Validating User Oracle Passwords For Reset Application
Mar 2, 2010
This is a mix of programming and sysadmin but I decided its more of a programming issue.
Currently working building a password management web application for managing Oracle user accounts (C#).
The scope calls for verification of the users Oracle username and password before they're allowed to set a new password. Without creating a table of users passwords (hashed or otherwise, this is a security risk), how can I verify the old users password?
My current solution is to make an attempt to connect to the database using the username/password specified by the user. Too many attempts at this would lock the user out on the Oracle end, so brute forcing isn't too plausible. Are there other security risks here I am missing or is there a better way of handling this?
We use AD as primary authentication but the AD accounts aren't tied to the Oracle accounts so it's just a preliminary check.
AD Check for proper domain (intranet) User enters Oracle Username/Password Enters old Password, new Password + Confirmation Reset password if correct
View 3 Replies
Similar Messages:
Aug 4, 2010
My issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
View 2 Replies
Aug 4, 2010
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?
View 1 Replies
May 6, 2013
{
"error": {
"message": "Error validating application. Invalid application ID.",
"type": "OAuthException",
"code": 101
}
}
View 1 Replies
Mar 9, 2013
I am getting the error from ur sample codeError validating application. Invalid application ID.",
"type": "OAuthException",
"code": 101
though i have added app domain name as "localhost.com"and site url as "Http//localhost.com:port_Number"/.
View 1 Replies
Mar 9, 2011
I seem to be having some difficulty working out how to encrypt the user's password at the time they register for an account. To ensure that I am storing the password securely, I would like to be able to encrypt the password before it is inserted into the database.
When the user logs in I can then encrypt their password at log in time and compare this to the encrypted password in the database, meaning that the password in the database never needs decrpyting.
View 2 Replies
Aug 21, 2012
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
View 1 Replies
Mar 8, 2010
I'm trying to find out how i store user names and passwords in the web.config file. I have tried looking for documentation on this but haven't found any so far.
I see in the class library it says that the Authenticate method of the FormsAuthentication class is for use in authenticating credentials against those stored in the config file, but i don't know how to store them there to begin with. I want to store two username:password pairs in the web.config file preferably encrypted.
one of these username:password pairs i want to be hard coded. The other i want to be able to be reset with a password reset form which I will code later. I guess there maybe a method for creating a sername:password entry in the web.config which could be used with my password reset form if such a method exists. But I need to know how to hand code the username:password entries into the web.config file to begin with and to beable to create the hard coded pair.
code I need to add to my web.config file i need to add and in what section?
also can you point me in the direction of a method used for creating username:password entries in web.config
View 6 Replies
May 7, 2015
URL.... Still there will be need of url in ajax method if i put javascript in site.master.cs . As what i have understood from that mysite.master.cs will be like this :
protected void Page_Load(object sender, EventArgs e) {
try {
if (Session["Prefix"].ToString().Trim() == "sys_admin") {
UserNameMasterLabel.Text = Session["UserName"].ToString().Trim() + " (ADMIN)";
[code]....
And site.master will be like this :
And I have to put next method in DailyLog.aspx page ? like this
System.Web.Services.WebMethod(EnableSession = true)]
public static int RefreshSession() {
HttpContext.Current.Session["Name"] = "BSD";
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/Web.Config");
SessionStateSection section = (SessionStateSection)config.GetSection("system.web/sessionState");
int timeout = (int)section.Timeout.TotalMinutes * 1000 * 60;
return timeout;
}
But I have several pages in my website , by doing the above story will it work for Builder.aspx ? or any other page rather than dailylog.aspx ?
View 1 Replies
Jun 14, 2010
I'm working on an ASP.NET app that keeps a lot of data cached. This data remains cached when I restart the app, so I have to reset IIS if I want to rerun the code that gets the data, otherwise it's just taken from the cache. Is there a way that I can automate this?
View 2 Replies
Oct 13, 2012
I want to prompt the user to enter up to four specific months as an input on my page. Should I use a textbox control and just apply validators to it? or a check list box? which would control what the user puts it and would make it easier to iterate through the selected items? The only concerns I have are the looks of the list box. Can I make it look and feel like a drop down box? Also, how do I limit the selection to 4? If I use a text box, how do I validate that "up to" 4 items are entered let's say separated by a comma?
View 5 Replies
Dec 17, 2010
My company has an application that handles shopping cart check out processes.The application is written in VB.net with the .NET 2.0 Framework.We are running IIS 6.0 as the web server and have,what we consider,excellent exception handling.For those exceptions that we can't figure out why they're happening,we use Elmah to handle them,package them up,and email them to us.We still see a fair amount of unhandled exceptions,handled by Elmah.
My question is:This is an application that is used by many people on the web at the same time.If there is an unhandled exception (handled by Elmah, mind you),does this then reset the application so that all users who aren't doing anything naughty see the application blow up in front of them when this happens?
View 2 Replies
Feb 16, 2011
Changes in ascx / aspx files - will it reset application? Sometimes on dev server they won't cause it whereas on live server I think it sometimes causes it. What is the rule?
View 3 Replies
Apr 7, 2010
I am using forms authentication (built into ASP.Net) and allow users 5 attempts to login with an invalid password. After that they are locked out. How can I programmatically unlock someone?
[Code]....
View 1 Replies
Mar 23, 2010
How do you allow the user to reset their password if they have forgotten it and have the new password sent to their email address?
View 2 Replies
Jun 9, 2010
i am using a wizard control with few textboxes in it and i want to validate them how to do?
View 1 Replies
Jun 21, 2010
i am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
[code]....
View 3 Replies
Jan 18, 2011
I have created the user control and it has got one table with few rows in it. One row has got a text box with custom validaor and other row will have check boxes dynamically added through server side.
On the main page, i am loading that user control about 10-15 times depending upon the values from the database.
Is there any way of setting the properties of user control validator on the main page? Text box will only be validated if any check box is checked in the user control.
I am also not able to find the usercontrols through the main page.
View 9 Replies
Feb 9, 2011
I am using Membership provider.. I integrated the aspnet member tables into my database.
I need the user to enter password on a data entry form and validate it against the membership tables.
How can I do this. This is the set up. I have few fields and user enters those fields and also enters the password, and submits the form. It is kind of like signature... i am looking for something like..
If txtPassword.text = membershipprovider password
{
//do this...
}
View 1 Replies
Mar 15, 2010
Is there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
View 1 Replies
Jun 22, 2010
I am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
<add name="MySqlMembershipProvider" connectionStringName="SQL2005DB380ConnectionString" applicationName="MyAppName" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Encrypted" enablePasswordReset="true" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
How can I get old password and reset new password.
View 4 Replies
Sep 24, 2010
ser enters email addressafter submit, an email is sent to the user The email will include a link that will take the user to a reset password page.Now, how do I fetch user's ID based on the email address and encrypt it? Then what should link be? Like, what I want is fetch the User ID then encrypt it somehow so that the link doesn't contain the actual ID and that link will take the user to a page that will have textboxes to reset the password. I am just confused how to go about it.Also is this the secure way? To reset a password like this?
View 2 Replies
Jul 15, 2012
I am working on roles. Allocated some tasks to Annonumous User and LoggedIn User. What happen, once I login it shows me the correct task for LoggedIn user. But if I restart the application then by default it shows me LoggedIn users tasks. I am testing chrome and I.E.
View 1 Replies
Mar 9, 2011
I have 2 user controls on registered on one aspx page. UserControl1 us having one text box with require field and one submit button.UserControl2 is also having one text box with requirefiled and save button.
Expected o/p is- When I am clicking on any button out of 2(submit or save). Then only related text boxof that user control should be validate. But the error is Both text boxes are validate.
View 1 Replies
Sep 14, 2010
I need a code for validating availability of username and display appropriate message to user if available / not available.
View 6 Replies