Preventing saved passwords

Discussion in 'ASP .Net Security' started by Peter Brown, Jan 7, 2004.

  1. Peter Brown

    Peter Brown Guest

    I have developed a web site running on Win2k and IIS.
    It uses Integrated Windows Authentication. When the user
    selects
    the URL for the site, they are prompted for their Network
    Password. On this dialog is a checkbox 'Save this
    password
    to your password list'. If the user checks this, their
    password
    will be pre-entered the next time the page is opened.

    My question is, How can I force the
    users to have to enter their password even if they
    have checked the 'Save Password' box?
     
    Peter Brown, Jan 7, 2004
    #1
    1. Advertisements

  2. Peter Brown

    Keith Guest

    You do not have control over this unfortunately. In
    fact, if the users are on your local network they could
    easily configure IE to just pass through their
    credentials without prompting. To address this security
    concern you can do two things:

    1. Educate users to not do it (best approach)
    2. Programatically login to the domain using forms
    authentication going against Active Directory. You might
    not be using a domain to authenticate, but if you are
    here's a good link to a VB.Net sample of using forms
    authentication against Active Directory:

    http://support.microsoft.com/default.aspx?scid=kb;EN-
    US;326340

    Choice two is good because any browser can support NTLM
    authenication. Only IE and Mozilla/Netscape support
    NTLM. No support for Apple Safari or Konqueror on Linux.

    Good luck.

    >-----Original Message-----
    >I have developed a web site running on Win2k and IIS.
    >It uses Integrated Windows Authentication. When the

    user
    >selects
    >the URL for the site, they are prompted for their Network
    >Password. On this dialog is a checkbox 'Save this
    >password
    >to your password list'. If the user checks this, their
    >password
    >will be pre-entered the next time the page is opened.
    >
    >My question is, How can I force the
    >users to have to enter their password even if they
    >have checked the 'Save Password' box?
    >.
    >
     
    Keith, Feb 1, 2004
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stephen

    emailing passwords using .NET

    Stephen, Jul 20, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    479
    R.Balaji
    Jul 23, 2004
  2. Staffing

    Web.config and Passwords

    Staffing, Aug 26, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    622
    Staffing
    Aug 26, 2003
  3. Elliot M. Rodriguez

    Impersonation Question - Encrypting Passwords

    Elliot M. Rodriguez, Nov 4, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    507
    Elliot M. Rodriguez
    Nov 4, 2003
  4. Guest
    Replies:
    0
    Views:
    510
    Guest
    Nov 5, 2003
  5. John Buchmann

    Passwords in web.config... is this secure?

    John Buchmann, Dec 15, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    5,846
    Munsifali Rashid
    Dec 15, 2003
  6. Jason

    storing`passwords in cookies

    Jason, Dec 29, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    564
    Cowboy \(Gregory A. Beamer\)
    Dec 29, 2003
  7. =?Utf-8?B?VGF5bw==?=

    Encrypting Passwords

    =?Utf-8?B?VGF5bw==?=, May 27, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    475
    Nick Gilbert
    May 27, 2004
  8. John
    Replies:
    6
    Views:
    867
Loading...