Password textboxes work alittle different in assigning a default value via a
cookie.. here is how you do it just replace the name of the textbox and
cookie with yours.
strPassword = Request.Cookies("SitenameMember")("Password")
LoginPassword.Attributes("value") = strPassword
-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala
Sent: Tuesday, August 02, 2005 8:39 AM
To: [email protected]
Subject: Re: [AspNetAnyQuestionIsOk] Re: assigning cookie value to password
field, does not work?
These are two different issues. If the site is set to persist the
login, the cookie holds an encrypted ticket that contains the user id
and password information. The site retrieves this info from the
cookie the next time the user accesses the site.
Check out
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/SecNetch08.asp
for an overview, and
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx
for a more hands on description on how FormsAuthentication works.
On 8/2/05, esimplest <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Thanks. But I am wondering, how the ASP.Net website implement
> the "Remember my login on this computer?" stuff on the web pages. I
> know the Javascript way of doing it using attributes., but its not
> safe and recommended.
>
>
> --- In [email protected], Dean Fiala
> <[EMAIL PROTECTED]> wrote:
> > To repeat -- you CANNOT show a password in a textbox via code-
> behind.
> > ASP.NET won't let you. You could potentially do some javascript
> > hacks, but this will put the password in your page source in plain
> > text. It is better to work around this by NOT putting the password
> > in a text box, but by storing it in a session variable or viewstate
> > and using it in your code-behind as needed.
> >
> > On 8/1/05, esimplest <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > I tried the below code and it does not show the password in the
> > > textbox. Any thoughts?
> > >
> > > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> > > System.EventArgs) Handles MyBase.Load
> > > 'Put user code to initialize the page here
> > > Dim cUsername, cPassword As String
> > >
> > > If Not Page.IsPostBack Then
> > > If Not Request.Cookies("cUsername") Is Nothing Then
> > > cUsername = Request.Cookies("cUsername").Value
> > > TextBox1.Text = cUsername
> > > End If
> > >
> > > If Not Request.Cookies("cPassword") Is Nothing Then
> > > cPassword = Request.Cookies("cPassword").Value
> > > ViewState("OrigPassword") = cPassword
> > > TextBox2.Text = ViewState("OrigPassword")
> > > End If
> > > End If
> > >
> > > End Sub
> > >
> > > Private Sub Button1_Click(ByVal sender As System.Object,
> ByVal e
> > > As System.EventArgs) Handles Button1.Click
> > > Dim cUsername, cPassword As String
> > >
> > > If Request.Cookies("cUsername") Is Nothing Then
> > > Dim cNewUsernameCookie As New HttpCookie("cUsername",
> > > TextBox1.Text)
> > > cNewUsernameCookie.Expires = DateTime.Now.AddDays(5)
> > > Response.Cookies.Add(cNewUsernameCookie)
> > > Else
> > > Response.Cookies("cUsername").Value = TextBox1.Text
> > > Response.Cookies("cUsername").Expires =
> > > DateTime.Now.AddDays(5)
> > > End If
> > >
> > > If Request.Cookies("cUsername") Is Nothing Then
> > > Dim cNewPasswordCookie As New HttpCookie("cPassword",
> > > TextBox2.Text)
> > > cNewPasswordCookie.Expires = DateTime.Now.AddDays(5)
> > > Response.Cookies.Add(cNewPasswordCookie)
> > > Else
> > > Response.Cookies("cPassword").Value = TextBox2.Text
> > > Response.Cookies("cPassword").Expires =
> > > DateTime.Now.AddDays(5)
> > > End If
> > >
> > > End Sub
> > >
> *********************************************************************
> > >
> > > --- In [email protected], Dean Fiala
> > > <[EMAIL PROTECTED]> wrote:
> > > > This is a security feature of ASP.NET, it won't let you put a
> > > password
> > > > in your page source (which what you would be doing).
> > > >
> > > > Couple ways around it. Store the actual password in viewstate
> or a
> > > > session variable , then in your server code check to see if the
> user
> > > > has entered a password, if not, use the stored values. Imagine
> you
> > > > are doing this to allow account add/update on the same page. If
> so
> > > > will need to turn off the required field validator for the
> password
> > > > field when updating.
> > > >
> > > > There was some discussion of this in this group late last year
> or
> > > > earlier this year, with some more creative work-arounds if this
> does
> > > > not satisfy your needs.
> > > >
> > > > On 7/28/05, esimplest <[EMAIL PROTECTED]> wrote:
> > > > > When i am assigning cookie field to a password text box on the
> > > form, it
> > > > > does not show anything - but it does when i make the text box
> > > single
> > > > > line?
> > > > >
> > > > > Any thoughts.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Yahoo! Groups Links
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Dean Fiala
> > > > Very Practical Software, Inc
> > > > http://www.vpsw.com
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Yahoo! Groups Links
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Dean Fiala
> > Very Practical Software, Inc
> > http://www.vpsw.com
>
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
--
Dean Fiala
Very Practical Software, Inc
http://www.vpsw.com
Yahoo! Groups Links
------------------------ Yahoo! Groups Sponsor --------------------~-->
<font face=arial size=-1><a
href="http://us.ard.yahoo.com/SIG=12hvsjqq6/M=362131.6882499.7825260.1510227/D=groups/S=1705006764:TM/Y=YAHOO/EXP=1123048933/A=2889191/R=0/SIG=10r90krvo/*http://www.thebeehive.org
">Get Bzzzy! (real tools to help you find a job) Welcome to the Sweet Life
- brought to you by One Economy</a>.</font>
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
