Wednesday, January 11, 2012

Remember password with ISA Server

Here was a scenario I ran into recently.  A client had an ISA server 2006 deployment and used forms authentication against AD for logging in their customers. A long time request had been that users did not want to enter their username and password every time, they wanted the browser to remember their credentials.

After talking the customer through the fact that this was not a good idea from a security standpoint and not succeeding in dissuading them, I started to look for the solution. We took a look at the ISA settings on the server, but couldn't find anything in this regard. I was chatting to a colleague about this who had been making modifications to the ISA server login page to customize the HTML the end user would see, and he pointed out that there is a form option on the login page that turns auto complete on or off. Here is the piece of HTML that causes this:

form autocomplete="off" id="logonForm" method="post" action="/CookieAuth.dll?Logon"


Setting autocomplete="on" then allows the browser to save the username and password credentials.

4 comments:

محمّد سددقالی . سوفٹوارے ڈولوپر said...

Hi Farhan,
This is Siddiqali from India,I am working on SP as admin and developer.I want to Upgrade SP 2003 applications into SP 2010 I need your help.I request you to send me sample mail to my any one of the which do you have siddiqali87@gmail.com,mdsiddiqali@hotmail.com,mdsiddiqaliyahoo.com.Hope you mail me so i.e I can ask for help from you

ADmin said...

There is no mixing up what this sort of paper plans to do.www.bestcustomessay.org Anyhow simply to stretch it further.

Dominic Young said...

We have done these steps and unfortunately, when a user attempts to change their password, but their password doesn't meet the password policy requirements, it doesn't return any error message of any kind. Rather, it returns the user to the initial logon screen and repeats the process. The scripts.txt file however, DOES have an error that is applicable, but it's never presented to the user which means they don't know why they were unable to change their password. This site helps me to write my essays on this theme. Why or how do we fix the issue where it doesn't display that error message?

Rokki Winchester said...

good information it is useful and informative awriter.org there are a lot of thing and info