Wednesday, July 20, 2005
Keeping an ASP.NET Password Box From Being Cleared
By default, a TextBox in ASP.NET that has its TextMode set to Password will clear out the stored password during a roundtrip to the server. Occasionally, there is the need to keep the password in the box when the page is delivered to the user after a PostBack. Yes, I realize that this is a security concern because anyone can read the password by viewing the source. (It is still easy to steal the password normally unless the server is using SSL or something.)
To implement the saving of the password, I created my password textbox like this:
Then in my Page_Load method, I added the following line:
Then I had it saving the password, rather effortlessly.
To overcome some of the security problems, I set my page to not cache. There are many ways to do this, so to make sure it works, I do them all:
To implement the saving of the password, I created my password textbox like this:
<asp:textbox id="Password" runat="server"
TextMode="Password" Value="<%# Password.Text%>">
Then in my Page_Load method, I added the following line:
Password.DataBind()
Then I had it saving the password, rather effortlessly.
To overcome some of the security problems, I set my page to not cache. There are many ways to do this, so to make sure it works, I do them all:
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.AddHeader("Pragma", "no-cache")
Response.Expires = -1
