2013
I am developing one web application in this,i am sending mail after registration uing c# in mvc but for gmails its going to spam folder how to send this to inbox?
View 1 Replies
Nov 9, 2010
I have a test form that I've placed the login and loginname tools on. The login portion appears to work correctly in that if the user puts in the wrong info it alerts, if the info is correct all is well and the correct URL is accessed. The problem is that the username control that I placed on the page does not in fact show the username.
View 3 Replies
Oct 20, 2010
I'm working on a project that requires registration and login. I know that ASP.NET provides login controls to get that job easily done. However, I'd like to implement custom registration and login. I mean my own registration and login forms and my own database. I've researched before posting this topic, but found nothing useful teaching me how to implement those functions. Can you guys tell me the way to implement them using LINQ and VB? OR can you give me the URL of the tutorial teaches exactly what I want?
View 2 Replies
Oct 25, 2010
how do I get my user to automatically log in after they have registered verification though e-mail?
Verification page:
[Code]....
View 3 Replies
Jan 24, 2011
I want to create a registeration page in asp.net(2.0) without login controls. How it can be done? I have another querry, regarding user details. I want where user information is stored. Can i open that table?
View 2 Replies
Jul 13, 2010
I wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
View 6 Replies
Feb 25, 2010
I have a masterpage that contains a number of links. When I login to the secure area of my website, the links are broken they are trying to access the page as if it was stored in the SecurePages folder. Code below:
[Code]....
View 8 Replies
Jun 18, 2010
i was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 Replies
Feb 5, 2010
I am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName
View 12 Replies
Jul 17, 2010
i got this message when writing code-behind page: Compiler Error Message: BC30506: Handles clause requires a WithEvents variable defined in the containing type or one of its base types. Source Error:
[Code]....
Line 2: Partial Class _DefaultLine 3: Inherits System.Web.UI.PageLine 4: Protected Sub NewUserWizard_CreatedUser(ByVal sender As Object, ByVal e As System.EventArgs) Handles NewUserWizard.CreatedUserLine 5: ' Get the UserId of the just-added userLine 6: Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName) also this from the error list: Error 2 'NewUserWizard' is not declared. It may be inaccessible due to its protection level. C:inetpubwwwrootWebSiteDefault.aspx.vb 6 60 [URL] the create wizard resides in the loginview
View 6 Replies
Jul 13, 2010
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
View 1 Replies
Dec 31, 2010
How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 Replies
Aug 22, 2010
I have design form layouts for signup and login pages
provide me the step by step code for sign up and login pages using c# with validation.
View 1 Replies
Jan 21, 2010
<asp:HyperLink id="HyperLink1" runat="server" Text="Email" NavigateUrl="mailto:example@mydomain.com" />
This is how I added an email link on my page, but does .net have any built in tool for preventing Robots from finding this address? What is a good way to present an email link that wont be detected by spam robots?
View 1 Replies
Oct 7, 2010
I was able to publish a web application with many projects inside it and which connects to oracle databasenow, I put it on remorte IIS 2003 server but it gave this error that has to do with aspnetdb fileA network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)and then I tried it on my local windows7 IIS local host and I got this error Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.
View 2 Replies
May 13, 2010
I have read many posts and have tried many solutions to this problem.
Simply enough, I can assign a role to a user programically during development, but when I publish to the 'web', the system doesn’t work. I am useing VWD 2008 in VB.Net.
I have been using permutations of : Roles.AddUserToRole("User.Name", "User").
Roles work throughout the site (per page/directory). Is there something I am missing?
View 2 Replies
Feb 9, 2010
i'm back again,i need some info about the login page. hope some 1 provide some useful link .i want to let the user login first before redirect to the my main page. I don know how to restrict the user access to my main page without login.
View 3 Replies
Jan 19, 2011
I am new at ASP.NET and I am having some difficulties. What I have below is a Registration and Login, both in one page. However, when a user is logged in, I would like the registration and login form to be hided. There is a LOGOUT option when the user is logged in.
[Code]....
View 2 Replies
Nov 23, 2010
I want to develop a site with secure login. i followed various tutorials, and created a site, based on the default master page. I believe i set up the asp.net configurations correctly. under security, changed authentication type to "from the internet", added roles, added users based on those roles. when i compile the project and test the log in, it works fine. but, in visual studio 2010's Solution Explorer the App_Data folder is grayed out and i cannot get into it to view the database. how do i view the tables and create new tables?
View 4 Replies
Mar 5, 2011
I've recently read one of Jeff's articles about XSS and it got me thinking about how to better protect the login cookies in my home cooked authentication system.
[code]....
so one of the questionable things I do is use the UserAgent string. Is there harm in doing this? Or browsers which will change their UserAgent string under normal operation(as in, without being updated)? My goal is basically for if an attacker gets a login cookie, for them to not be able to do anything with it. At the moment, the only info I store in the cookie plain text is the username.
View 1 Replies
Nov 24, 2010
I have one website running on one server and another web application running on another server. My web application asks for username/password to login into the system. I need to put a username/password field on my website so that user can directly login from website. how to transfer these username/password values to the web application running on another server?
View 3 Replies