473,466 Members | 1,332 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Storing Variable for use in different page

I have a website that uses forms based authentication. In the logon.aspx
page a user enters a username and password. It is then authenticated
against Active Directory.

After that point on any page in the directory I can access the username
using HttpContext.Current.User.Identity.Name, but I can't figure out how to
access the password in plain text. Back at the logon.aspx page if I could
store the password that is submitted the authentication subroutine so that
it could be accessed by other pages I would be in business.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #1
5 1178
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:e9**************@TK2MSFTNGP11.phx.gbl...
I have a website that uses forms based authentication. In the logon.aspx
page a user enters a username and password. It is then authenticated
against Active Directory.

After that point on any page in the directory I can access the username
using HttpContext.Current.User.Identity.Name, but I can't figure out how to access the password in plain text. Back at the logon.aspx page if I could
store the password that is submitted the authentication subroutine so that
it could be accessed by other pages I would be in business.


It is generally considered bad practice to store cleartext passwords at all.
What do you need the password for? And why can't you just store it in
Session state.
--
John Saunders
johnwsaundersiii at hotmail
Nov 18 '05 #2
I need to run the page as a user with permission to create users in the
Active Directory. So to impersonate the thread I've been told I need to use
the "Impersonate a Specific User in Code" from
http://support.microsoft.com/default...b;en-us;306158, which needs
the username and password of the user account you want to impersonate.

If there's a better way I'd love to hear it.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"John Saunders" <jo**************@notcoldmail.com> wrote in message
news:u2**************@TK2MSFTNGP09.phx.gbl...
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:e9**************@TK2MSFTNGP11.phx.gbl...
I have a website that uses forms based authentication. In the logon.aspx page a user enters a username and password. It is then authenticated
against Active Directory.

After that point on any page in the directory I can access the username
using HttpContext.Current.User.Identity.Name, but I can't figure out how to
access the password in plain text. Back at the logon.aspx page if I could store the password that is submitted the authentication subroutine so that it could be accessed by other pages I would be in business.


It is generally considered bad practice to store cleartext passwords at

all. What do you need the password for? And why can't you just store it in
Session state.
--
John Saunders
johnwsaundersiii at hotmail

Nov 18 '05 #3
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:ug**************@tk2msftngp13.phx.gbl...
I need to run the page as a user with permission to create users in the
Active Directory. So to impersonate the thread I've been told I need to use the "Impersonate a Specific User in Code" from
http://support.microsoft.com/default...b;en-us;306158, which needs the username and password of the user account you want to impersonate.

If there's a better way I'd love to hear it.


Unless you need audits of the creation of users to show up with the username
of the creating user, you could simply run the web site under a domain user
and not as ASPNET.

I presume there's a reason you're using Forms Authentication and not Windows
Authentication?
--
John Saunders
johnwsaundersiii at hotmail
Nov 18 '05 #4
Wouldn't running an IIS site as a domain user that can create users be more
dangerous than storing a password in memory for a few minutes?

I'm using forms authentication instead of IIS authentication because of
style and form. The pop-up logon box isn't very professional.

I could always just encrypt and decrypt the string as I go correct?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"John Saunders" <jo**************@notcoldmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:ug**************@tk2msftngp13.phx.gbl...
I need to run the page as a user with permission to create users in the
Active Directory. So to impersonate the thread I've been told I need to use
the "Impersonate a Specific User in Code" from
http://support.microsoft.com/default...b;en-us;306158, which

needs
the username and password of the user account you want to impersonate.

If there's a better way I'd love to hear it.


Unless you need audits of the creation of users to show up with the

username of the creating user, you could simply run the web site under a domain user and not as ASPNET.

I presume there's a reason you're using Forms Authentication and not Windows Authentication?
--
John Saunders
johnwsaundersiii at hotmail

Nov 18 '05 #5
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:Ov*************@tk2msftngp13.phx.gbl...
Wouldn't running an IIS site as a domain user that can create users be more dangerous than storing a password in memory for a few minutes?
I'm not certain that you'd have to run the entire site that way. It might be
possible to create a small sub-application with only the pages which require
domain user access and run that with a different account. I've never tried
this, so I don't know if it's possible. Maybe only in IIS 6.
I'm using forms authentication instead of IIS authentication because of
style and form. The pop-up logon box isn't very professional.
The pop-up logon box is how IE does it. It does that for every site which
uses browser-based authentication as opposed to forms authentication.
I could always just encrypt and decrypt the string as I go correct?


Yes. If I were you, I wouldn't store the password, only the encrypted
password. I'd also make sure my login page required SSL, so you're not
sending passwords in the clear.
--
John Saunders
johnwsaundersiii at hotmail
Nov 18 '05 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Storing data for future visits
by: Francisco | last post by:
I have this problem: I have a database with information about games, and users are able to vote for them. Everytime a user votes for a game I store the unique game name into a session variable (an...
PHP
3
PHP Upload ! Storing Image data in MySQL
by: dave | last post by:
Hello there, I am at my wit's end ! I have used the following script succesfully to upload an image to my web space. But what I really want to be able to do is to update an existing record in a...
PHP
3
Storing re-usable data - shopping cart
by: Sean | last post by:
HI, I have a shopping cart in which I am trying to use breadcrumb style navgiation. I need to be able to display the categroy heading relating to the section of the site a visitor is using i.e...
ASP / Active Server Pages
14
Storing variable length data in file -- Paging
by: Luiz Antonio Gomes Pican?o | last post by:
How i can store a variable length data in file ? I want to do it using pure C, without existing databases. I'm thinking to use pages to store data. Anyone has idea for the file format ? I...
C / C++
0
Storing COM objects in a session variable
by: Sandra | last post by:
I am using a VB6 COM object with an asp.net project. I am storing the COM object in a session variable but am having a problem accessing the COM object from the session variable. I am getting...
ASP.NET
2
Problem with storing value in Session object/variable
by: Al Wilkerson | last post by:
Hey guys, I'm having problems with creating/storing a value in a session variable for later retrieving on another page. Here is the aspx page where I create/store the value ...
ASP.NET
2
storing value on client side
by: Angel | last post by:
I am storing a value into a javascript variable that was keyed into a text control. When the code performs a postback, the value that was stored into a clientside variable no longer exists. Is...
ASP.NET
2
Storing OleDBConnection in Session
by: Curt tabor | last post by:
Hi, I have several pages in my app that all use the same oleDBConnection(s). When this connection gets created, I store it as a Session variable so that other pages can access it w/o having...
ASP.NET
3
Storing a user created object as a session variable
by: RSH | last post by:
Hi, I have a situation where I have created an object that contains fields,properties and functions. After creating the object I attempted to assign it to a session variable so i could retrieve...
ASP.NET
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us