Right now, if I let Firefox 52 remember my password, it will also autofill it when I go to page I set up to create new users. Is there a way I can prevent this, perhaps by putting a different name or ID on either that page or the login page?
autocomplete="off" does not seem to work.
The site already works in Chrome (Chrome will remember my login info on the login page, but not on the "create new user" page.)
autocomplete="new-password" is also not supported in Firefox (see bug 1119063).
Ultimately I decided to change the user creation process so a password doesn't need to be specified. Instead, the user enters a password after confirming their email address.
Related
I am developing a MVC5 application for the DOE. We use windows authentication to login to our computers. I need help getting the users Name when logged in to be display "Welcome, Username"(across all pages) when they navigate to site. My problem is that when I navigate to the page it displays our ID which is what we use to login, i.e. i5456 and password. It would be much appreciated if someone would assist me and walk me through how to set this up.
I have already disabled Forms auth and enabled windows auth in VS 2013. I have tried using #User.Identity.Name in my SiteLayout, but like I said the ID is the only thing displayed. I'm not sure how to setup my model or view, or if I even have to. Is there a way to retrieve the Username so it can be displayed instead of the ID?
Try this #User.Identity.GetUserName() in your view
works for me
I am unable to create an account at Heroku.com for some reason. Note that I do not have an account and am trying to create one.
I am able to click "Sign Up" on the home page, input my email address, receive the validation email, follow the link from validation email to page where input password and then am supposed to click "Save". At this screen, my email address has already been filled out (since I followed the link from the email) so I just pick a password, and put the same password in the "Confirm Password" box.
At this point I would expect the "Save" button to light up (or allow me to click it) but nothing happens when I click it.
I would check the Heroku site for help but am required to log in before getting help.
Using Chrome on Win 7. Using Lastpass for password management.
Heroku requires that the password be typed in rather than automatically added with something like Lastpass. Once the password has been typed in, the "Save" button will light up and allow you to proceed.
I am using DotNetOpenAuth to log in users with FB and Google.
When a user visits the website, is there a way to detect that he/she has already logged in to FB or Google and log them automatically?
Thank you
Yes, if your user has already explicitly logged into your web site using Google or Facebook before. For privacy reasons neither provider will allow you to implicitly log their users in without each user explicitly signing into your web site at least once (and clicking "remember me" at their login page while doing so).
Once the user has approved that, it becomes possible but still isn't very simple. The approach involves creating a hidden iframe on your page (perhaps when the user session is first created, you add the iframe to whatever page the user is viewing, or just your popular landing page). This iframe is pointed at a URL on your site that does nothing but initiate the no-user-interaction login flow. For Google, this means your server makes an OpenIdRelyingParty.CreateRequest call with the Google OP Identifier, and you set IAuthenticationRequest.Mode = AuthenticationRequestMode.Immediate on the returned object before calling IAuthenticationRequest.RedirectToProvider. The Immediate bit tells the Provider to not expect to interact with the user (since your iframe is invisible) and to either give an immediate yes or no response. Then in the redirect back to your site (still in the hidden iframe) you'll see the user is logged into Google (or not) and get their Claimed Identifier and log them into your site.
For Facebook which uses an old draft of OAuth 2, the process may be similar, but use the OAuth 2 classes. I haven't done this one though, so I can't really give an overview.
I m trying to make one test app in windows phone 7.1 And I am using webBrowser control in my app and giving url of external website. User input login details in that form and press submit button. How I Can know the user is logged in.
Thanks,
You can track the URL the user is being redirected to, using the WebBrowser.Navigating event. Check the NavigatingEventArgs.Uri property.
Then you just need to work out the page that the login page redirects to, and if the user is navigating to that then they have successfully logged in.
I have an HTML page with a login form and a registration form inside of an overlay. When the user submits either of these forms, an AJAX request is made back to the server.
If the registration or login is successful, then the user is logged in and certain parts of the page are updated. If there is an issue with the login/registration credentials, then the user is asked to correct the error.
How do I get the browser to prompt the user to save or remember the username/password used for this scenario?
I was able to get Firefox to prompt the user and remember the password by following the answer here:
How can I get browser to prompt to save password?
But this solution did not work in webkit browsers or IE. Also, I tried adding the autocomplete attribute to the forms with value "on", but this also did not solve the problem.
Thanks in advance :)
I'm not sure if you are going to be able to find a solution to this that works across all browsers in a timely manner and if you do it may be very brittle and could break after any browser update.
A more reliable and robust way of doing this could be to do it with your own code by building this functionality into your UI. This would probably even save you some time in the long run. You could have a "remember me" checkbox or a "remember me" popup that comes up after a successful login.
If the user opts to be remembered just write an encrypted cookie with their username which if detected will allow them to bypass login. Assuming SSL I don't see this route as being much less secure than trying to force the browser to do it as the information will be stored un-encrypted on most users computers either way.