Do not let browser save password

Asked

Viewed 621 times

2

I need to make the browser does not save the user password, I have tried autocomplete="off", autocomplete="new-password", already put in the form of the page autocomplete="off", but even so the browser asks to save the password, how can I not let save? Or the countryside won’t even ask ?

 <asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>

I tried to include this line before, to fool the browser:

 <input style="display: none" />

I also tried to put with the same name to trick the browser, and no way it worked, someone has some effective example to help me?

javascript c# asp.net

  • I’m not sure if it works, but you’ve tried setting the attributes TextMode="Password", EnableViewState="false" and AutoComplete="off" in the ASP field?

  • I didn’t try, but I took the test now, and it didn’t work either.

  • Would that be? How to disable Chrome Pop-UP to save passwords?

2 answers

1


I can not say, but I believe that in most browsers put themselves in the tag <form> should work:

<form action="baz.aspx" method="post" autocomplete="off">

Of course regardless of this, this is something of user control, is a facilitator, I think it should be user choice whether or not he wants to save.

Of course there are alternative solutions that might solve the problem, like using a form false combined with Ajax, ie would probably not even use asp:TextBox runat=server for example (should not be within form):

<div id="meu-form" data-url="foo.aspx" data-location="/dashboard/">
    <input name="login" autocomplete="off">
    <input name="pass" autocomplete="off">
    <button class="logar">Logar</button>
</div>

And in Ajax it would look like this:

var form = document.getElementById('meu-form'),
    requesting = false;

actLogon.onclick = function() {
    if (requesting) return;

    //Bloqueia as requisições enquanto estiver logando
    requesting = true;

    var action = form.dataset.url;
    var loc = form.dataset.location;

    var actLogon = form.querySelector('button.logar');
    var login = form.querySelector('login');
    var pass = form.querySelector('pass');

    //Variaveis que vão para o servidor
    var variaveis = [
         "login=" + encodeURIcomponent(login),
         "pass=" + encodeURIcomponent(pass)
    ].join("&");

    //Ajax
    var oReq = new XMLHttpRequest;

    oReq.open("POST", action, true);

    //Função assíncrona que aguarda a resposta
    oReq.onreadystatechange = function()
    {
        if (oReq.readyState === 4) {
            if (oReq.status === 200) {
                if (oReq.responseText === "sucesso") {
                    window.location.replace(loc);
                } else {
                    alert("Erro: " + oReq.responseText);
                }
            } else {
                alert("Erro: " + oReq.status);
            }

            actLogon = false;
        }
    };

    //Envia a requisição, mas a resposta fica sendo aguardada em Background
    oReq.send(variaveis);
};

Explaining the code:

  • The <div id="meu-form" data-url="foo.aspx" data-location="/dashboard/"> will take the place of the form

  • The data-url="foo.aspx" must contain the URL value that will be used only for the ajax

  • The data-location="/dashboard/" must contain the target URL, that is the screen after the user is logged in

  • As variaveis should contain the keys and values that will pick up the Ajax page (foo.aspx is only one example)

    var variaveis = [
     "login=" + encodeURIcomponent(login),
     "pass=" + encodeURIcomponent(pass)
].join("&");

  • Your aspx should return only the text sucesso in the response to Ajax, if the login was correct:

    if (oReq.responseText === "sucesso") {
    window.location.replace(loc);
} else {
    alert("Erro: " + oReq.responseText);
}

    Otherwise it will display the alert with an error message, which you can customize.

In the foo.aspx (regardless of the name you give), should look something like:

context.Response.ContentType = "text/plain";

var login = context.Request.Form["login"];
var pass = context.Request.Form["pass"];

//Faz o login aqui

if (/*Se o login estiver correto*/) {
    context.Response.Write("sucesso");
} else {
    context.Response.Write("Erro");
}

context.Response.End();

  • I did this on my page, but it did not work, still giving the option, for security reasons, was decided by the team, not to let the user save the password.

  • @marianac_costa see if you can understand the example in Ajax that I did

  • @marianac_costa edited the answer to add a few more explanations

0

Seeing this reply of OS

Missed to set the type="password" in the input hidden'. It is also necessary that this input come before the input that will really be used.

<form>
    <div style="display: none">
         <input  type="password" />
    </div>

    <asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>
</form>

  • I tried that way, but it didn’t work either.

  • Ever tried to leave in a div hidden? edited the answer

  • Also did not work, I did the test putting one before, and one after txtsenha, but also did not solve.

Browser other questions tagged javascript c# asp.net

You are not signed in. Login or sign up in order to post.