View Complete Post
I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:
I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.
Is there a way to store users but disable password storage on the aspnet_membership table?
Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.
One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.
MSDN Magazine May 2008
In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.
MSDN Magazine October 2004
Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?
So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?
I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
So, I need your help with this. Please let me know your inputs.
I encryped password to the binary variable in sql server with this code:
DataClasses1DataContext db = new DataClasses1DataContext();
var info = new passdefine();
info.username = TextBox1.Text;
string strcry = TextBox2.Text;
byte bt = new byte[strcry.Length];
bt = System.Text.Encoding.UTF8.GetBytes(strcry);
RSACryptoServiceProvider RSA1 =new RSACryptoServiceProvider();
bt = RSA1.Encrypt(bt,false);
info.password = bt;
And it worked properly but when Want to decrypt it , I get this error:BAD DATA.
And I use this code:
DataClasses1DataContext db=new DataClasses1DataContext();
var info = from m in db.passdefines where m.username == TextBox1.Text select m;
foreach (var item in info)
byte bt = new byte[item.password.length];
RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
bt = RSA1.Decrypt(item.password.ToArray(), false);
string pass = System.Text.Encoding.UTF8.GetString(bt);
I need do post of a form in my page to Iframe in the same page.
I set target in form tag.
<body onload="document.formuno.submit()"> <form name="formuno" method="post" action="http:\\externalCompany.WebForm.aspx" target="framename" > <input type="hidden" name="prueba" value="pruebatxt" runat="server">
<input type="hidden" name="prueba2" value="pruebatxt" runat="server">
<input type="hidden" name="prueba3" value="pruebatxt" runat="server">
<input type="hidden" name="password" value="MY PASSWORD" runat="server"> &nbs
I am using the ASP.Net password recovery control. By default the user needs to enter their username before an email gets sent out to them.
If it possible instead of entering the username, email is used instead? Alot of my users forgets their username but not email.
I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?
I want to make public one small project on CodePlex. Everybody knows that you can work with CodePlex like with TFS client and with SVN client as well. But really I can't work with it from SVN client. When I tried to add some binary file (it was dll) I got the error "Server sent unexpected return value (200 OK) in response to PUT request for .". How to solve this problem I don't know, I found thread at CodePlex's discussions Can't commit binary files using TortoiseSVN, but last message was at past year. Ok, I'm working with TFS at work, so for me it will be not a problem connect to CodePlex with TFS. But there are some distressing case, Visual Studio always ask credentials at every new connection to project. And I didn't find a checkbox "Save credentials". But I found the method. Read more...
Currently I am storing my username and password (passwordFormat="SHA1") credientails in my web.config. I would like to figure out how to access them in an xml file that I have stored in my App_Data directory rather than the web.config file because I do not want my application restarting everytime I manually add a user (small list of 5 authorized users for the CMS section).
Here is what my web.config section looks like:
<authentication mode="Forms"> <forms name=".Administration" loginUrl="~/SiteAdmin/Default.aspx" defaultUrl="~/SiteAdmin/Administration/Default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" &n
here is login form I would like to use.
Right now it is not communicating with my codebehind page.
How do I modify the jquery login code to post the username and password to the codebehind?
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="Default2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="styles/chop1.css" />
<!--[if IE 6]>
Hi, I have an asp.net website that requires users to login using their Active Directory credentials. All users of the website have AD accounts. Some of the users are at remote locations and share a common computer login (I know this is not recommended but it is what it is, I have no say in that). Every so often a user will log into my website and click the Remember Passwod box which causes the next person that comes along to not be prompted to log in. All users are on IE 7. I have tried having them go into tools and deleting the cookies, saved passwords, etc but when they go to my website they are still not being prompted to log in. I have recently migrated to IIS 7 and I understand there is a way to have the user enter the site through a custom form but I have not gotten that far yet. How can I make sure the users password is removed from IE? Thanks for any help.