Asp.Net MVC password for
im using mvc form to give user possibility of changing his data in database. Everything is fine except password. When im getting Password value from database controller passes it into view, but view is not displaying it.
<div class="editor-field">
<%: Html.PasswordFor(model => model.Password) %>
<%: Html.ValidationMessageFor(model => model.Password) %>
</div>
I can save the password but its never displayed inside view. Anyway if i change PasswordFor to TextBoxFor it works fine, but i can see password :(
Inside appl开发者_如何学运维ication, i give to user possibility to configure some other function, you can configure your external email account . when view with form is rendered, box with password is empty. If i submit form then, database will save empty password - i dont want to save null in password column, if user dont want to change password, it should be the same as earlier, also i need to avoid showing it to user.
I faced same issue,and issue got fixed by below solution,might it will help you
Your model class
public class yourmodel
{
[DataType(DataType.Password)]
public string Password {get;set; }
}
View page
@Html.EditorFor(model => model.Password)
This is how it's supposed to work. Password fields should never display data.
If you're doing passwords correctly, you wouldn't even be able to display it. You should be doing a one-way encryption (called a hash) of the data and storing only the hashed value in the database. This way it can never be unencrypted. When a user logs in, you simply hash the password he entered and compare it to the stored one.
Ok, this is an oldie but since I just needed to do the same for email settings. Simple solution, add htmlAttributes like so:
<div class="editor-field">
<%: Html.PasswordFor(model => model.Password) %>
<%: Html.ValidationMessageFor(model => model.Password, new { value=model.Password }) %>
</div>
This will set the password value in the password input.
The guy asks for an answer, not critics. This is not a matter of "doing passwords correctly" or not, what he tries to accomplish requires to save a clear password, so it can be sent to an email server or other system where sending a hashed value would fail.
The password passed in this way:
<%: Html.ValidationMessageFor(model => model.Password, new { value=model.Password }) %>
can be SEEN in the source code of the page from any Browser U_U
Normal approach for password changing by user is to provide 3 empty PASSWORD fields (input type=password):
- New password
- Confirm new password
- Old password
After user submits data on the server, 1st you check if old password is correct (since you don't want someone else to change password if user forgets to logout), then check if user typed new password and confirmed it correctly (since characters are masked in password fields, and only THEN you update database.
You should NEVER render user's password into html. It also applies for cases when server side validation fails (password length or complexity). You always render empty password fields.
Whats the matter? Usually you Never show a password. you store a new one and if forgotten you send a link to create a new one but in no case you show the old one not in clear text and not with dots...
Im agreeing with some of other answers: you should never render the password in the page.
But if you don't care, and want to make the things work, there is an easy way to accomplish that:
@Html.PasswordFor(m => m.Password, new { value = Model?.Password })
Anyway I don't understand why some other users suggests to put the value htmlAttribute into the validation message instead of password field. Very strange, i don't even understand the point of that.
Another option here, if you're using Razor syntax, is to utilize JQuery to populate the password field. Something like the following will work:
$(document).ready(function() {
$('#Password').val('@Model.Password');
});
精彩评论