Reputation: 447
How can I safely keep the value of a password field during postbacks in ASP.NET?
is there a way to safely keep the value of a password field during postbacks in ASP.NET? I was thinking of the viewstate, but I don't want to print it clearly in the HTML code by setting the control value equals to the viewstate content at every postback.
Upvotes: 3
Views: 1683
Answers (3)
Reputation: 45058
I'm not sure of how well this would pan out in an ASP.NET application but take a look into System.Security.SecureString.
This will allow you to populate a string which is encrypted using machine specific (your server) encryption. You will need to marshal this object to a usable (and decrypted) string when it is required, which, I believe, is why some are divided as to its usefulness - I think there are ways and whens to use it, and not.
Upvotes: 0
Reputation: 8550
If security is a concern, you should either :
- Use HTTPS
- At the bare minimum never store plain password even in your database but say a MD5 hash of the password(bare minimum). -Use this hash instead of the password in your postbacks
Upvotes: 3
Reputation: 7632
You should not save the value of the password in the viewstate, since the view state is visible to the end user.
You can save it in a session object if you want.
Upvotes: 1
Related Questions
- ASP:TextBox Value disappears in postback only when password
- How to prevent a password input from clearing after submit?
- How to retain Textbox values after a Postback?
- How to keep data through postbacks?
- Retain Password Field Value on PostBack
- retain the Password Text box values after submit in MVC
- Postback for Passwords in Cleartext?
- Password clearing on AutoPostBack in ASP.NET
- Control value persistance across postbacks
- Control values lost when authentication session times out in ASP.NET