Hi Michael,
For the problem you mentioned(password is displayed in error page ...), it
is because by default the <customError> setting of ASP.NET application is
"Off", that means whenever an error occur in the application(if a user is
currently visiting the site), runtime will automatically display an Error
page to the user which contains the detailed error info(such as error code
, callstack , configure section ....). At production/deployment
environment, you can set the <customErrors> setting to "On" so that it
won't display detailed error info(or you can choose to only allow local
connection see the detailed error by setting it to "RemoteOnly").
e.g.
======================
<authentication mode="Windows"/>
<identity impersonate="true" userName="administrator"
password="wrongPass"/>
<customErrors mode="On" ></customErrors>
==================
You can get more info on this via the following MSDN reference:
#customErrors Element (ASP.NET Settings Schema)
http://msdn2.microsoft.com/en-us/library/h0hfz6fc.aspx Hope this helps you.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx. ==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
[quoted text, click to view] >From: "Michael G. Schneider" <mgs@newsgroups.nospam>
>Subject: Password shown in browser
>Date: Mon, 15 Oct 2007 08:02:27 +0200
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Suppose web.config contains
>
> <authentication mode="Windows"/>
> <identity impersonate="true" userName="XYZ" password="XYZ"/>
>
>and the password is wrong. Then if the website is opened in the browser, a
>message is given that shows the above section on the page. What makes this
>section appear/disappear? What has to be done, so it is not shown?
>
>Michael G. Schneider
>
>
>
