I have a web-based program that will be going to an external web server and
want to create a logon process. I am using forms authentication, passing
encryption with salt, but want to force the user to create passwords with
rules: combinations of numbers & letters, at least one character caps,
things like that, like we would on a a network, and to change the password
every x amount of months. Can anyone point me in the right direction as to
any articles that may help me do this, or the correct process?
Thanks for your help.
2  1752 
This is handled at multiple places:
1) Forms authentication allows a user to login into the system for a
session or for a certain amount of time. The way you are handling is
good enough.
2) To have a set of rules for a password, you may use regular
expressions on ASP.NET password textboxes. Search google.
Alternatively, you can write your own logic to validate in code-behind
file or have a trigger in the database of password field, that verifies
the requirement.
3) Password expiry should be maintained by your database logic.
Whenever, a password is updated, update the last updated date and
whenever user login, check if the last updated date is beyond the valid
date time frame. If so, force user to create a new password.
If there are any other ways, please contribute. I'll love to know more
varieties.
Thanks,
Aru
Hello KatMagic,
If you haven't already, take a look at the SqlMembershipPr ovider api in
ASP.NET 2.0. It has some of what you want built in: Configurable password strength
Automatic lockout
Minimum number of non-alphanumeric
Security question/answer
...
The membership data are stored in SQL so you have access to the tables,
stored procedures, and functions if you want to customize.
--
enjoy - brians http://www.limbertech.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ian Davies |
last post by:
Hello
I would like to query the user table of the mysql database from my VB
application to check that a user's password entered in a text field on a
form corresponds to that users password in the mysql database. However, when
I retreive the password using an sql statement into a recordset, it is
encrypted. How can I decrypt it so I can make the comparison.
Ian
|
by: Miro |
last post by:
Why Password protect an MDB when someone can google and get a hack?
Wondering if anyone else has thought of this and just said "oh well"...
I plan to password protect an MDB where I have some system/program variables
and data.
But looking in google, there are plenty of programs a user can download to
hack and crack that password.
|
by: cooltoriz |
last post by:
Hello there,
I just found that the compiled code won't hide the string variables so
that I can see them by opening the execuable using Notepad. I have
couple applications that have password hardcoded and I've been thinking
that the string varialbes are hidden in compiled code. I knew that the
VS.NET doesn't compile the source code into machine code. But I didn't
know that it will expose string variables in the compiled code. Here is
my...
|
by: per9000 |
last post by:
Hi all,
I want to create an encryption program and started thinking about not
storing sensitive information in the memory since I guess someone
might steal my computer an scan my memory.
So I wrote this method for getting a password from the console and
converting it to an array of bytes for later use in the encryption
algorithm.
The weak point as I see it is the storage of the password - it will be
|
by: =?Utf-8?B?am9uaWdy?= |
last post by:
I wrote a simple VB.NET application that imports and edits CSV files.
Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be
opened separately. It is not high-sensitive data, I just don’t want folks to
peek in the files.
So time-consuming encryption is not necessary, just a simple
password-to-open that I can program in my application so it internally opens
the imported CSV file would be perfect, but I can’t...
| | |
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: Jeff Williams |
last post by:
I am developing an application which will allow users (students) to run
applications on PC's with elevated rights. This is necessary for some
applications which require Administrator rights on the PC.
I now need to store the local administrator username and password
somewhere where my application can read this from.
I am looking for comments on
1. Recommend place to store this data
|
by: Gilles Ganault |
last post by:
Hello
I'd like to encrypt a customer's organization name to use this as
their password to launch our application, and decrypt it within our
VB5 application.
We will then use this information to print it on every page that the
application prints out. That way, even if some other user gives out
his password, it won't do any good, since the organization name will
be the original user's.
|
by: Jon.Hakkinen |
last post by:
Hi all,
I'm on DB2 9.5 fp 0 on Windows.
I have a simple SQL stored procedure which uses the Encrypt() function
to insert data in a table.
I do not set the encryption password inside the procedure, I plan to
issue an Set Encryption statement at the beginning of every database
session from our middle layer.
But for now I use clp or db2ce to run something like
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
