473,748 Members | 2,574 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

User Account Security

Hi

I'm trying to design a web application where people can create user Ids and
passwords while signing up and then use that information to login to an
account. (I know, very basic). I just can't get my mind around how to make
this system most secure. the user id and password is verified at the time of
logging in and at that point, I would like to create something like a session
key before openning the new page. I basically don't want to start the new
page by passing regular parameters through the URL because that's very easy
to manipulate and break. Can someone give me some information about creating
a secure system like this and/or forward me some useful sources?? btw.. I'm
using, IIS as my server, ASP.Net and VB.Net.

Thanks

Farsad
Aug 26 '05 #1
1 1231
"farsad nasseri" wrote in message
news:B5******** *************** ***********@mic rosoft.com...
: I'm trying to design a web application where people can create user Ids
and
: passwords while signing up and then use that information to login to an
: account. (I know, very basic). I just can't get my mind around how to make
: this system most secure. the user id and password is verified at the time
of
: logging in and at that point, I would like to create something like a
session
: key before openning the new page. I basically don't want to start the new
: page by passing regular parameters through the URL because that's very
easy
: to manipulate and break. Can someone give me some information about
creating
: a secure system like this and/or forward me some useful sources?? btw..
I'm
: using, IIS as my server, ASP.Net and VB.Net.

While it may seem to be a simple process, there is quite a lot involved to
make a complete solution. This include but may not be limited to:

verifying username does not exist before registering new user
email address confirmation
email verification before completion mailing autogenerated random link to
complete email verification
verification checking for lost passwords with pass phrases
visitor tracking for support and security
privacy notices re: user information being stored

Also, this is a Classic ASP newsgroup. You're going to have a better chance
getting answers in a .NET newsgroup.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Aug 27 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
10
4786
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
by: DC Gringo | last post by:
Using latest SP Win2k and .NET versions, I have a .NET application running on server1 with a SQL Server database running on server2. I have the Windows user account passwords sync'd for server1\aspnet (installed by .NET Framework and server2\aspnet (created by me--this machine has no .NET Framework on it). The aspnet user on the database server (server2) has access to the database. I still get: Login failed for user '(null)'. Reason:...
.NET Framework
2
3181
aspnet user and interated security (SQL Server)
by: Phil Townsend | last post by:
I have been attempting to persuade our systems admin staff to allow us to use integrated security by adding the aspnet user to SQL Server. Currently we are forced to use a connection string that passes user names/passwords on the conncetion string itself. i know that using integrated security is a more secure way of doing this. However, our systems admin is saying that this is not poosible on our current configuration of Win2000 and IIS...
C# / C Sharp
1
2115
Error "Login failed for user ..."
by: fl | last post by:
I am running ASPNET on my local machine. I have a problem when I try to connect to a SQL server database table. The data looks good when I right click SqlDataAdapter1 to preview the data. When F5 to run it, I get this error "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection..." Here is my code (they are all generated by the wizard): Public Class WebForm1 Inherits System.Web.UI.Page
ASP.NET
3
3091
User.Identity.Name and annoymous access account
by: martin | last post by:
Hi, I have a website that runs under Annotmous access. I am trying to find out the account that the page is running under the line Response.Write("<hr>" & Page.User.Identity.Name & "<hr>") does not write out the name of the account that the website is running under when it is running under annoymous access, however when the same page is run
ASP.NET
0
2742
Active Direcotory - Map a certificate to a user account
by: jakobsgaard | last post by:
It is possible to Map a certificate to a Active Directory User Account from DotNet? Please provide an example. Best regards, Ejnar Jakobsgaard ------------------------------------------------- To map a certificate to a user account Open Active Directory Users and Computers.
.NET Framework
7
3875
Run app as specified user from ASP.NET 2.0
by: John.NET | last post by:
Hi, First please forgive that this is a repost as the first time I didn't have my proper nospam email configured... I'm writing a web service where one method will launch another .NET program under a specified user's account. It launches fine as the NT AUTHORITY\NETWORK SERVICE user when I dont specify a username/password for the ProcessStartInfo but I am having trouble getting it to work when I specify any other username/password...
ASP.NET
18
23792
Active Directory User Name from Logon Name
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample code/examples? Thanks in advance, Arthur
C# / C Sharp
6
12776
Windows authentication/impersonation.. login failed for user null?
by: Not Me | last post by:
Hey, We have an sql server 2000 machine and IIS 6 machine running seperately but on the same domain. I can connect fine to the database without using impersonation, but when it's enabled I get the error: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." When I check System.Security.Principal.WindowsIdentity.GetCurrent().Name I get the valid domain user that I would expect, why isn't this...
ASP.NET
33
11862
Getting logged in user from a service?
by: JamesB | last post by:
I am writing a service that monitors when a particular app is started. Works, but I need to get the user who is currently logged in, and of course Environment.UserName returns the service logon (NT_AUTHORITY\SYSTEM). I understand that when the service starts, no user may be logged in, but that's ok, as the app I am monitoring can only be run by a logged in user. Do I need to use WMI to get the user context of Explorer.exe or is there a...
C# / C Sharp
4
5810
Impersonate specific user in code with Windows 2008
by: =?Utf-8?B?QXZhRGV2?= | last post by:
ASP.Net 2. We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003 32 Bit with IIS 6. A few library classes we wrote uses impersonation in code like explained in this article: http://support.microsoft.com/?id=306158#4 This doesn't work in Windows 2008 Server, we receive the following exception:
ASP.NET
0
8832
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
9562
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
9333
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9254
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6799
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4608
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
3319
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2791
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2217
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us