I want to learn how to use authentication in your web appliction specially using some algorithm to encode your password so that it may be verified through a DB/file.
View 1 RepliesDoes anyone have a simple tutorial on how to build a multi tenant application using MVC 2?
View 1 RepliesI have written a javascript code for handling the password functionality. The scenario is: when user wants to change the old password, he cannot fill the same old password again. I have written the code. But even the simple alert of blank textbox is not working. See the code for reference:
Javascript code:-
<script type="text/javascript">
function ltrim(str) {
var reg
reg = /^s+/g
return str.replace(reg, "")
}
function rtrim(str) {
[Code] .....
aspx code:-
<tr>
<td class="auto-style1">Old Password</td>
<td class="auto-style2">
<asp:TextBox ID="txtOldPassword" runat="server" TextMode="Password" class="txtcareer"></asp:TextBox>
<asp:RequiredFieldValidator ID="reqtxtOldPassword" ControlToValidate="txtOldPassword" runat="server" ErrorMessage="*"></asp:RequiredFieldValidator>
[Code] ...
Why this is not working...
I created a database for user authentication. After I pass loging parameters to the stored procedure in the database and they return a user ID for that user I use the following line for authentication:
[Code]....
User gets authenticated but the problem is that ASP.NET does not recognise the user as authenticated until the page is refreshed.
I have written a web mailer that can send and receive emails and display them on a webpage.I have a problem displaying special characters though. Like Russian, and Greek and chinese.I am using openpop.net and I can get the encoding of the incoming email as one of my variables.Thing is, how do I display it? Do I set the content encoding of the whole page to what that specific email encoding is?I've got it UTF-8 at the moment and I get garbage.
View 3 Repliesi want a simpe login systemm using webconfig file and one login.aspx page.
View 3 RepliesIm pulling out a text field from the database which has and 's in it for line breaks. Which I have left there for pupose of being able to edit the fields later on.
So when i try to display the text I need to replace them which I have done with:
[Code]....
Simple enough. Only when I run the page the source code I get for it is:
<br />
So it seems its not encoding the < as a encode but into the form <
Does anyone know how to stop this happen. Or a method around it?
I am developing a C# / ASP.NET web application in VS 2008 on a 32-bit XP. I created a Login.aspx file for the user to enter a user name and password initially before seeing any data. This functionality works now from VS. I added users and roles by entering ASP.NET Configuration. However, after publishing to IIS 6.0, the password does not work there. How do I configure Directory Security in IIS for the same user name and password to work?
View 1 RepliesI have a service (WCF) with which my ASP.NET page will communicate. The WCF service has hashed passwords in its data store (a file actually). The WCF service requires the username and the hashed password on every call. Nowm the problem I'm encountering is that if I authenticate the user with forms authentication in ASP.NET, a cookie will be saved in the user's computer after the user is authenticated but I would like to save the username and hashed password too so that the user may able to use the WCF service. Where should this information should be saved so that it is safe and secure? Should I use session variables? If I choose that option that, then should I switch from forms-based authentication and manually authenticate using session variables or use both forms-based autentication for web page access and store the username and hashed password in a session variable? What are the pros and cons of each?
View 2 RepliesI would like to know if it is possible in a custom Membership to get the username of the login and to get first his role before testing his password.
The reason is just that we have to implement also another security with RSA depending on the role of the user.
I have used form authentication, when i am trying to open the forgot passord page by click on link button that is on same login page. it needs authentication without authentication, i am not able to access the forgotpage.aspx
[code]....
I'm using the code below to authenticate a user in Active Directory, but the password is sending in clear text. How can I hash my password and then send it to Active Directory?
DirectoryEntry entry = new DirectoryEntry(path, username, pwd);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
Using windows Authentication... is it possible to progrematically change a password?
I tried using several ways to do this. I tried using the ChangePassword control. This tells me that minimun characters is 7 even though I have more then 7 characters... I also tried using this method:
[Code]....
The user is always null... and I am assuming this is because this object is indended to use with Forms authentication.
All I want to do is have an option for users to change passwords. Is this possible with Windows Authentication?
I'm writing an ASP.Net MVC intranet application which is accessed via handhelds and a range of browsers. My users all have AD accounts and have different permission to our SQL database views/procs depending on who they area. The database also uses CURRENT_USER for horizontal partitioning.
Because of the range of devices that need to access the application I can't rely on impersonation/delegation or the trusted subsystem. I want the user to simply input username and password (same as AD) when the above mechanisms fail.
Does anyone know how I can use AD username and password in a connection string to access the database without creating a set of SQL mirror accounts? I can't login with network service or a sql proxy account because the database needs to be user aware.
I am working on an application that uses windows authentication. Within this application, we give the user the ability to change their password. The user can change the password just fine. However, after they change their password, that is when things get weird. Sometimes they can navigate through the application just fine. Other times, they click on a link and are immediately prompted to supply credentials. Occasionly they can click on a link but upon a second click they are prompted to supply credentials. Does the browser keep a token to the original credentials and use this when they request the next page? If this is the case, why can i continue using the site sometimes? Can I change the password and then assign that token to the request?
View 1 RepliesI am a beginner of asp.net..I currently have a login page with forgot password link button on the bottom of the screen. I am also using forms authentication to prevent an unauthorized user from accessing the other pages. The authentication seems to be working fine except for one thing. It prevents the user from accessing the password recovery page once the user click on the link button. How do I allow all users access to the login/password pages and also prevent them from viewing the other pages if they are not authenticated?The code below is to prevent from other anonymous view other pages without access. But i got no idea on how to allow them to access password recovery page...
<authentication mode="Forms">
<forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?"/>
</authorization>
In the web.config, how do add a connection string by using a window authentication with the username and password? I have tried like this and it keeps ignoring the username and password
<connectionStrings>
<clear/>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Initial Catalog=ufiledb;Data Source=MyServer;User Id=user1;Password=xxxxxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
I have the asp.net with authentication set to forms. After deploying new version on server it started to display a UsernName Password dialog box (like in windows authentication) on the login.aspx page.
When user click "cancel" the login.aspx page displays normally and user could log in and continue his work normally.
I don`t know how to get rid of that dialog box? Anonymous login on IIS is enabled, and the anonymous IIS user has access to that file - login.aspx
[Code]....
View 4 Replies Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
I have an ASP.NET setup website using Windows authentication. Each time I open IE and try to access the webpage I get a windows authentication screen. Once I have logged in I can see the website fine. My problem is that every time I open a new IE browser I have to re-enter my username and password. I have heard about thew double hop issue, is this what it could be. If so how many ip fix this. Any ideas how i can stop this box showing up each time? I have ticked the "remember my username/password" tick box but still no joy. I am using Windows Server 2003, IIS 6.0 and .NET 4.0.
View 2 RepliesOne our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 RepliesI have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 RepliesI am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 Replies