Re: Web Control vs. html "run as server" for setting password from coo
From: Kevin Spencer (kevin_at_DIESPAMMERSDIEtakempis.com)
Date: 02/18/05
- Next message: Bob: "Re: Chart control for ASP.Net"
- Previous message: Kevin Spencer: "Re: Help! aspnet_wp not working after patching kb886903/kb886906!"
- In reply to: Andre Ranieri: "Web Control vs. html "run as server" for setting password from coo"
- Next in thread: Steve C. Orr [MVP, MCSD]: "Re: Web Control vs. html "run as server" for setting password from coo"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Feb 2005 14:38:29 -0500
I'm afraid you've still got some holes in your understanding of how ASP.Net
works. In addition, you have a security issue that you're not aware of.
Let's start with the first part first.
An ASP.Net WebForm renders an HTML form on the client. There is absolutely
no requirement that a Server Control cause a PostBack. So, ther is
absolutely no requirement that you do this with a static HTML page, although
you certainly could.
Using an HTML document, you COULD populate the password box from a cookie.
JavaScript can read cookies. Google is useful, but you have to ask the right
questions. However, how is the JavaScript is a static HTML document going to
know what password to use? I suppose you could use behaviors, and have the
JavaScript call a Web Service to obtain the password, but again, how does
the JavaScript know what password to ask for? And this is already beginnning
to look like a shortcut that is more complicated than the alternative.
On the other hand, you could use an ASP.Net WebForm instead. Using the
WebForm, you could also populate the password box from a Cookie. However,
the problem there is, the password would appear in clear text in the HTML of
the document. This would be an unacceptable security issue.
This is the reason that password boxes are not populated in almost all forms
that take passwords. There was a time when people used their own computers
all the time. Now, one of your users could drop into a cyber cafe on his
lunch break, log in to your web site, and leave his password behind for
everyone that followed.
-- HTH, Kevin Spencer Microsoft MVP .Net Developer Neither a follower nor a lender be. "Andre Ranieri" <AndreRanieri@discussions.microsoft.com> wrote in message news:DB93B59A-3D0D-4264-B5F3-18874CCEBBA9@microsoft.com... > I'm trying to create a login page for customers to log into our corporate > website, our presidents naturally wants the user and password fields to > populate from a cookie so the customer doesn't have to type their > credentials > every time, this seems like a pretty common thing. However, when I try to > populate the password HTML textbox from the cookie, the textbox remains > blank. However, if I try this from an equivalent web control, the textbox > shows the hidden password .......... > > My research in Google tells me that there is absolutely no way to populate > an html textbox with text when the type="password." Articles I've read > say > that this is because a user can look at the page source markup and see the > actual password, which Microsoft sees as a security issue. > > However, I am able to get this to work when I use a .NET web control, even > though the password is shown in source markup. It doesn't make sense that > they would restrict functionality in an html control yet not do so in a > web > control. > > I'd really prefer having my textboxes be part of an html form to avoid > repeat round trips to the server, is there absolutely no workaround for > the > issue? > > Thanks, > > Andre Ranieri
- Next message: Bob: "Re: Chart control for ASP.Net"
- Previous message: Kevin Spencer: "Re: Help! aspnet_wp not working after patching kb886903/kb886906!"
- In reply to: Andre Ranieri: "Web Control vs. html "run as server" for setting password from coo"
- Next in thread: Steve C. Orr [MVP, MCSD]: "Re: Web Control vs. html "run as server" for setting password from coo"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
