How To Redirect The User To Password Recovery Page With Forms Authentication

Nov 29, 2010

I am a beginner of currently have a login page with forgot password link button on the bottom of the screen. I am also using forms authentication to prevent an unauthorized user from accessing the other pages. The authentication seems to be working fine except for one thing. It prevents the user from accessing the password recovery page once the user click on the link button. How do I allow all users access to the login/password pages and also prevent them from viewing the other pages if they are not authenticated?The code below is to prevent from other anonymous view other pages without access. But i got no idea on how to allow them to access password recovery page...

<authentication mode="Forms">
<forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<deny users="?"/>

View 3 Replies

Similar Messages:

Security :: Password Recovery Reveals Valid For User Ids?

Jan 4, 2011

A question has been raised concerning password recovery revealing valid user ids. Stage 1 of the password recovery asks for a userid and when progressing to stage 2 will display an error message 'Invalid user id'. In theory this would allow valid user id'sto be identified.Is there a setting we are missing? Something that would allow the user id and question to be asked, then a message saying the 'User/Question combination is invalid'.

View 2 Replies

How To Access To Password Recovery Page

Nov 29, 2010

I have the authentication which will redirect the unregister user to Login.aspx. At the bottom of the page,there are a link button will redirect the user to forgotPassword.aspx With having the authentication, i discover it don't allow the unregister user to go forgotPassword.aspx but staying in the same page.
so some expert have shown me this code..

can provide me the code in web.config here?

some expert have provided me the code..but i find no where to locate this code in web.config, none of them tell me where to locate this link.

View 2 Replies

Security :: Customize Password Recovery Verification Page?

Jan 22, 2010

Doing password recovery, after a user enters their user name a verification page appears. The page seems to appear from out of nowhere as I did not create it.I would like to have controll over it and reformat it.PS: I have a number of small issues like this with Login. Is there a complete running sample somewhere that shows these things. C# code

View 1 Replies

Security :: Haw To Provide On Credentials Page A User Name And Password If Use Windows Authentication

Dec 20, 2010


View 4 Replies

Security :: Password Recovery - Display On Web Page And Not Have To Use Smtp Server To Send Email

Apr 14, 2010

once user answers security question and clicks submit that you can then re direct them to a new page and display their password on screen? rather than send an email?

View 1 Replies

Web Forms :: Password Recovery Email Is Sent Twice?

Aug 11, 2010

Password recovery email is sent twice?


View 3 Replies

Web Forms :: Using Password Recovery Control Present In Toolbox?

Mar 26, 2013

how to use password recovery control present in toolbox.

is there any other way to recover forgot password?

View 1 Replies

Web Forms :: How To Add Additional Security Question To The Password Recovery Control

Dec 3, 2010

I'm using vs2008, asp.net3.5, c#. In the Password Recovery control, there is only user name at the UsernameTemplate. How can I , or can I, add an additional field for user to also enter their SSN? How do I verify this myself if Password Recovery cannot do the verification for me. I mean, where, like when the submit button is click? And then how do I cancel the submit for PR if tax id is not valid?

View 3 Replies

User Controls :: Decrypting Password On User Validation Or Authentication

Jul 17, 2015

Article : Encrypt and Decrypt Username or Password stored in database

The whole thing works very well but my issue is, after entering and encrypted password how does the user then log into the database?

When a user types in his password, the typed in password will not match the ecnrypted value in the database.

So how do I decrypt what is in the database and compare with what the user typed in and then validate the user.

View 1 Replies

Security :: How To Use The Password Recovery Control

Feb 16, 2010

how to use the password recovery control.

I am not able to write the code for it.

View 3 Replies

Security :: Password Recovery Does Not Work?

Jan 28, 2010

I have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.

This is my code:-


This code always returns the result of "Invalid User Credentials", so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something..

But this does not work..

You can see what i mean here:-


If you select "What street did you grow up in?" from the dropdown and then put in "deeplish" in the security answer, the result should be "**EXISTS".

View 2 Replies

Security :: Password Recovery Email Not Sent

Mar 19, 2011

My application can send email using:

new SmtpClient(null).Send(message);

But users have not been receiving emails sent by the password recovery control. This had been working.

We have made a recent change with the mail server. I don't know the details.

I use ELMAH to log errors, and nothing is written to this log.

I was wondering if there something in the authentication tables that shows when a password has been reset in this manner.

View 3 Replies - Password Recovery Validation Failing In IE Only?

Mar 30, 2011

I'm using the ASP.NET Membership provider and using the Password Recovery control to reset the user password if they forget it. On the whole it all works fine, but with one catch when it comes to validation.

I have expanded the PasswordRecovery control out to use the template feature to customise the appearance, which is all fine. I have set the user lookup error handler using:


in the opening tag and if I load up the page, type in some junk name and click submit this fires as expected, in all browsers. The snippet of VB code makes an error div visible and sets some text.

However, if upon loading the page for the first time I type a duff name into the username box and hit the enter key to submit the form, in Internet Explorer (version 8), the UserLookupError event fails to trigger. It triggers just fine in Chrome or Firefox, just not in IE. I know it's not a focus issue on the form, as I can see the form is being submitted.

If I click the submit button first, then following that hit the enter key it does fire, it's just that first time it doesn't, and only in IE.Also to add that if I set breakpoints in the VB code to check to see if the page is being submitted, I can see the Page_Load event fire when I hit the enter key, but not the sub PasswordRecovery1_UserLookupError. It looks like a bug in IE (no really???), but I need to nail it down.

View 1 Replies

Security :: Password Recovery Not Working?

Nov 27, 2010

Here is what I have done so far:

1) Here's the Password Recovery control:

<asp:PasswordRecovery runat="server" id="passwordrecovery" SuccessPageUrl="success.aspx"
<MailDefinition From=""
Subject="Your password"


3) After all this, when the test user enters the correct answer to the security question, nothing happens. I don't even receive the SuccessTemplate message--much less the test email with the password.

Is the problem that the correct answer to the security question is somehow not really being registered? Is the problem server-related? What I could I be doing wrong?

View 3 Replies

Security :: Error In Password Recovery Control?

Jan 30, 2011

I am using password recovery control to recover the forget password and it throws me an error message at smtp.send(mm) step in aspx.cs fileHere is the error message i received "SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1. Authentication required"

Passwordrecovery.aspx code:
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server" Onsendingmail = "PasswordRecovery1_SendingMail">
<MailDefinition From = "" Subject = "Forgetton Password" Priority = "High"></MailDefinition>
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
<SuccessTextStyle Font-Bold="True" ForeColor="#5D7B9D" />
<TextBoxStyle Font-Size=Medium />
<span style="text-align:center">

View 2 Replies

Security :: Password Recovery Does Not Work Correctly

Feb 11, 2011

It seems to work just fine but it resets the users password, emails it to them and then the user can not log in with the new password.

View 1 Replies

Smtp - .NET - Password Recovery Using SMPT.Gmail.Com

Jun 30, 2010

I have a login control on my webpage along with a RecoverPassword control.

I have the following code inside of web.config

<smtp from="">[code].....

The error that I keep recieving is:The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. 35sm26203922ibs.22

View 1 Replies

Security :: Customize Password Recovery Email?

Jan 10, 2010

I don't want to reinvent the wheel with the password recovery control but I do want to customize the email message sent to the user. I have the following code but when I use this, I'm getting an error that states that the system is not configured to retrieve passwords.

I think this is due to the fact that out-of-the-box, the membership system is not configured retrieve password due to password encryption. Then how do I customize "ONLY" the email sent -- with the tem password -- without getting into complete customization of the password recovery control?


View 2 Replies

Security :: Password Recovery ( Success Template)?

Mar 8, 2010

I doing sign up page now. Inside my sign up page, i also have forgot password table. Now the problem is, can i display my <successTemplate> out of <passwordrecovery>? Because i tried to display normal successful label failed.

View 1 Replies

Security :: Password Recovery Without Using The Standard Controls?

Sep 24, 2010

I have a situation where I need to implement a Password Recovery page BUT without using the PasswordRecovery control.

Does anyone know of an example or has implemented this before?

View 3 Replies

Security :: Email Settings For Password Recovery?

Mar 1, 2011

I am using Password Recovery Control and cannot get this to work.

Here is the settings I have. I tried ports like 25, 587, 254,


I get errors like

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

OR sometimes...

An existing connection was forcibly closed by the remote host

View 11 Replies

Security :: Sending Email For The Password Recovery?

Mar 15, 2011

I need to send an email(using SMTP) whenever the user forgets the password.....The code snippet i have is

void PasswordRecovery1_SendingMail(object
sender, MailMessageEventArgs e)
MailMessage mm =


I need to call this function whenever the user clicks the Reset button...

View 2 Replies

Security :: How To Setup An Automatic Password Recovery Feature

Dec 8, 2010

How do I set up an automatic password recovery feature? (This is an internet application using forms authentication.)

I am trying to set up the common senario where when a user who has forgotten his password, clicks a button to request I send him a new password. I then open his browser's default email client (that is no problem, that part I already have coded and it is working fine.) The user then clicks a button to send me his email. Now comes the problem. How do I detect that he has done that?

Am I approaching this problem correctly? Should I be requiring the user to send me an email in order to have his password reset? Or should I just have him fill in textboxes giving me his username & password? Wouldn't this allow a malicious user to abuse the system?

View 12 Replies

Forms Authentication: Disable Redirect To The Login Page?

May 15, 2010

I have an application that uses ASP.NET Forms Authentication. For the most part, it's working great, but I'm trying to add support for a simple API via an .ashx file. I want the ashx file to have optional authentication (i.e. if you don't supply an Authentication header, then it just works anonymously). But, depending on what you do, I want to require authentication under certain conditions.

I thought it would be a simple matter of responding with status code 401 if the required authentication was not supplied, but it seems like the Forms Authentcation module is intercepting that and responding with a redirect to the login page instead. What I mean is, if my ProcessRequest method looks like this:


Then instead of getting a 401 error code on the client, like I expect, I'm actually getting a 302 redirect to the login page.

For nornal HTTP traffic, I can see how that would be useful, but for my API page, I want the 401 to go through unmodified so that the client-side caller can respond to it programmatically instead.

View 6 Replies

Copyrights 2005-15, All rights reserved