Search Results

Search found 13776 results on 552 pages for 'password reset'.

Page 55/552 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >

  • Password protected traffic meter

    - by UncleBob
    Hi first, I have a small problem for which I haven't found a solution yet. I live in Bosnia and share the Internet connection with the landlady, and as is usual in Bosnia, we do not have a flat rate, but a 15 Giga traffic limite. That would actually be more than enough, if the son of the landlady wouldn't be watching videos all the time, so the bills are truning out rather expensive. I have already installed a traffic monitoring program, but he apparently turns it off as soon as he comes close to his limit and then denies that he consumed any more. I therefore need at least a measurement program that is password protected and / or notes in the log when it's been turned off. Even better would be a program that just cuts his access when he exceeds his share, ie a mixture of Traffic meter and Parental Guard. Can someone help me out here?

    Read the article

  • Write hash password to LDAP when creating a new user

    - by alibaba
    I am working on a project with a central user database system. One of the requirements of the system is that there should be only one set of users for all the application. FreeRADIUS and Samba are two my applications that both use LDAP as their backend. Since users must be the same for the entire system that contains many other applications, I have to read the list of users from the central database and recreate them in the LDAP directories for Samba and FreeRADIUS. The problem is that users are sent to me from another entity and I can save them in the database with their hash passwords. I don't have access to their cleartext passwords. I am wondering if I could enter directly a hash password for a new user in LDAP with my preferred hash mechanism. If not, can any one tell me what strategy I have to use? I am running my server on UBUNTU 12.04 and all other applications are the latest versions. My database system is PostgreSQL 9.2. Thank you

    Read the article

  • VPN stuck on Verifying Username and Password

    - by user2791
    I'm building a new machine and everything is working correctly, except that I can't log on to my VPN. It hangs at the "Verifying username and password..." step, then returns after about 30 seconds claiming Error 721. I have another machine sitting next to this one with the VPN connection configured exactly the same, connecting just fine over the same wifi network, so I'm convinced that there is no server or firewall problem. The VPN works fine. This machine simply can't connect to it given the correct credentials and configuration. Any suggestions?

    Read the article

  • Group Policy for Setting Passwords: Server 2003 Domain

    - by user1236435
    In my 2003 domain, I am being requested to set a password policy to require passwords to expire every 4 months, and also require users to change their password on their next login, due to a security issue. In my domain, my OU's are setup by location, then drilled down to city, then the users and computers are in separate sub-domains. My question is, how do I set this up for my domain? Will I need to set the policy up for loop back? Can I configure this for just a specific OU? Any suggestions on how to move forward? Any advise is much appreciated, and thanks in advance!

    Read the article

  • Encrypt two drives with Truecrypt with password before boot

    - by Deshroom
    i'm using laptop and PC with single HDD with full disk encryption. I know how works truecrypt on single drive because i use it everyday. My second laptop has 2 HHDs. My question is how to encrypt first 128GB SSD and second 1TB HDD in same way. I have multiple applications installed on second drive so i want to have it accessible during boot in ex. Steam in installed on second drive and it starts with windows. How to do it? can i encrypt two drives in truecrypt and unlock it via password before boot? My main reason is i want to RMA laptop without removing disks or data - my data need to be encrypted. Thank you.

    Read the article

  • Windows Server 2008 Enterprise. Incorrect password on screensaver

    - by LarsErikP
    First some software details: Thin client: Wyse C10LE Citrix - Windows Terminal Services - Windows Server 2008 Enterprise desktop I have a user with a very strange problem. When he locks his screen with Win+L, Windows claims he's entering wrong password when he tries to log back in. The only solution is to hard reboot the WYSE, and log back in. This reboot doesn't kill his Windows session. I've checked for errors in keyboard settings (wrong layout etc), nothing found. I suspect errors in his profile/errors in AD. No other users in the domain has this problem. EDIT: Sorry, it's NOT Win R2. Plain Windows Sever 2008

    Read the article

  • my gateway laptop will not reboot

    - by dom
    My gateway laptop model nx570xl originally rebooted normally. I don't know when it happened, but now when i try to reboot it Keeps trying but it never happens forcing me to shut down and wait a random amt of time before it will start up again. Its very annoying and wastes a lot of my time. I don't think its a cpu overheating problem because its random when it starts up after i turn it back on. Any ideas?

    Read the article

  • My jquery cookies are not resetting, even though am using the correct code.

    - by Adam Libonatti-Roche
    My problem is that I am trying to reset some form cookies so when someone has completed their form, they are reset so it is possible for someone else to complete the form. Simple and obvious. But However many different lines of code I put in, the cookies just do not seem to be disappearing. I am using the remember function from the site below: Komodo Media So the details stay when they move away from the page: the code i have for the page starting is as follows: <script type="text/javascript"> function remember( selector ){ $(selector).each( function(){ //if this item has been cookied, restore it var name = $(this).attr('name'); if( $.cookie( name ) ){ if( $(this).is(':checkbox') ){ $(this).attr('checked',$.cookie( name )); }else{ $(this).val( $.cookie(name) ); } } //assign a change function to the item to cookie it $(this).change( function(){ if( $(this).is(':checkbox') ){ $.cookie(name, $(this).attr('checked'), { path: '/', expires: 1 }); }else{ $.cookie(''+name+'', $(this).val(), { path: '/', expires: 1 }); } }); }); } // JQUERY FOR THIS PAGE $(document).ready( function(){ remember("[name=username]"); remember("[name=firstname]"); remember("[name=lastname]"); remember("[name=email]"); remember("[name=password]"); remember("[name=address1]"); remember("[name=address2]"); remember("[name=postcode]"); remember("[name=country]"); } ); </script> And the code for resetting them is simple enough, as it takes the cookie name and sets it to null. However, this does not work as on returning to the form, all fields from before are still there. Any help with this would be brilliant.

    Read the article

  • Unable to use NSURLConnection to get contents of password/username protected webpage

    - by bubster
    I am trying to get the contents of a webpage that requires a password and user name to access. I am using a NSURLConnection object to get it however when I write the NSMutableData object that is returned to a file all I get is the login page. Normally when you try to load the password protected page when you are not logged in it redirects to the login page however I thought that if I provided valid credentials then this I would be able to view the password protected page. Also I do not know if it is relevant the website is using a microsoft mysql database on an IIS (internet information server). Note: [protectionSpace authenticationMethod] returns NSURLAuthenticationMethodServerTrust I am pretty unfamiliar with this so any ideas would be greatly appreciated. Below is all of the relevant code: - (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { // This method is called when the server has determined that it // has enough information to create the NSURLResponse. // It can be called multiple times, for example in the case of a // redirect, so each time we reset the data. // receivedData is an instance variable declared elsewhere. [receivedData setLength:0]; } - (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data { // Append the new data to receivedData. // receivedData is an instance variable declared elsewhere. [receivedData appendData:data]; } - (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error { // release the connection, and the data object //[connection release]; // receivedData is declared as a method instance elsewhere //[receivedData release]; // inform the user NSLog(@"Connection failed! Error - %@ %@", [error localizedDescription], [[error userInfo] objectForKey:NSURLErrorFailingURLStringErrorKey]); } - (void)connectionDidFinishLoading:(NSURLConnection *)connection { // do something with the data // receivedData is declared as a method instance elsewhere NSLog(@"Succeeded! Received %d bytes of data",[receivedData length]); // release the connection, and the data object //[connection release]; //[receivedData release]; //Write data to a file [receivedData writeToFile:@"/Users/matsallen/Desktop/receivedData.html" atomically:YES]; } - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace: (NSURLProtectionSpace *)protectionSpace { NSLog(@"The connection encountered a protection space. The authentication method is %@", [protectionSpace authenticationMethod]); secureTrustReference = [protectionSpace serverTrust]; //SecTrustResultType *result; //OSStatus status = SecTrustEvaluate(secureTrustReference, result); //NSLog(@"Result of the trust evaluation is %@",status); return YES; } - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { NSURLCredential *newCredential; newCredential = [NSURLCredential credentialWithUser:@"username" password:@"password" persistence:NSURLCredentialPersistenceForSession]; newCredential = [NSURLCredential credentialForTrust:secureTrustReference]; // [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge]; // [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge]; } #pragma mark - View lifecycle - (void)viewDidLoad { receivedData = [[NSMutableData alloc] init]; [super viewDidLoad]; // Do any additional setup after loading the view, typically from a nib. // Create the request. NSURLRequest *theRequest=[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://www.markallenonline.com/secure/maoCoaching.aspx"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0]; // create the connection with the request // and start loading the data NSURLConnection *theConnection=[[NSURLConnection alloc] initWithRequest:theRequest delegate:self]; if (theConnection) { // Create the NSMutableData to hold the received data. // receivedData is an instance variable declared elsewhere. receivedData = [NSMutableData data]; NSLog(@"Connection succeeded!"); } else { // Inform the user that the connection failed. NSLog(@"Connection failed!"); } }

    Read the article

  • Page_BlockSubmit - reset it to False, if there is a scenario when page doesn't postback on validation error

    - by Vipin
    Recently, I was facing a problem where if there was a validation error, and if I changed the state of checkbox it won't postback on first attempt. But when I uncheck and check again , it postbacks on second attempt...this is some quirky behaviour in .ASP.Net platform. The solution was to reset Page_BlockSubmit flag to false and it works fine. The following explanation is from http://lionsden.co.il/codeden/?p=137&cpage=1#comment-143   Submit button on the page is a member of vgMain, so automatically it will only run the validation on that group. A solution is needed that will run validation on multiple groups and block the postback if needed. Solution Include the following function on the page: function DoValidation() { //validate the primary group var validated = Page_ClientValidate('vgPrimary ');   //if it is valid if (validated) { //valid the main group validated = Page_ClientValidate('vgMain'); }   //remove the flag to block the submit if it was raised Page_BlockSubmit = false;   //return the results return validated; } Call the above function from the submit button’s OnClientClick event. <asp:Button runat="server" ID="btnSubmit" CausesValidation="true" ValidationGroup="vgMain" Text="Next" OnClick="btnSubmit_Click" OnClientClick="return DoValidation();" /> What is Page_BlockSubmit When the user clicks on a button causing a full post back, after running Page_ClientValidate ASP.NET runs another built in function ValidatorCommonOnSubmit. Within Page_ClientValidate, Page_BlockSubmit is set based on the validation. The postback is then blocked in ValidatorCommonOnSubmit if Page_BlockSubmit is true. No matter what, at the end of the function Page_BlockSubmit is always reset back to false. If a page does a partial postback without running any validation and Page_BlockSubmit has not been reset to false, the partial postback will be blocked. In essence the above function, RunValidation, acts similar to ValidatorCommonOnSubmit. It runs the validation and then returns false to block the postback if needed. Since the built in postback is never run, we need to reset Page_BlockSubmit manually before returning the validation result.

    Read the article

  • Configuration Error ASP.NET password format specified is invalid

    - by salvationishere
    I am getting the above error in IIS 6.0 now when I browse my C# / SQL web application. This was built in VS 2008 and SS 2008 on a 32-bit XP OS. The application was working before I added Login controls to it. However, this is my first time configuring Login/password controls so I am probably missing something really basic. This error doesn't happen until I try to login. Here are the details of my error from IIS; I get the same error in VS: Parser Error Message: Password format specified is invalid. Source Error: Line 31: <add Line 32: name="SqlProvider" Line 33: type="System.Web.Security.SqlMembershipProvider" Line 34: connectionStringName="AdventureWorksConnectionString2" Line 35: applicationName="AddFileToSQL2" Source File: C:\Inetpub\AddFileToSQL2\web.config Line: 33 And the relevant contents of my web.config are: <connectionStrings> <add name="Master" connectionString="server=MSSQLSERVER;database=Master; Integrated Security=SSPI" providerName="System.Data.SqlClient" /> <add name="AdventureWorksConnectionString" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Integrated Security=True" providerName="System.Data.SqlClient" /> <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Integrated Security=True; " providerName="System.Data.SqlClient" /> </connectionStrings> <system.web> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="AdventureWorksConnectionString2" applicationName="AddFileToSQL2" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" passwordFormat="encrypted" /> </providers> </membership> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <roleManager enabled="true" /> <compilation debug="true"> <assemblies> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Forms"> <forms loginUrl="Password.aspx" protection="All" timeout="30" name="SqlAuthCookie" path="/FormsAuth" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false" /> </authentication> <!--Authorization permits only authenticated users to access the application --> <authorization> <deny users="?" /> <allow users="*" /> </authorization> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> <pages> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </httpModules> </system.web> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="WarnAsError" value="false"/> </compiler> </compilers> </system.codedom> <!-- The system.webServer section is required for running ASP.NET AJAX under Internet Information Services 7.0. It is not necessary for previous version of IIS. --> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <remove name="ScriptModule"/> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <remove name="ScriptHandlerFactory"/> <remove name="ScriptHandlerFactoryAppServices"/> <remove name="ScriptResource"/> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> </assemblyBinding> </runtime> <system.net> <mailSettings> <smtp from="[email protected]"> <network host="SIDEKICK" password="" userName="" /> </smtp> </mailSettings> </system.net> </configuration> I checked and I do have an aspnetdb database in my SSMS. The Network Service account has SELECT, EXECUTE, INSERT, UPDATE access to this database. But one problem I see is that all of the tables in this database are empty except for aspnet_SchemaVersions, which just has 2 records (common and membership). Is this right? I added users and roles via ASP.NET Configuration wizard, and I believe I set this up correctly since I followed the Microsoft tutorial at http://msdn.microsoft.com/en-us/library/ms998347.aspx. One other problem I see from VS is after adding content to my Page_Load on my initial login Password.aspx.cs file, I'm getting an invalid cast problem below. I googled this problem also but the solutions I saw confused me even more. The Page_Load section I added is: protected void Page_Load(object sender, EventArgs e) { Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name)); FormsIdentity id = (FormsIdentity)User.Identity; FormsAuthenticationTicket ticket = id.Ticket; Response.Write("<p/>TicketName: " + ticket.Name); Response.Write("<br/>Cookie Path: " + ticket.CookiePath); Response.Write("<br/>Ticket Expiration: " + ticket.Expiration.ToString()); Response.Write("<br/>Expired: " + ticket.Expired.ToString()); Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString()); Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString()); Response.Write("<br/>UserData: " + ticket.UserData); Response.Write("<br/>Version: " + ticket.Version.ToString()); } And the VS exception I'm getting: System.InvalidCastException was unhandled by user code Message="Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'." Source="AddFileToSQL" StackTrace: at AddFileToSQL.Password.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\Admin\My Documents\Visual Studio 2008\Projects\AddFileToSQL2\AddFileToSQL\Password.aspx.cs:line 22 at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) InnerException:

    Read the article

  • Can't log in with a valid password using Authlogic and Ruby on Rails?

    - by kbighorse
    We support a bit of an unusual scheme. We don't require a password on User creation, and use password_resets to add a password to the user later, on demand. The problem is, once a password is created, the console indicates the password is valid: user.valid_password? 'test' = true but in my UserSessions controller, @user_session.save returns false using the same password. What am I not seeing? Kimball UPDATE: Providing more details, here is the output when saving the new password: Processing PasswordResetsController#update (for 127.0.0.1 at 2011-01-31 14:01:12) [PUT] Parameters: {"commit"="Update password", "action"="update", "_method"="put", "authenticity_token"="PQD4+eIREKBfHR3/fleWuQSEtZd7RIvl7khSYo5eXe0=", "id"="v3iWW5eD9P9frbEQDvxp", "controller"="password_resets", "user"={"password"="johnwayne"}} The applicable SQL is: UPDATE users SET updated_at = '2011-01-31 22:01:12', crypted_password = 'blah', perishable_token = 'blah', password_salt = 'blah', persistence_token = 'blah' WHERE id = 580 I don't see an error per se, @user_session.save just returns false, as if the password didn't match. I skip validating passwords in the User model: class User < ActiveRecord::Base acts_as_authentic do |c| c.validate_password_field = false end Here's the simplified controller code: def create logger.info("SAVED SESSION? #{@user_session.save}") end which outputs: Processing UserSessionsController#create (for 127.0.0.1 at 2011-01-31 14:16:59) [POST] Parameters: {"commit"="Login", "user_session"={"remember_me"="0", "password"="johnwayne", "email"="[email protected]"}, "action"="create", "authenticity_token"="PQD4+eIREKBfHR3/fleWuQSEtZd7RIvl7khSYo5eXe0=", "controller"="user_sessions"} User Columns (2.2ms) SHOW FIELDS FROM users User Load (3.7ms) SELECT * FROM users WHERE (users.email = '[email protected]') ORDER BY email ASC LIMIT 1 SAVED SESSION? false CACHE (0.0ms) SELECT * FROM users WHERE (users.email = '[email protected]') ORDER BY email ASC LIMIT 1 Redirected to http://localhost:3000/login Lastly, the console indicates that the new password is valid: $ u.valid_password? 'johnwayne' = true Would love to do it all in the console, is there a way to load UserSession controller and call methods directly? Kimball

    Read the article

  • Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

    - by Tchalvak
    Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

    Read the article

  • Keep username in username field when incorrect password (php)

    - by Jonathan
    How do many of the websites that have logins keep the username in the username field when the password is entered incorrectly. The form's action (it is on index.php) is another php file, which if the password is incorrect uses Header() to go back to the index and passes the error to it using GET. I could use GET to pass the username back to the form but this seems messy, and I have noticed that websites like SMF forums have the username stay in the username field without a messy URL.

    Read the article

  • WCF .svc Accessible Over HTTP But Accessing WSDL Causes "Connection Was Reset"

    - by Wolfwyrd
    I have a WCF service which is hosted on IIS6 on a Win2003 SP2 machine. The WCF service is hosting correctly and is visible over HTTP giving the usual "To test this service, you will need to create a client and use it to call the service" message. However accessing the .svc?WSDL link causes the connection to be reset. The server itself is returning a 200 in the logs for the WSDL request, an example of which is shown here, the first call gets a connection reset, the second is a successful call for the .svc file. 2010-04-09 11:00:21 W3SVC6 MACHINENAME 10.79.42.115 GET /IntegrationService.svc wsdl 80 - 10.75.33.71 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+1.0.3705;+InfoPath.1;+.NET+CLR+3.0.04506.30;+MS-RTC+LM+8;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;) - - devsitename.mydevdomain.com 200 0 0 0 696 3827 2010-04-09 11:04:10 W3SVC6 MACHINENAME 10.79.42.115 GET /IntegrationService.svc - 80 - 10.75.33.71 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-GB;+rv:1.9.1.9)+Gecko/20100315+Firefox/3.5.9+(.NET+CLR+3.5.30729) - - devsitename.mydevdomain.com 200 0 0 3144 457 265 My Web.Config looks like: <system.serviceModel> <serviceHostingEnvironment > <baseAddressPrefixFilters> <add prefix="http://devsitename.mydevdomain.com" /> </baseAddressPrefixFilters> </serviceHostingEnvironment> <behaviors> <serviceBehaviors> <behavior name="My.Service.IntegrationServiceBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="My.Service.IntegrationServiceBehavior" name="My.Service.IntegrationService"> <endpoint address="" binding="wsHttpBinding" contract="My.Service.Interfaces.IIntegrationService" bindingConfiguration="NoSecurityConfig" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <bindings> <wsHttpBinding> <binding name="NoSecurityConfig"> <security mode="None" /> </binding> </wsHttpBinding> </bindings> </system.serviceModel> I'm pretty much stumped by this one. It works fine through the local dev server in VS2008 but fails after deployment. For further information, the targeted machine does not have a firewall (it's on the internal network) and the logs show the site thinks it's fine with 200 OK responses. I've also tried updating the endpoint with the full URL to my service however it still makes no difference. I have looked into some of the other options - creating a separate WSDL manually and exposing it through the metadata properties (really don't want to do that due to the maintenance issues). If anyone can offer any thoughts on this or any other workarounds it would be greatly appreciated.

    Read the article

  • ASP.NET MVC2 custom rolemanager (webconfig problem)

    - by ile
    Structure of the web: SAMembershipProvider.cs namespace User.Membership { public class SAMembershipProvider : MembershipProvider { #region - Properties - private int NewPasswordLength { get; set; } private string ConnectionString { get; set; } //private MachineKeySection MachineKey { get; set; } //Used when determining encryption key values. public bool enablePasswordReset { get; set; } public bool enablePasswordRetrieval { get; set; } public bool requiresQuestionAndAnswer { get; set; } public bool requiresUniqueEmail { get; set; } public int maxInvalidPasswordAttempts { get; set; } public int passwordAttemptWindow { get; set; } public MembershipPasswordFormat passwordFormat { get; set; } public int minRequiredNonAlphanumericCharacters { get; set; } public int minRequiredPasswordLength { get; set; } public string passwordStrengthRegularExpression { get; set; } public override string ApplicationName { get; set; } // Indicates whether passwords can be retrieved using the provider's GetPassword method. // This property is read-only. public override bool EnablePasswordRetrieval { get { return enablePasswordRetrieval; } } // Indicates whether passwords can be reset using the provider's ResetPassword method. // This property is read-only. public override bool EnablePasswordReset { get { return enablePasswordReset; } } // Indicates whether a password answer must be supplied when calling the provider's GetPassword and ResetPassword methods. // This property is read-only. public override bool RequiresQuestionAndAnswer { get { return requiresQuestionAndAnswer; } } public override int MaxInvalidPasswordAttempts { get { return maxInvalidPasswordAttempts; } } // For a description, see MaxInvalidPasswordAttempts. // This property is read-only. public override int PasswordAttemptWindow { get { return passwordAttemptWindow; } } // Indicates whether each registered user must have a unique e-mail address. // This property is read-only. public override bool RequiresUniqueEmail { get { return requiresUniqueEmail; } } public override MembershipPasswordFormat PasswordFormat { get { return passwordFormat; } } // The minimum number of characters required in a password. // This property is read-only. public override int MinRequiredPasswordLength { get { return minRequiredPasswordLength; } } // The minimum number of non-alphanumeric characters required in a password. // This property is read-only. public override int MinRequiredNonAlphanumericCharacters { get { return minRequiredNonAlphanumericCharacters; } } // A regular expression specifying a pattern to which passwords must conform. // This property is read-only. public override string PasswordStrengthRegularExpression { get { return passwordStrengthRegularExpression; } } #endregion #region - Methods - public override void Initialize(string name, NameValueCollection config) { throw new NotImplementedException(); } public override bool ChangePassword(string username, string oldPassword, string newPassword) { throw new NotImplementedException(); } public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { throw new NotImplementedException(); } // Takes, as input, a user name, password, e-mail address, and other information and adds a new user // to the membership data source. CreateUser returns a MembershipUser object representing the newly // created user. It also accepts an out parameter (in Visual Basic, ByRef) that returns a // MembershipCreateStatus value indicating whether the user was successfully created or, if the user // was not created, the reason why. If the user was not created, CreateUser returns null. // Before creating a new user, CreateUser calls the provider's virtual OnValidatingPassword method to // validate the supplied password. It then creates the user or cancels the action based on the outcome of the call. public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { throw new NotImplementedException(); } public override bool DeleteUser(string username, bool deleteAllRelatedData) { throw new NotImplementedException(); } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a MembershipUserCollection containing MembershipUser objects representing users whose user names // match the usernameToMatch input parameter. Wildcard syntax is data source-dependent. MembershipUser objects // in the MembershipUserCollection are sorted by user name. If FindUsersByName finds no matching users, it // returns an empty MembershipUserCollection. // For an explanation of the pageIndex, pageSize, and totalRecords parameters, see the GetAllUsers method. public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a MembershipUserCollection containing MembershipUser objects representing all registered users. If // there are no registered users, GetAllUsers returns an empty MembershipUserCollection // The results returned by GetAllUsers are constrained by the pageIndex and pageSize input parameters. pageSize // specifies the maximum number of MembershipUser objects to return. pageIndex identifies which page of results // to return. Page indexes are 0-based. // // GetAllUsers also takes an out parameter (in Visual Basic, ByRef) named totalRecords that, on return, holds // a count of all registered users. public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a count of users that are currently online-that is, whose LastActivityDate is greater than the current // date and time minus the value of the membership service's UserIsOnlineTimeWindow property, which can be read // from Membership.UserIsOnlineTimeWindow. UserIsOnlineTimeWindow specifies a time in minutes and is set using // the <membership> element's userIsOnlineTimeWindow attribute. public override int GetNumberOfUsersOnline() { throw new NotImplementedException(); } // Takes, as input, a user name and a password answer and returns that user's password. If the user name is not // valid, GetPassword throws a ProviderException. // Before retrieving a password, GetPassword verifies that EnablePasswordRetrieval is true. If // EnablePasswordRetrieval is false, GetPassword throws a NotSupportedException. If EnablePasswordRetrieval is // true but the password format is hashed, GetPassword throws a ProviderException since hashed passwords cannot, // by definition, be retrieved. A membership provider should also throw a ProviderException from Initialize if // EnablePasswordRetrieval is true but the password format is hashed. // // GetPassword also checks the value of the RequiresQuestionAndAnswer property before retrieving a password. If // RequiresQuestionAndAnswer is true, GetPassword compares the supplied password answer to the stored password // answer and throws a MembershipPasswordException if the two don't match. GetPassword also throws a // MembershipPasswordException if the user whose password is being retrieved is currently locked out. public override string GetPassword(string username, string answer) { throw new NotImplementedException(); } // Takes, as input, a user name or user ID (the method is overloaded) and a Boolean value indicating whether // to update the user's LastActivityDate to show that the user is currently online. GetUser returns a MembershipUser // object representing the specified user. If the user name or user ID is invalid (that is, if it doesn't represent // a registered user) GetUser returns null (Nothing in Visual Basic). public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) { throw new NotImplementedException(); } // Takes, as input, a user name or user ID (the method is overloaded) and a Boolean value indicating whether to // update the user's LastActivityDate to show that the user is currently online. GetUser returns a MembershipUser // object representing the specified user. If the user name or user ID is invalid (that is, if it doesn't represent // a registered user) GetUser returns null (Nothing in Visual Basic). public override MembershipUser GetUser(string username, bool userIsOnline) { throw new NotImplementedException(); } // Takes, as input, an e-mail address and returns the first registered user name whose e-mail address matches the // one supplied. // If it doesn't find a user with a matching e-mail address, GetUserNameByEmail returns an empty string. public override string GetUserNameByEmail(string email) { throw new NotImplementedException(); } // Virtual method called when a password is created. The default implementation in MembershipProvider fires a // ValidatingPassword event, so be sure to call the base class's OnValidatingPassword method if you override // this method. The ValidatingPassword event allows applications to apply additional tests to passwords by // registering event handlers. // A custom provider's CreateUser, ChangePassword, and ResetPassword methods (in short, all methods that record // new passwords) should call this method. protected override void OnValidatingPassword(ValidatePasswordEventArgs e) { base.OnValidatingPassword(e); } // Takes, as input, a user name and a password answer and replaces the user's current password with a new, random // password. ResetPassword then returns the new password. A convenient mechanism for generating a random password // is the Membership.GeneratePassword method. // If the user name is not valid, ResetPassword throws a ProviderException. ResetPassword also checks the value of // the RequiresQuestionAndAnswer property before resetting a password. If RequiresQuestionAndAnswer is true, // ResetPassword compares the supplied password answer to the stored password answer and throws a // MembershipPasswordException if the two don't match. // // Before resetting a password, ResetPassword verifies that EnablePasswordReset is true. If EnablePasswordReset is // false, ResetPassword throws a NotSupportedException. If the user whose password is being changed is currently // locked out, ResetPassword throws a MembershipPasswordException. // // Before resetting a password, ResetPassword calls the provider's virtual OnValidatingPassword method to validate // the new password. It then resets the password or cancels the action based on the outcome of the call. If the new // password is invalid, ResetPassword throws a ProviderException. // // Following a successful password reset, ResetPassword updates the user's LastPasswordChangedDate. public override string ResetPassword(string username, string answer) { throw new NotImplementedException(); } // Unlocks (that is, restores login privileges for) the specified user. UnlockUser returns true if the user is // successfully unlocked. Otherwise, it returns false. If the user is already unlocked, UnlockUser simply returns true. public override bool UnlockUser(string userName) { throw new NotImplementedException(); } // Takes, as input, a MembershipUser object representing a registered user and updates the information stored for // that user in the membership data source. If any of the input submitted in the MembershipUser object is not valid, // UpdateUser throws a ProviderException. // Note that UpdateUser is not obligated to allow all the data that can be encapsulated in a MembershipUser object to // be updated in the data source. public override void UpdateUser(MembershipUser user) { throw new NotImplementedException(); } // Takes, as input, a user name and a password and verifies that they are valid-that is, that the membership data // source contains a matching user name and password. ValidateUser returns true if the user name and password are // valid, if the user is approved (that is, if MembershipUser.IsApproved is true), and if the user isn't currently // locked out. Otherwise, it returns false. // Following a successful validation, ValidateUser updates the user's LastLoginDate and fires an // AuditMembershipAuthenticationSuccess Web event. Following a failed validation, it fires an // // AuditMembershipAuthenticationFailure Web event. public override bool ValidateUser(string username, string password) { throw new NotImplementedException(); //if (string.IsNullOrEmpty(password.Trim())) return false; //string hash = EncryptPassword(password); //User user = _repository.GetByUserName(username); //if (user == null) return false; //if (user.Password == hash) //{ // User = user; // return true; //} //return false; } #endregion /// <summary> /// Procuses an MD5 hash string of the password /// </summary> /// <param name="password">password to hash</param> /// <returns>MD5 Hash string</returns> protected string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } } // End Class } SARoleProvider.cs namespace User.Membership { public class SARoleProvider : RoleProvider { #region - Properties - // The name of the application using the role provider. ApplicationName is used to scope // role data so that applications can choose whether to share role data with other applications. // This property can be read and written. public override string ApplicationName { get; set; } #endregion #region - Methods - public override void Initialize(string name, NameValueCollection config) { throw new NotImplementedException(); } // Takes, as input, a list of user names and a list of role names and adds the specified users to // the specified roles. // AddUsersToRoles throws a ProviderException if any of the user names or role names do not exist. // If any user name or role name is null (Nothing in Visual Basic), AddUsersToRoles throws an // ArgumentNullException. If any user name or role name is an empty string, AddUsersToRoles throws // an ArgumentException. public override void AddUsersToRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } // Takes, as input, a role name and creates the specified role. // CreateRole throws a ProviderException if the role already exists, the role name contains a comma, // or the role name exceeds the maximum length allowed by the data source. public override void CreateRole(string roleName) { throw new NotImplementedException(); } // Takes, as input, a role name and a Boolean value that indicates whether to throw an exception if there // are users currently associated with the role, and then deletes the specified role. // If the throwOnPopulatedRole input parameter is true and the specified role has one or more members, // DeleteRole throws a ProviderException and does not delete the role. If throwOnPopulatedRole is false, // DeleteRole deletes the role whether it is empty or not. // // When DeleteRole deletes a role and there are users assigned to that role, it also removes users from the role. public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { throw new NotImplementedException(); } // Takes, as input, a search pattern and a role name and returns a list of users belonging to the specified role // whose user names match the pattern. Wildcard syntax is data-source-dependent and may vary from provider to // provider. User names are returned in alphabetical order. // If the search finds no matches, FindUsersInRole returns an empty string array (a string array with no elements). // If the role does not exist, FindUsersInRole throws a ProviderException. public override string[] FindUsersInRole(string roleName, string usernameToMatch) { throw new NotImplementedException(); } // Returns the names of all existing roles. If no roles exist, GetAllRoles returns an empty string array (a string // array with no elements). public override string[] GetAllRoles() { throw new NotImplementedException(); } // Takes, as input, a user name and returns the names of the roles to which the user belongs. // If the user is not assigned to any roles, GetRolesForUser returns an empty string array // (a string array with no elements). If the user name does not exist, GetRolesForUser throws a // ProviderException. public override string[] GetRolesForUser(string username) { throw new NotImplementedException(); //User user = _repository.GetByUserName(username); //string[] roles = new string[user.Role.Rights.Count + 1]; //roles[0] = user.Role.Description; //int idx = 0; //foreach (Right right in user.Role.Rights) // roles[++idx] = right.Description; //return roles; } public override string[] GetUsersInRole(string roleName) { throw new NotImplementedException(); } // Takes, as input, a role name and returns the names of all users assigned to that role. // If no users are associated with the specified role, GetUserInRole returns an empty string array (a string array with // no elements). If the role does not exist, GetUsersInRole throws a ProviderException. public override bool IsUserInRole(string username, string roleName) { throw new NotImplementedException(); //User user = _repository.GetByUserName(username); //if (user != null) // return user.IsInRole(roleName); //else // return false; } // Takes, as input, a list of user names and a list of role names and removes the specified users from the specified roles. // RemoveUsersFromRoles throws a ProviderException if any of the users or roles do not exist, or if any user specified // in the call does not belong to the role from which he or she is being removed. public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } // Takes, as input, a role name and determines whether the role exists. public override bool RoleExists(string roleName) { throw new NotImplementedException(); } #endregion } // End Class } From Web.config: <membership defaultProvider="SAMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear/> <add name="SAMembershipProvider" type="User.Membership.SAMembershipProvider, User" /> </providers> </membership> <roleManager defaultProvider="SARoleProvider" enabled="true" cacheRolesInCookie="true"> <providers> <clear/> <add name="SARoleProvider" type="User.Membership.SARoleProvider" /> </providers> </roleManager> When running project, I get following error: Server Error in '/' Application. Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: The method or operation is not implemented. Source Error: Line 71: <providers> Line 72: <clear/> Line 73: <add name="SARoleProvider" type="User.Membership.SARoleProvider" /> Line 74: </providers> Line 75: </roleManager> I tried: <add name="SARoleProvider" type="User.Membership.SARoleProvider, User" /> and <add name="SARoleProvider" type="User.Membership.SARoleProvider, SARoleProvider" /> and <add name="SARoleProvider" type="User.Membership.SARoleProvider, User.Membership" /> but none works Any idea what's wrong here? Thanks, Ile

    Read the article

  • decrypt aspnetdb password

    - by Thien thai
    hi everyone, i have a problem, i want to decrypt password in aspnetdb, the password created by web administration tool in vs, i want to decrypt it without using MemberShipProvider, i there any way. Please help me.

    Read the article

  • How to store user settings(username,password) in a windows application for the current login user

    - by amexn
    Now my team working in a project using windows application(c#). The application have a option for saving the username & password in the client machine for the current login user.so the user can start the application without entering username & password.I didn't have any knowledge in the windows application.Please check the snapshot of my requirement. Please suggest good example/reference.

    Read the article

  • Authenticate username and password

    - by Alice Lee
    I have a MMC client that runs on a .Net system, that invokes web methods on a server running on a linux box. The first task the client needs to do is to perform user login. It prompts the user for username and password. What is the best way for the client to authenticate the user's credentials. The password cannot be sent as plain text. The web server implements a web method called ValidateUser().

    Read the article

  • Password/Key protection

    - by user221919
    hi I am implementing paymentgateways and I need to protect its key and password for security reason. also some webservices keys and password in asp.net. Please help me to do as mention. waiting for your valuable thought. Thanking You.

    Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >