Am new in c# and i've created a login form with two fields username and password also remember me checkbox.. first time user logged in the form with checked the remember me checkbox.. can u guide me how to generate the users password automatically in password field from cookie when the user logged in next time using c#??
Hope you are using FormsAuthentication. In the SetAuthCookie method, there is one parameter, PersistCookie, set this value to true, ASP.Net runtime will store the user credentials to the client.
You can find more details here : How to: Implement Simple Forms Authentication
If I understand your question correctly, what you want is to have the login form prefilled with the login information, the next time the user visits your page.
You should NOT use a cookie to do that, for security reasons. The best way to do it is instead to let the browser store the login information for you. I bet your browser has asked you "Save this password? Yes, Never, Not now" before?
To accomplish that, the browser needs to recognize that it is dealing with a login form. I believe there might be some differences between various browsers how they detect that, but following these steps should be sufficient for most browsers I belive:
Make sure the input fields are named username and password
Make sure that the password input is of type password
Make sure that the form has a proper action attribute
Make sure that the form has a submit button
Asp.net has an implementation of forms authentication ready to use.
Use the methods FormsAuthentication.SignIn() and FormsAuthentication.SignOut() to create the auth cookie or delete it.
For more info: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.aspx
Related
Im making a c# application, User have to login into the application.
After Login there is going to be a button which opens a website written in php.
is there anyway, when the users click's button the website that is going to open should be already logged in, and yes c# application and website both share same sql.
Here is a idea I got but don't know how to make it work because I have poor php skill.
i read it some where, but i don't know wether it works or not :
http://bf3.in/?login=username = Juno.... password = *****
if it possible like this i can make it work in c# button
"http://bf3.in/?login=username = "'+variable1+'".... password = "'+variable1+'""
You need to create web-service that work on your C# button request.
Like you have share link request on above question.
When php web-service found request parameter and check with database than it's direct start the session.
Hope this will help you.
Yes it's possible but I would advise against this as it presents a security risk. Based on the on the URL you posted, you would be storing and then passing the username and password to the website.
Is username and password the only authentication scheme you can use?
I'm building a web application in asp.net C#, and what I'm doing is, if user tries to access his/her account with a wrong username and password for 5 times and attempts for 6th time,he/she gets redirected to a Captcha page, where he is asked to enter the captcha text. After the entry of captcha text, if it's true, I'm comparing the username and password passed from login page using usermanager.How can I do this, how to securely pass username and password from one page to another?
Update:
Only if the captcha is true, the 6th combination of username and password is validated.
I'm working on local host
Your workflow doesn't make much sense to me. If login failed 5 times and you ask for a Captcha, the username/password combination is still invalid, so I don't see why you need to carry that information around at all.
What you really want is to incorporate the Captcha on the login page and only require/show it when a few login attempts have failed from that session/ip/...
Also, the username/password gets encoded in clear text already in the form submission from the browser to the server. Therefore, if you want to protect that information, it's best to use SSL.
Things like user and pass should be encrypted if you want to pass them to other pages, so you should create a function to encrypt it and then you could pass them as session variable, or in the url for example.
You need to use SSL. After 5th failed login you send credentials back from server and store it e.g. in hidden form fields of captcha form. Than you send back POST request with credentials over SSL.
But basically you could just redirect user back to login after capcha was successful.
Probably my question is stupid but it is driving me crazy, you see I have this application its session is not expiring after logging out even though I have used Session.Abandon(), Session.Clear(), and Session.Removeall(). I have been searching all over the internet but no luck so far and I really wish I can get some help. Say I have user X if I do the following any one can login with X's account:
1- Login with X's username and password.
2- Take Session ".ASPXFORMSAUTH" info.
3- Logout from X's account
4- Add the Session ".ASPXFORMSAUTH" with its value using fire fox "add cookie function" for example.
5- type the URL and click enter
the page just opens up and it is really driving me CRAZY!!
Thanks in advance
You also need to call FormsAuthentication.SignOut()
In this case, you have an additional flag in Session (like "ACtive") which can be set to false during logout. Based on this, you can rediect the user to login or any other general page you want to..
I am not sure if there is defined way to handle this, but I would do something like I said.
Scenario where the user is already logged out by using FormsAuthentication.Signout() and is trying to hack the system by using the same cookie (he somehow got access to it) to access a authenticated part of the website.
In such a scenario recommendations from Microsoft also suggests to use a persistence mechanism to log / track the user signout and use the information to redirect him to login page (and clear cookie again) in subsequent fake requests.
Reference: Read bulleted point 3 in Remarks section
Please tell me how to build Windows form Login .(not ASP.net)
. This login Should validate using not only windows Authentication method but also Database user.
How validate User name and password.
I used this type of Query for it
SELECT COUNT(*) FROM [Table Name] WHERE UserName = #username AND Password = #password;
If user available count >0
Above part handle code side.
using int x = Int32.Parse(commandObject.ExecuteScalar().ToString());
if(x > 0}
**log**
else
**fail**
How Can I do it professional and correct way?
Since you have the SQL already, all you need is a basic form, there's nothing special about a login form except that you hide the password, you can do that using the TextBox.PasswordChar property.
What do you mean by "Windows Authentication"? You could read the logged in User from the Environment and prefill the user-textfield with this value.
tbUserName = Environment.UserName;
After the User has entered his password, your setup dictates what to do. Is the Password Database Hashed (MD5, SHA1) or Verbatim? If so, hash the entered Password - or don't if it isn't.
You could use those two strings to select entities from your DataSource using the technology of your preference (e.g. ADO.Net). If no results are returned, the login was faulty. Remember: That way you won't be able to tell whether just the password or the user or both were wrong.
"Professional and correct way"
This can depend on what you application does, do you allow any kinda content to be seen or the first think should be login?
If yes:
Create a Window Form with your login screen
upon "login" button is clicked, check the sql the way you want
if ok, close that window and do a form.Show() the main window of your application
else, just give a good reason that you don't allow the user to proceed
if windows authentication, you need to check if that windows user can access it, do the same procedure but you do act upon formLogin.Active for example, and ask for credentials if that Windows User is not a valid user and do the above process again.
As an example, SuperOffice CRM 6 Application for windows, have this login form:
alt text http://www.balexandre.com/temp/2010-09-09_1557.png
I hope it helps to get an idea.
If you were asking about code only, then you already have good answers.
Just a thought...
Have your login as the first screen your user visits.
If they pass, then show the main app form and hide the login.
If they fail, simply display a message stating that.
It's not like web apps where a user can type in a url and try to get to any page they want to.
You have FULL CONTROL :)
I want to be able to log into a website via C# webbrowser without any user input.
I want to get the username and password from local variables.
I hope someone can help me.
Please give clear C# code examples.
Go to the login-page of the site, expose the <form></form> that does the login, mimic the form with a POST request and encode the username/password in the body of the POST.
To fabricate this, you'll probably have to make a custom request. Linking up the session ID of the Request & the web-browser will probably be tricky, you'd have to set the referral url manually in the next post, and migrate the cookies the server told you to set.
The other solution is to inject some javascript into the login page that populates the fields and hits the submit button.
Either way it's pretty page-specific.