I am doing "forgotpassword functionality" in asp.net
My forgotpassword.aspx page consists of a username, security question, security answer, new password,retype password and a submit button.
When I click on the "forgotpassword" link at the previous page, it should prompt me about the security question and when I enter the answer at the security answer textbox, the control should take those two (security quesion and security answer) to the backend (database) and validate that the security answer is correct. It should reply with a boolean value. Then the next 'new password' and 'retype password' should get activated.
By means the operation of going back to database should occur when the control comes out of the security answer textbox. In windows forms we can use the 'leave' event (ex:textbox1_leave) but in web forms we don't have that.
If the solution is to use javascript, please give me the step by step process to handle the aspx (source page) and also the .cs file coding
you could use microsofts membershipprovider interfaces. you just have to implement it for your own requirements (database structure).
just have a look at http://www.asp.net/learn/security-videos/ there you can watch a lot of helpful videos for understanding and implementing membership and role providers.
it helped me also to implement my first membershipprovider.
this link might be also usefull http://weblogs.asp.net/scottgu/archive/2006/05/07/ASP.NET-2.0-Membership-and-Roles-Tutorial-Series.aspx
as soon as you have finished, you can use all microsoft login controls.
good luck
There is a forgot password component in ASP.NET 2.0 - just use that and configure it.
http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.resetpassword.aspx
http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changing-passwords-cs
Related
In my company I have a ASP.NET web page where there is a ChangePasswordControl and a RecoveryPassword control. The problem now is that, when user filling out the data hits enter key on the keyboard he get's logged out instead of validating the user.
Normally I've used a Panel control and setup the default button there and this helped. But here the change password button is built in and there is no way to get the ID of it (or is it?). I generally started my web apps adventure with ASP.NET MVC so I do not know much about the ASP.NET Controls.
Could anyone help me? I've read somewhere on the net that I should do my own template?
But I don't know if it's the right approach, and I don't know how to do this templates and what's the idea behind this concept. I'm wondering if I should use some jQuery or Javascript to handle that, but maybe there is a simpler way to do that.
Thanks in advance.
Have a look at the solution outlined here
Is there any security benefit to using the asp:Login control over using just a panel with an asp:textbox for username and password? The OnClick methods still would use membership for validity.
Just wondering if asp:login gives any enhanced security?
if asp:login gives any enhanced security?
No, It dosen't give you any enhanced security, but you have to write lesser code when you use it.
These controls are just for rapid application development, which comes bundled with all validation and best practice so that they can be just dragged and dropped on the form.
which one should you use?
It depends upon the context. If you are using all the buildin function od the provided framework there is no need to rolling out your own? Why? because you may leave some loopholes like validating etc.
I want to make a application for customers.
It should contain :
1.Login page
2.Page for simple users
3.Page for administrators
I've found on google a lot of examples but 90% of examples have 20+ pages with some a lot of advanced things and I can't handle reading everything from them.
I just want to make a simple login page , and use 'user role' for the page where user is redirected and 'administrator role' for the page where administrator is redirected.
When I'll finish the page I will public it on a webhosting , and the main problem is that I need user roles,pass,name in a database in asp not on a website .
Is there any easy example to follow ?
Thanks
For a long time I had the same problem - most examples have you create the default schema which has a crazy number of tables.
The simplest example I have found is:
How to: Implement Simple Forms Authentication
It doesn't deal with the persistence layer at all, so it is really simple to adapt as you see fit.
I'm currently converting our company database application from VB to ASP.NET. This is pretty much my first ASP.NET application, and I had a question about security. I would like some users to have the ability to add or edit data, while other users can only view and print reports. Now, as I understand it, in ASP.NET, I can use form-based authentication to restrict access to certain pages, but what I really would like to do is use the same web page for not only viewing the data, but also editing it (using a grid view). I don't see how I can do that using forms-based authentication without having separate (but similar) web pages in different folders, each with it's own level of security.
I guess I could always use the same web page, then check the users roles to determine if I should enable the 'edit' button or not. Is that a good (and common) programming practice?
Thanks
Checking the role membership is an accepted way of doing it. Do not however just check when you display the button, check during the response to the event it triggers as well, just in case someone tries to bypass event validation.
User.IsInRole() is what you need. As mentioned, check this at each step - users can fake any kind of HTTP response, so every server-side method needs security checks.
Don't just check whether to enable or or not... You must also check it when the edit button is clicked.
I would implement my own custom RoleProvider (MSDN Article). And then have different roles that describe the different access levels on your application, and like blowdart said check when buttons, panels are being diplayed whether the user has access or not to that resource.
Can I recommend using monitoring SQL Profiler (or similar) when you are testing the page if you are using a database? You'll be surprised the amount of calls the db gets for a seemingly trivial page load.
Also, please check security trimmings in ASP.NET. Worth having a look.
Cheers.
I would like to know if there is a way to prompt the user when activating/deactivating a feature within SharePoint.
The background behind this is that I have a SharePoint solution that deploys several configuration files that are modified by the user when deployed to the site. I would like to either allow the user to decide whether or not to overwrite the files when activating or deactivating a feature.
Thanks guys!
Do you need this to work on ANY feature that is activated in your site, or just on features that are developed by you? If this is the latter case, you can add an event handler (SPFeatureReceiver) to your feature and catch the feature activated event.
EDIT: As per #Muhimbi's comment I finally understood the question - you want to allow user edit some properties and only then to activate the feature. In this case, I would suggest to define the feature as "hidden", so it does not show up in "web features" and "site features" list. Then create a custom page for "administration" of this feature, which would allow the user to override the settings in question etc. Then, register this administration page with SharePoint (again, deployed as a feature, these two features may be stapled together). Quote a good article about it can be found here: http://www.tonstegeman.com/Blog/Lists/Posts/Post.aspx?ID=13
EDIT2: found a similar article here on SO: SharePoint Feature Activation Form
One of the responses gives a good point - "The problem is, you don't always know where your feature activation code is going to run. If you turn on the feature using stsadm, it will execute in stsadm.exe, not the web process."