I've MVC5 application and in the create view i have user and password fields.
I put values in the user and password field and when I enter to edit mode i see just the user value in the text box
and the password field is empty,why?
when I debug the code I see that in the end of the edit ( return View(UserPass); ) i got the object with the values and than it call to the view(razor) and I dont see the value in the pass text box ...
Any idea why the user is exist and password not?
I just want it to be field with asterisks in the edit mode...
In the edit and the create view I use:
<div class="form-group">
#Html.LabelFor(model => model.Password, new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.PasswordFor(model => model.Password)
#Html.ValidationMessageFor(model => model.Password)
</div>
</div>
Passwords are not prepopulated to prevent accidential submits and not to have un encrypted passwords.
check below link.
ASP.Net MVC3 Html.PasswordFor does not populate
Use this:
#Html.PasswordFor(model => model.Password,new{#Value=Model.Password})
Notice that Value:v should be uppercase
Rendering the value of a password into the html source is a huge security risk. Its preventing you from leaking your passwords. Otherwise someone could view the page source and see:
<input type="password" value="password123" />
I would recommend doing the following:
#Html.PasswordFor(model => model.Password, new { placeholder = "********" })
This will put some 'visual' asterisks in the textbox which will disappear when the user starts entering an actual value. Its not supported by all browsers, but its something.
Related
This question already has answers here:
Hyphenated html attributes with asp.net mvc
(2 answers)
Closed 6 years ago.
I have a basic password strength indicator.
<input type="password" id="myElement1" size="40" class="left" data-display="myDisplayElement1" />
<div class="left" id="myDisplayElement1"></div>
I have the JS Script which takes care of all the logic. And the data-display div shows the message whether the password is weak or strong. But I want to convert the above code into Razor. Below is what I have till now.
<div class="form-group">
#Html.LabelFor(model => model.NewPassword, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.NewPassword, new { htmlAttributes = new { #class = "form-control", id = "myElement1" } })
<div class="left" id="myDisplayElement1"></div>
#Html.ValidationMessageFor(model => model.NewPassword, "", new { #class = "text-danger" })
</div>
</div>
Question: Everything is working fine but I am not able to put data-display attribute in razor. Where do I need to place it. But as the data-display is not set, I am not able to display the user its password strength as the div.
I want to be able to do something like below
#Html.EditorFor(model => model.NewPassword, new { htmlAttributes = new { #class = "form-control", id = "myElement1" , data-display = "myDisplayElement1"} })
But data-display gives me error.
Error
Cannot resolve symbol data the error comes at the place where I have added data-display.
Hyphenation is not valid within an anonymous object. However, knowing that it would be necessary at times to add attributes with hyphenation, the Razor helpers will auto replace underscores with hyphens in attribute names. As a result, you can accomplish what you need by using data_display rather than data-display.
In a system where I am using the Identity framework, I have the following form in a view that is bound to the model AppUser:
<div class="form-group">
<label>Name</label>
<p class="form-control-static">#Model.Id</p>
</div>
#using (Html.BeginForm("Edit", "Admin", new { returnUrl = Request.Url.AbsoluteUri }, FormMethod.Post, new { #id = "edituserform" }))
{
#Html.HiddenFor(x => x.Id)
<div class="form-group">
<label>Email</label>
#Html.TextBoxFor(x => x.Email, new { #class = "form-control" })
</div>
<div class="form-group">
<label>Password</label>
<input name="password" type="password" class="form-control" />
</div>
<input type="checkbox" name="userLockout" value="Account Locked" #(Html.Raw(Model.LockedOut ? "checked=\"checked\"" : "")) /> #:Account Locked <br>
<button type="submit" class="btn btn-primary">Save</button>
<button class="btn btn-default"
id="canceleditbutton">
Cancel
</button>
}
The model definition for AppUser:
public class AppUser : IdentityUser
{
public bool LockedOut { get; set; }
/*Other fields not shown for brevity*/
}
My specific question is regarding the checkbox for the LockedOut flag, which is a custom property I added. For a test user, I manually set the flag in the database to True and as expected, on the view the checkbox was checked when it was loaded. Now my goal is to be able to access this in the POST edit method of the AdminController that this form calls on submit. The skeleton for that method is as follows:
[HttpPost]
public async Task<ActionResult> Edit(string id, string email, string password, string userLockout)
{
//Code here to change the LockedOut value in the database based on the input received
}
The issue is that the userLockout parameter comes in as null when I click Save on the submit on the edit screen. The other two values are populated correctly. How can I access the userLockout value, so that I can continue with saving the change into the database if needed?
And lastly, my ultimate goal here is to implement a system where an admin can lock or unlock a user account via the LockedOut flag (which gets checked each time someone logs in). I know the Identity framework has support for lockouts, but this seems to be time restricted lockouts only. Is there a way that exists in the Identity framework to have permanent (unless manually changed) lockouts? I am trying to use as little custom code and design as possible, so that's why I am interested in knowing this as well. Particularly, I am interested in using the way the framework keeps track of unsuccessful login attempt counts, because I want to try to avoid implementing that manually as well.
Thank you.
Change userLockout type to bool in the Edit method and post should work.
To lock the user for a very long duration (a sub for permanent lock) after n failed attempts, one option is to set the DefaultLockoutTimeSpan to some x years in the future.
To check if a user is locked out, try UserManager.IsLockedOutAsync(userId)
I have a web application in which certain users can assign certain roles to other users.
I have a number of roles for e.g. Admin, Super User, Developer, Designer
The Admin and the Super User can assign roles.
Is there a way in the View, where If I am a Super User the Super User checkbox does not show? subsequently, The Admin cannot assign to himself Super User or uncheck Admin for obvious reasons
Basically. This is what they should have access to:
Super User: Admin, Developer, Designer
Admin: Developer, Designer
This is the coding being used at the moment.
<div class="form-group">
#Html.Label("Roles", new { #class = "control-label col-md-2" })
<span class=" col-md-10">
#foreach (var item in Model.RolesList)
{
<input type="checkbox" name="SelectedRole" value="#item.Value" checked="#item.Selected" class="checkbox-inline" />
#Html.Label(item.Value, new { #class = "control-label" })
}
</span>
</div>
This shows all the roles found inside the database irrespective of role. What can I change please?
Thank you in advance
On my Change Password form I have asterisks appearing in the New Password field. I assume they are appearing as a leftover from the password field from the Login Form?
Change Password form (partial):
<div class="form-group">
#Html.LabelFor(m => m.Password, new { #class = "col-md-3 control-label" })
<div class="col-md-9">
#Html.PasswordFor(m => m.Password, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.Password)
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.ConfirmPassword, new { #class = "col-md-3 control-label" })
<div class="col-md-3">
#Html.PasswordFor(m => m.ConfirmPassword, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.ConfirmPassword)
</div>
</div>
This behavior is probably browser-related due to a cookie from saving the password on login. I'm just wondering if there is anyway to overcome this without renaming the Password field?
#Html.PasswordFor (and all of the other xxxFor HtmlHelpers) will fill in the input field with whatever value the model has for the property when the page is rendered. In this case, Model.Password must already have a value, perhaps from when you fetched the user from the database. Note, if you are storing the user's password somewhere in plain text, this is bad practice.
Before the call to View in your Controller, clear out the Password property.
If that doesn't work and you've confirmed the Password property of the Model is empty when the page loads, then perhaps it is some browser autocompletion as you say. You can try adding autocomplete = "off" attribute to the input element.
I just want to add a placeholder for my generated input element.
This is what being generated
<input class="text-box single-line" data-val="true" data-val-required="The Username field is required." id="Username" name="Username" type="text" value="">
This is the code that generates HTML output
#Html.EditorFor(model => model.Username)
Of course I can just remove the generated code and write it by myself just including the necessary fields, however maybe it is possible to just pass some kind of parameter to EditorFor that will add placeholder attribute to it?
You can use #Html.TextBoxFor instead of #HtmlEditorFor and then write htmlAttributes like this:
#Html.TextBoxFor(model => model.Username, new { placeholder = "Username..." })
Try
#Html.EditorFor(m => model.Username, new { data_val_attribute = "value" });
Most of the helpers will have an overload that accepts an anonymous object as the last parameter for specifying attributes in the generated markup.
#Html.EditorFor(model => model.Username, new { placeholder = "Username..." }) should work, unless your model is not empty. Have you checked if your model is empty?