Web Forms :: Enable Users Recover Password If Forget Passwords In Web Application
Aug 21, 2012
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
I have login page and i have 2 text box and 2 button
1-btnlogin 2-btnforget
When users forget their password they click on btnforget and they go to pass.aspx page in this page they enter their email address and click on send button ...
I want when users click on send button automatically send me an email with their username and email address that they type in textbox ...
I cannot send email to the the users when they forget their password ( I am using .NET's Forgot password wizard), and I am using the below code in the web.config file. My hosting provider is Go Daddy and it is a shared hoting.
[code]...
I can email the password in my local machine by using the forgot password wizard, but after I have uploaded all the files in Go Daddy, it does not work. That means, I am wrong somewhere at above mentioned code.
My issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
I have finally designed the school portal. I am having another challenge now. I have created the recover password page. But when it comes to clicking submit I recive error. How do code this so that the password will be sent to my members email.
URL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
When user enters their email id i how to send email to them ? whether it is good to send their password or send a link to change password? how to make the link not working after 24 hrs/1 day?
I am trying to use the asp.net contol recover password in my web page I cna load the page and enter the username and answer to the question fine but when I click on the submit button I get an error message saying System.Net.Mail.SmtpException: The operation has timed out
the stack trace is
[code]....
I have only put the recover password control on the web page I havn't added any formatting or code and all the other emails I have set to send work fine so can't see why the smtp setting would be wrong for this unless I need to add some code to my page.
When I load the login page & enter user name the textbox of the password is showing the password I want each time I enter the user name, the textbox of the password being empty and I should enter the password myself...
Is it possible for a user to recover their password by entering their e-mail address alone?
Right now I am using the PasswordRecovery control, and i have security questions disabled. So all the user has to do is put their User Name, and hit submit, then their password is e-mailed to them.
But, a lot of my users forget their User Name, so right below I have a User Name recover section. The user inputs their e-mail address, and their corresponding user name shows up.
I would like to simplify this and just require the user's e-mail address to provide them their user name AND password.
Is it possible to use the PasswordRecovery control to recover a password using the email address instead of the user name?
Ideally I'd like to have the PasswordRecovery control allow users to enter their email address instead of their user name and then proceed to answer the security question.
When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
I have been trying to change a users password, I have been using this code
[Code]....
I do not get an error during the try routine, but my problem comes that when the user goes it insert their new password (using login Control) it says that the password is wrong.. and they then can't login using either their new or old password.
All Password critria is met, web.config if set so passswordQuestion = false
I created a Membership login system for my client, now they do NOT want the user to use one of his 5 last passwords when it comes time to create a new one.
Is that something that is build in or how could I accomplish that?
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
Before I continue I'm going to let everybody know that I am not trying to follow a traditional .Net Membership Provider. I'm attemping to write my own Membership Provider which does not extend the default .Net Membership Provider b/c I feel that in areas it can become extremely cumbersome. Please keep this in mind before responding. Also keep in mind that I am trying to learn from this experience, not find an easy solution for some client's application.I am writing a custom membership provider that has password formatting functionality similar to .Net's default membership provider. I'm looking for soe good/easy examples of ways to encrypt/decrypt or hash password values. I previously tried going the RSA route, but got stuck when I had to Import an RSAParameter and was unsure of how to generate a RSAParameter.
I would like to have both Hashing and Encryption available, but only need Encryption. I'm also looking for a very strong encryption. I'm storing the password format in an external .xml file (similar to how the web.config stores the password format for .Net's Membership Provider) which will become manageable from the administrative side of my webapplication.If anybody knows of any existing Encryption libraries that may provide assistance, please feel free to post links. I only ask that they be open source solutions so I can see how they went about doing this.
I've got a system that was partially written by someone else and is a complete maintenance nightmare for such a small app. I've finally been given changes which justifies just rewriting the horrible mess so I am moving it to Django.
Before I take the plunge, I've been trying to move over the password hash and salt into the Django auth tables [sha1]$[salt]$[hash] but can't get it to hash properly (resetting passwords isn't really an option).
Here is what I've been able to find out so far:
ASP.NET stores the hash as base64 string and uses a base64 salt (before hash) I can obviously reverse the base64 hash to a byte array Django uses a hexdigest, I tried BitConverter.ToString but they hash differently
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?
This is a mix of programming and sysadmin but I decided its more of a programming issue.
Currently working building a password management web application for managing Oracle user accounts (C#).
The scope calls for verification of the users Oracle username and password before they're allowed to set a new password. Without creating a table of users passwords (hashed or otherwise, this is a security risk), how can I verify the old users password?
My current solution is to make an attempt to connect to the database using the username/password specified by the user. Too many attempts at this would lock the user out on the Oracle end, so brute forcing isn't too plausible. Are there other security risks here I am missing or is there a better way of handling this?
We use AD as primary authentication but the AD accounts aren't tied to the Oracle accounts so it's just a preliminary check.
AD Check for proper domain (intranet) User enters Oracle Username/Password Enters old Password, new Password + Confirmation Reset password if correct
Is it possible to allow users to login with Email, UserName, Phone or Password. but landing page should only select record by UserNme
LOGIN
protected void OnAuthenticate(object sender, AuthenticateEventArgs e) { string constr = ConfigurationManager.ConnectionStrings["con"].ConnectionString; int UserID; using (SqlConnection con = new SqlConnection(constr)) { using (SqlCommand cmd = new SqlCommand("Validat_UserTable"))
am working on a new site and i want to do tothings for security1. I want to encrypt the password of the user who register on my site and also decrypt it to enable him in login again.2. I will make an online exams so I want to disable the user functions to hack the exams materials such as (print page, print screen , or even selecting data manual by mouse )I googled a lot about this matter I found java scripts to make this but what about the users who will disable scripts on their browsers. So I want to do this with C# Code.
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
We are about to start letting CONTACTS come into a public facing website to see reports about PARTICIPANTS they are associated with.
These CONTACTS will have limited access once within the system.
We are going to allow CONTACTS access by loading the EMAIL address they have into a USER table - where the password will be stored - simple so far.
What is common practice for telling a person the PW you have setup for them? Is that PW always a "pre-expired" PW? I wasn't planning on letting the contacts change PW's - but I guess if that is required to be nearly best practice I'll have to.