Preventing saved passwords

Discussion in 'ASP .Net Security' started by Peter Brown, Jan 7, 2004.

  1. Peter Brown

    Peter Brown Guest

    I have developed a web site running on Win2k and IIS.
    It uses Integrated Windows Authentication. When the user
    selects
    the URL for the site, they are prompted for their Network
    Password. On this dialog is a checkbox 'Save this
    password
    to your password list'. If the user checks this, their
    password
    will be pre-entered the next time the page is opened.

    My question is, How can I force the
    users to have to enter their password even if they
    have checked the 'Save Password' box?
     
    Peter Brown, Jan 7, 2004
    #1
    1. Advertising

  2. Peter Brown

    Keith Guest

    You do not have control over this unfortunately. In
    fact, if the users are on your local network they could
    easily configure IE to just pass through their
    credentials without prompting. To address this security
    concern you can do two things:

    1. Educate users to not do it (best approach)
    2. Programatically login to the domain using forms
    authentication going against Active Directory. You might
    not be using a domain to authenticate, but if you are
    here's a good link to a VB.Net sample of using forms
    authentication against Active Directory:

    http://support.microsoft.com/default.aspx?scid=kb;EN-
    US;326340

    Choice two is good because any browser can support NTLM
    authenication. Only IE and Mozilla/Netscape support
    NTLM. No support for Apple Safari or Konqueror on Linux.

    Good luck.

    >-----Original Message-----
    >I have developed a web site running on Win2k and IIS.
    >It uses Integrated Windows Authentication. When the

    user
    >selects
    >the URL for the site, they are prompted for their Network
    >Password. On this dialog is a checkbox 'Save this
    >password
    >to your password list'. If the user checks this, their
    >password
    >will be pre-entered the next time the page is opened.
    >
    >My question is, How can I force the
    >users to have to enter their password even if they
    >have checked the 'Save Password' box?
    >.
    >
     
    Keith, Feb 1, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris P
    Replies:
    0
    Views:
    447
    Chris P
    Oct 28, 2003
  2. Stephen

    emailing passwords using .NET

    Stephen, Jul 20, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    391
    R.Balaji
    Jul 23, 2004
  3. philip herman

    'Document not saved' error - excel workbook

    philip herman, Jul 11, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    5,471
    philip herman
    Jul 11, 2003
  4. Staffing

    Web.config and Passwords

    Staffing, Aug 26, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    546
    Staffing
    Aug 26, 2003
  5. whidy

    where is cookie saved ?

    whidy, Aug 28, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    7,897
    Ken Cox [Microsoft MVP]
    Aug 28, 2003
Loading...

Share This Page