Re: Does My Auto Login Strategy Make Sense?
- From: "Bruno Alexandre" <bruno.in.dk@xxxxxxxxx>
- Date: Fri, 16 Feb 2007 10:35:26 +0100
in a single word: No!
only because saving passwords on computers is not the best way to do it! how about secury issues?
a guy goes to a friend house, aske to send an email, see the site, eneter, change to it's own password, and then... ohh well, you see the picture!
if still, u want to procede with such thing, do it simple:
USERNAME: <TEXTBOX TEXT>
PASSWORD: <TEXTBOX PWD>
u write the cookie for email, and if you find a cookie named "SAVE_PWD" you automatically put in the
<TEXTBOX PWD> something hard to guess like "PWD@COOKIE!" ( it will show ********** to the user)
when performing the LOGIN see if the password is "PWD@COOKIE!"
and then you can search for the encrypted password in the cookies collection and perform a comparation with the one in the Database...
if everything is ok, login the user, any problem say "please enter your password for security proposes"
AND PLEASE !!! dont save PWD for A YEAR !!! TWO WEEKS tops !!
a lot happends within a year, and have link "I forgot my password" and send a link to reset the pwd to that email if you find it in the database.
hope it helps.
--
Bruno Alexandre
Strøby, Danmark
"a Portuguese in Denmark"
"dougloj" <dougloj@xxxxxxx> wrote in message news:1171607979.589850.209280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi..
I have an ASP.NET application written in C#. To log in, a user must
provide their email address and password. I already give the user a
"Remember my Email Address" check box. If they check it when logging
in, I store the email address in a cookie and automatically display
the address when they login again.
I now want to give the user a "Remember my Password" checkbox. If they
check this new checkbox, I'm planning on encrypting the password and
storing it in a cookie that won't expire for maybe a year.
If the user decides to have the password saved, the next time they log
in, I will display the login window. In the login window, I use an
asp:TextBox control for the password with the TextMode set to
Password. Because the TextMode is Password, I can't figure out a way
to assign a value to the TextBox's Text field in my C# code. Ideally,
I'd like to just assign the stored password to the field. So, if the
user has the password stored in a cookie, I would change the TextMode
of the TextBox. to SingleLine, assign a string value of "*******" to
the Text field, check the stored password from the cookie against the
database value, and proceed accordingly.
I'm thinking of this approach because if the user no longer wants the
password stored, I can expire the cookie, and the next time the user
logs in, keep the password TextBox's TextMode as Password, and have
the user enter the password.
If the user ever changes the password, I will automatically expire the
cookie, and the user will have to enter the password and decide to
have it saved or not the next time they login.
Does this approach make sense?
All ideas are appreciated.
-Doug
- References:
- Does My Auto Login Strategy Make Sense?
- From: dougloj
- Does My Auto Login Strategy Make Sense?
- Prev by Date: AutoEventWireup question
- Next by Date: Re: Is the ASP.NET AJAX Documentation available online?
- Previous by thread: Does My Auto Login Strategy Make Sense?
- Next by thread: Re: Does My Auto Login Strategy Make Sense?
- Index(es):
Relevant Pages
|
Loading
