473,851 Members | 1,961 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

.NET 2.0 - Security Question and Answer

I have set up my web application to utilize an ADAM membership
provider. Everything is going well, except I do not wish to utilize
the built-in PasswordRecover y control (I don't want the randomly
generated password emailed to the user). I want to ask the user the
security question, check the answer, and then allow them to immediately
change their password.

By utilizing the built-in CreateUserWizar d, the security answer is
automatically encrypted in ADAM utlizing the machinekey in the
Web.config file. Is there a way for me to decrypt this answer? Or at
least encrypt it and compare the resulting strings?

Thanks for any help (or suggetions on how I could approach this)

Jan 10 '06 #1
1 1531
In case anyone has the same issue, I ended up overwriting what the
CreateUserWizar d placed in the directory with my own value. When the
UserCreated event fires, I then overwrite the control's encrypted value
with my own. I used an SHA1 hash to secure the answer.

Now, my custom password recovery control asks for the answer, performs
the same SHA1 hash, and then compares the hash values to ensure the
correct answer was given.

Jan 25 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: TC | last post by:
Hello All, I have recently had the pleasure of installing Norton Internet Security 2005 and finding that I can no longer create or open a web-based application in Visual Studio .Net. The IDE just freezes. I tried fiddling with the configuration settings of the Norton Firewall but was not successful. I tried launching IIS from the Control Panel and it would not launch. I saw one article in Groups.Google from a previous post that the...
by: Uma | last post by:
Hi Here is my question .. Under Oracle right now we are having the security as .. And I want the equivalent concept in DB2 . any help --> here it is ... connect system/manager
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any thought to security and am trying to apply it afterwards. Doh!, doh! and triple doh!
by: Paul Malcomson | last post by:
I'm trying to finish implementing security on my database. I have secured the .mdb with a .mdw file as per the MS security FAQ with no problems. The last part of security that I need to implement is that the first person to open and log on to the database gets to use the database. Any subsequent log on users will flip into READ-ONLY mode and won't be able to modify any data. All my users belong to a 'full-data-access' group that...
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be prevented from writing to the Registry or writing a file to the local disk. My question: Is this feature unique to .NET? Or is it just as easy for enterprise network administrators to prevent COM applications from writing to the Registry and doing...
by: gfb | last post by:
This was a topic back in 2003 which has now been closed since I get the message "You cannot reply to this topic because it is more than 30 days old or has been closed by a manager." I am wondering whether the zip file mentioned then would be available at this late date and could be sent to me. I am tasked with setting up security for an Access 2003 application using 2 db's, 1 front-end and 1 back-end. I would sure like to save some...
by: Earl Anderson | last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy, but in an effort to furnish sufficient information (as opposed to too little information) to you, I wanted to supply all of the relevant facts. Second, despite the fact that I think the obvious 'quick' answer to my question would be 'Yes', I am seeking your wisdom and recommendation to the question as to this particular set of circumstances. I have 20 Security...
by: vincent90152900 | last post by:
How to remove Security Question and Security Answer from membership provider? Following is my codes. Please tell me how to remove Question and Answer from membership provider. Thank you for replying. CreateNewWizard.aspx <asp:CreateUserWizard ID="CreateUserWizard1" runat="server"> <WizardSteps> <asp:CreateUserWizardStep runat="server"> </asp:CreateUserWizardStep> ...
by: Ken Fine | last post by:
I want to add the security question and answer security feature to the ChangePassword control. I am aware that this functionality is built into the PasswordRecovery tool. I have implemented the PasswordRecovery with a Password reset required; a temporary password is sent to the account on file. I want an extra layer of security to accommodate the very unlikely contingency that someone's e-mail account is compromised. Challenging with the...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.