When I load the login page & enter user name the textbox of the password is showing the password I want each time I enter the user name, the textbox of the password being empty and I should enter the password myself...
View 1 RepliesIs there a way to prevent Google Chrome and other browsers from saving a password for a specific site? The server is ASP.NET MVC .NET4.
View 2 Repliesi want to protect webpage from saving from browser file->save as. i found some sites did it(facebook,orkut). when i try to save pages on that sites only home page saved. how to do this in c#
View 2 RepliesI have a page in which the user enters a password and verifies it. Below these controls is a link that will pull information and fill out other parts of the page.
No matter how I arrange the update panels, the password textboxes are cleared out. I don't want to use session, viewstate, or attributes as it is my understanding that will leave the password in the html of the page when rendered. I thought the whole idea of using update panels was so that one portion of a page could be updated without affecting another portion (for example clearing passwords).
My problem is that I have a TextBox with AutoComplete Extender and It's works but The browser save the text that i have Entered before so when i start writing to My text Box I have Two lists appear , one from the browser and one from the autocomplete
I want to disable the browser list and keep the autocomplete list only.
I have to make changes to some existing web applications at work to bring them inline with a new security policy.
I am using the framework 3.5 and am using the standard sql membership provider for user authentication.
When a user is changing his password, I want to prevent him using previously used passwords. What is the best and easiest way to go about this?
I was thinking a SQL table with the following columns, my problem was do I handle encryption here as they are old?
dbo.OldUserPasswords
UserID, GUID, NOT NULL, FK Reference to aspnet_Users.
Password, nvarchar(256) NOT NULL,
Timestamp, timestamp, NOT NULL
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
View 1 RepliesI use password recovery control for testing purposes. Passwords are stored in the database as hashed format.
Control can successfully send email to user but password always wrong. whats wrong here?
[Code]....
Before I continue I'm going to let everybody know that I am not trying to follow a traditional .Net Membership Provider. I'm attemping to write my own Membership Provider which does not extend the default .Net Membership Provider b/c I feel that in areas it can become extremely cumbersome. Please keep this in mind before responding. Also keep in mind that I am trying to learn from this experience, not find an easy solution for some client's application.I am writing a custom membership provider that has password formatting functionality similar to .Net's default membership provider. I'm looking for soe good/easy examples of ways to encrypt/decrypt or hash password values. I previously tried going the RSA route, but got stuck when I had to Import an RSAParameter and was unsure of how to generate a RSAParameter.
I would like to have both Hashing and Encryption available, but only need Encryption. I'm also looking for a very strong encryption. I'm storing the password format in an external .xml file (similar to how the web.config stores the password format for .Net's Membership Provider) which will become manageable from the administrative side of my webapplication.If anybody knows of any existing Encryption libraries that may provide assistance, please feel free to post links. I only ask that they be open source solutions so I can see how they went about doing this.
I have written a javascript code for handling the password functionality. The scenario is: when user wants to change the old password, he cannot fill the same old password again. I have written the code. But even the simple alert of blank textbox is not working. See the code for reference:
Javascript code:-
<script type="text/javascript">
function ltrim(str) {
var reg
reg = /^s+/g
return str.replace(reg, "")
}
function rtrim(str) {
[Code] .....
aspx code:-
<tr>
<td class="auto-style1">Old Password</td>
<td class="auto-style2">
<asp:TextBox ID="txtOldPassword" runat="server" TextMode="Password" class="txtcareer"></asp:TextBox>
<asp:RequiredFieldValidator ID="reqtxtOldPassword" ControlToValidate="txtOldPassword" runat="server" ErrorMessage="*"></asp:RequiredFieldValidator>
[Code] ...
Why this is not working...
I want to save my password and it sould be saved in encryptd form in my db SQl Server in asp.net.
View 1 RepliesI have a log in screen.
If the username and password do not match, it displays the message "invalid username/password" on the screen
But the cursor moves away from the password textbox. I want to cursor in the password textbox if the username/password is not correct
My issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
I want to prevent the copy and paste of passwword to confirmpassword. I have tried to prevent this action with the Javascript below but I continue to get the error "The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).".
The jvascript I am using is as follows:
$(document).ready(function () {
var PasswordClientID = = document.getElementById('<%= CType(CreateUserWizardStep1.ContentTemplateContainer.FindControl("Password"), TextBox ).ClientID %>');
$(PasswordClientID).bind('copy', function (e) {
e.preventDefault();
});
var ConfirmPasswordClientID = = document.getElementById('<%= CType(CreateUserWizardStep1.ContentTemplateContainer.FindControl("ConfirmPassword"), TextBox ).ClientID %>');
$(ConfirmPasswordClientID).bind('copy', function (e) {
e.preventDefault();
});
});
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?
View 1 RepliesI've seen on some sites where one is unable to save the images from that site. Is there a property or something that I would use where I can prevent users from saving images from my site?
I'm using VS 2008 and asp.net 3.5
i want to srore data of login info of admins. If any admin is login then i am storing his name,email id, Login Time in database and when he log out i store the logut time. The problem is that if the admin doesn't click on Logout button, he comes out by closing the browser directly then i am unable to save his logout tome.
View 1 Repliesi have issue with browser close prompt;
"the webpage you are viewing is trying to close the window"
in ie6 i prevent this by using coding
self.opener = this;
self.close();
in ie7 and ie8 i prevent this by using coding
window.open('', '_self', '');
window.close();
but, problem is which code will prevent for all brower(ie6,7,8) asking the message.
The web app in question provides a UI for editing a client (in the business sense, not the browser sense), identified by a ClientID. I store the ClientID in Session, which gets passed from page to page, along with a number of other pieces of data in Session. Works great.
The problem is that if the user opens a new browser window using Ctrl N or File->New Window (in IE), the new window comes up with the same page as the current page, with the same session info. Then if the user navigates to a different client in the 2nd window, the ClientID in session refers to the new client. If they go back to the original browser window and save, the original client gets saved using the 2nd ClientID, and all hell breaks loose, because now the data from the two jobs are intertwined.
I have enabled trace and verified that the new browser window uses the same SessionID as the original. If an entirely new instance of IE is opened, it has a different SessionID, so is not a problem. I have not yet investigated other browsers, such as Chrome or Firefox.
Is there any way to determine if a browser instance is opened for a web app which is already open in another window or tab? Or to prevent that from happening?
My problem is am filling a form in a webpage, and click on save for instance, take the URL of mu webpage and paste it in a new window and it loads all the information I subscribed, how can I prevent that knowing that I used the Below code and it does nothing
I need to know how to add a randomly generated token as an additional parameter in my request.
[Code]....
[Code]....
how to prevent the two session on a single browser ie: first i opening a site on mozilla then login after logged in . I am opening a new table with the same url login using different user after that suppose there is one link called view my profile on user home page if if click the link on first tab browser, it showing the user details on second tab browser user details ie: previous session.how to prevent or avoid this ?
View 6 RepliesWhenever there is a configuration error inside the web.config, the server sends a yellow screen of death to the browser with a few lines around it. My problem is I am using impersonation and I don't want the users to see the impersonating username/password. So how can I prevent the server from showing the web.config code??
View 1 Repliesi want to redirect from one web page to another web page in same server with some query string values, but i don't want to change my URL string and i don't want to display any query string parameters in URL.
View 1 RepliesASP.Net (C#) ... I have a URL like mydomain.com/detail.aspx?id=1. I want to no any one can change or remove content from my query string...
View 1 RepliesHow to prevent multiple browser windows opening in asp.net ...
View 1 Replies