The below code and the config works fine, but force to enter user name/password case sensitively, i want to make it non case sensitive.
Code:
protected void LoginButton_Click(object sender, EventArgs e)
{
try
{
string uid = UserText.Text.Trim();
string pwd= PwdText.Text.Trim();
if (string.IsNullOrEmpty(uid) ||
string.IsNullOrEmpty(pwd)).....
How do I use the FormsAuthentication.Authenticate(Username,Password) method to match against the generated Database?..since as far as I have read, it matches the values against the Web.config.
View 1 RepliesI Need to Authenticate a User by using FormsAuthentication.SetAuthCookie and Check User is Authenticated in Another page Load How to Do this anyone?
Login Page
if (txtuname.Text == "mike")
{
FormsAuthentication.SetAuthCookie("mike", true);
Response.Redirect(FormsAuthentication.DefaultUrl);
}
Welcome Page
PageLoad()
{
}
I am very new to AD and querying it. If you can, how do you specify case sensitivity in the LDAP query?
I have a series of methods that convert a lamda expression into an LDAP query but i don't know the syntax for case-sensitive searching.
The field it is searching is case-insensitive but as it is a base attribute i don't want to modify it.
If a browser requests http://site.com/?q=abc
and gets a 301 redirect response to location http://site.com/?q=ABC (note case of querystring)
Is it possible for the browser to ignore the difference in case and re-request http://site.com/?q=abc, thus causing an infinite redirect loop?That's the scenario that appears to be happening according to the IIS logs. It seems to be isolated to Internet Explorer with some variation of the Ask toolbar installed (based on user-agent values). I even installed the Ask toolbar, but have not been able to recreate this scenario in any way.
I can't post the source code, but for those that want something, here's the general logic:
Page_Load(object sender, EventArgs e)
{
var q = Request.QueryString["q"];[code]...
As you can see, if this page is requested with ?q=abc it will be redirected once, but then it'll render as usual because the redirect goes to ?q=ABC.Is there any scenario where the browser (specifically IE with the Ask toolbar) could ignore the case of the redirect location, causing an endless loop?
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
I currently have an odd problem with ASP.Net authentication. Consider the two following lines:
MembershipCreateStatus ct = new MembershipCreateStatus();
Membership.CreateUser("admin", "mypassword", "test@gmail.com", "1", "1", true, out ct);
This does register my user in my database. I have verified this.However, when I run this immediately after:
FormsAuthentication.Authenticate("admin", "mypassword");
The authentication fails. The weird thing is I know for a fact that the user does exist in the db, and that is further confirmed if i run
MembershipUserCollection uc = Membership.FindUsersByName("admin");
and uc does hold my admin user withe all the proper info. why Authenticate would return false?
I´m building a home page where logged in users shall buy products. To be able to get to the buy page the user already has to be logged in. But when he shall execute the buy he has to reenter his password again to check the user a second time. How do I check if his entered password matches his user password? I´m using the ASP Membership library and I have passwordFormat="Hashed".
View 3 RepliesI am creating a website for reset the password in one of the application from the back end.
I have created a webpage with only one button called "RESET".
If user click the button, it should check the user have already access the application from the "USER" table. If no access, the message appears "You do not have an access."
If yes, next step whether the user have authenticate. If yes update the encrypted password from new table called "UMRESET" to the application table "USER" password.
I am having some trouble with active directory authentication using FormsAuthentication in ASP.NET MVC 2 (VS 2010).
As I understand it I should be able to step into/through the Microsoft source code for FormsAuthentication.Authenticate if I check 'Enable source server support' and 'Enable .Net Framework source stepping' in Options->Debug->General and specify 'Microsoft Symbol Servers' in Options->Debug->Symbols.
I have done this and can step into a whole bunch of MS source code, but not FormsAuthentication.Authenticate. The debugger simple steps over it.
If I could step into FormsAuthentication.Authenticate it would make my life a whole lot easier.
I have configured Forms Authentication in my web config file as below.
Following is my code
[Code]....
The issue is that FormsAuthentication.Authenticate never returns true. This is a very simple website with only two pages and no other code(The code too was copied from MSDN).
[Code]....
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
I am having a issue with my form authenticating the form. I checks to see if there is a password but does not authenticate. Here is my code.
[Code]....
I am trying to implement a small site which requires users to login using Forms based authentication. I have followed the tutorials found on various sites on the net and in particular the one at [URL]
This enabled me to get a sample environment in place but it seems as though I am having a problem authenticating a user for which I know the username and password are correct.
I have a ASP.Net 3.5 site with my login.aspx form in a folder named login, my default.aspx in the root of the site and my protected content in a folder called main.
I am authenticating against a SQL Server Express database, so I have ran the aspnet_regsql.exe command to populate my database.
I have added the following authentication/authorization lines to my web.config
<authentication mode="Forms">
<forms loginUrl="~/login/Default.aspx"
protection="All"
timeout="30"
name="AppNameCookie"
path="/FormsAuth"
[code]...
I believe that my connection string and my database are ok because if i use the ASP.NET Configuration from within Visual Studio I can create and manage my users and I can also see them in the tables in the SQL Server. Also if I do enter any incorect credentials in my login page the page tells me that the password is incorrect.
I got a username and password field which made by myself and a User database which is all manually made
So now I wish to know how to authenticate user using the username and password data enter by the user and match with the database data to verify user is a member and login?
For what i know, the code should be something like this
SELECT UserName, Password FROM dbo.User WHERE UserName - @UserName
@UserName = ?
How do i assign the value from my username text field to @UserName?
Does anyone know how I can authenticate users based on their Email Address and Password as oppose to Domain, Username and then Password?
View 1 RepliesI want to know case sensitive password for my login form(C#).
View 1 RepliesWhat is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
what is the use formsAuthentication.user.identity
is it one of the property of page
My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case)Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)?
View 2 RepliesURL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
View 1 RepliesI'm using the ChangePassword method of membership provider to change the password and one of the requirement before calling the ChangePassword is to retrieve the current password. But I'm getting error:
padding is invalid and cannot be removed
below is my web.config:
[code]....
I have a web form, which is to allow user to reset their password. When I clicked on the button, I got this error
"Input string was not in a correct format."
The code behind the button is:
[Code]....
When the user types in the new password, this new password will be hashed upon clicking the button and saved into the database.
I'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control:
[Code]....
My web.cofig settings:
[Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
I have my project set up with the virtual path "/MyVirtualPath", create the virtual directory in IIS 6 (W2003) and everything works fine. Then to work better with Google Analytics I change the virtual path "/myvirtualpath" and change all redicecciones and links to lowercase. also applies the class "lowercase route urls in aspnet mvc" and works perfectly.
The problem I had to modify the virtual directory in IIS, delete virtual path "/MyVirtualPath" and I created the new "/myvirtualpath", but in all cases I use tilde "~" or where I make a "RedirecToAction" (which should take "LowercaseRoute"), continues to maintain the virtual path "/MyVirtualPath". For example, if I see the HTML source code in the browser, see "/MyVirtualPath/Content/Site.css" instead of "/myvirtualpath/Content/Site.css. "