Password shown in browser

  • Thread starter Michael G. Schneider
  • Start date
M

Michael G. Schneider

Suppose web.config contains

<authentication mode="Windows"/>
<identity impersonate="true" userName="XYZ" password="XYZ"/>

and the password is wrong. Then if the website is opened in the browser, a
message is given that shows the above section on the page. What makes this
section appear/disappear? What has to be done, so it is not shown?

Michael G. Schneider
 
S

Steven Cheng[MSFT]

Hi Michael,

For the problem you mentioned(password is displayed in error page ...), it
is because by default the <customError> setting of ASP.NET application is
"Off", that means whenever an error occur in the application(if a user is
currently visiting the site), runtime will automatically display an Error
page to the user which contains the detailed error info(such as error code
, callstack , configure section ....). At production/deployment
environment, you can set the <customErrors> setting to "On" so that it
won't display detailed error info(or you can choose to only allow local
connection see the detailed error by setting it to "RemoteOnly").

e.g.
======================
<authentication mode="Windows"/>
<identity impersonate="true" userName="administrator"
password="wrongPass"/>
<customErrors mode="On" ></customErrors>
==================

You can get more info on this via the following MSDN reference:

#customErrors Element (ASP.NET Settings Schema)
http://msdn2.microsoft.com/en-us/library/h0hfz6fc.aspx

Hope this helps you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
 
M

Michael G. Schneider

Steven Cheng said:
Hi Michael,

For the problem you mentioned(password is displayed in error page ...), it
is because by default the <customError> setting of ASP.NET application is
Click to expand...

Hello Steven,

thanks a lot for the explanation. It helped.

Michael G. Schneider
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password prompt when <allow roles="foo"> 1
Migration to Windows 2003, Error Messages not shown in Browser 3
Prompt for password 0
Windows authentication bug? 7
username and password prompt 2
impersonation issue when executing a Process.Start("Shutdown",strArgs) 0
Forms authentication - clean cookie when close browser 1
Error encrypting identity element in web.config 1

Members online

Total: 42 (members: 2, guests: 40)
Robots: 440

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top