autocomplete=off not working in mvc 5 - asp.net-mvc

I am trying not to generate autocomplete in browser for that I am trying this
#Html.TextBoxFor(
model => model.UserName,
new { #class = "form-control", autocomplete = "off" })
#Html.ValidationMessageFor(m => m.UserName, "", new { #class = "text-danger" })
which generate HTML like this
<input type="text" value="" name="UserName" id="UserName" data-val-required="User name is required." data-val="true" class="form-control" autocomplete="off">
In other views I have use the same and it is working fine. but in login view autocomplete="off" not working. for doing so I have clear model state like this in controller
ModelState.Remove("UserName");
reference taken from the following sites
How to Turn Off Form Autocompletion
Disable autocomplete on html helper textbox in MVC
How to disable autocomplete in MVC Html Helper
Remove browser autocompletion in MVC
I still wonder what is wrong in my code? Your suggestion means a lot to me.

As per Bharat's answer it actually, the issue is not of the autocomplete,
the issue comes from the browser's saved logins.
but we can overcome this without going to clear saved passwords of the browser.
As per my intention, all browsers doing similar duties that the field before the password is assumed as Username and it uses the last logged in data will be pasted automatically even if we do autocomplete="off".
The solution is to make the password's field autocomplete="new-password", but this will work only in HTML5 or above supported browsers only...

The issue comes from the browser's saved logins.
When these issue arise at my side, i removed saved logins from my browser and it solved my issue.
visit https://support.mozilla.org/en-US/questions/962690
https://support.google.com/chrome/answer/95582?hl=en

It is Working in MVC 5, to auto-complete off
#Html.TextBoxFor(model => model.UserName,
new { #placeholder = "UserName", #id = "txtUserName", #autocomplete = "new-user" })
#Html.PasswordFor(model => model.Password,
new {#placeholder = "Password", #id = "txtPassword", #autocomplete = "new-password" })

Related

ViewModel data being passed in address bar

I have my change password controler.
The user changes the password and clicks submit.
I have my viewmodel of person p.
I am not passing it at all to my success page.
return View("succsessFulLogin");
And still I am getting
http://localhost:50010/Password/ChangePassword?AccountName=username&CurrentPassword=currentPassValue&NewPassword=newPassValue&NewPasswordCheck=newCheckPassValue
In the address bar
this is my code on the page:
#using (Html.BeginForm("ChangePassword", "Password", FormMethod.Get))
{
#Html.HiddenFor(model => model.AccountName)
<br />
<div>
<h4>#Html.LabelFor(m => m.CurrentPassword)</h4> #Html.PasswordFor(m => m.CurrentPassword, new { onkeydown = "capLock(event);" } ) #Html.ValidationMessageFor(m => m.CurrentPassword)
</div>
<br />
<div>
<h4>#Html.LabelFor(m => m.NewPassword)</h4> #Html.PasswordFor(m => m.NewPassword, new { onkeydown = "capLock(event);" }) #Html.ValidationMessageFor(m => m.NewPassword)
</div>
<br />
<div>
<h4>#Html.LabelFor(m => m.NewPasswordCheck)</h4> #Html.PasswordFor(m => m.NewPasswordCheck, new { onkeydown = "capLock(event);" }) #Html.ValidationMessageFor(m => m.NewPasswordCheck)
</div>
<br />
<p>
<button class="btn-lg" type="submit">#Global.SAVE</button>
</p>
}
I disagree with osman Rahimi.
Using HTTP POST is in no way more secure than HTTP GET! As long as you're passing everything as clear text over http, you can read anything passed to and from the server, even if it isn't shown in the address bar. If you want to check me yourself, all you have to do is download fiddler, check the request and responses your page generates and see for yourself.
The proper way to transmit passwords on the net is to make sure you're using SSL and hashing the passwords. I am by no means an expert on the subject, but I think you'll find need in these answers:
Securely Transfer User Entered Password
How should password be transfered for logon in Asp.net Identity
How to securely save and send login username/password?
when you are using HTTP GET the browser send data in URl and in this way you have limitation up to 2048 characters.
know more about HTTPGET and HTTPPOST
to keep your data secure and protected change your method To POST Like this :
#using (Html.BeginForm("ChangePassword", "Password" FormMethod.Post, null))
{}
then Add [HTTpPost] to your Action Method in your controller , like :
[HttpPost]
public ActionResult ChangePassword(yourmodel model){}

MVC set default value EditorFor() to blank

I am testing this on chrome. I have set chrome to remember user name and passwords. I have a very simple MVC 5 web application where i have login screen and also screen to create user. When user log in, I let chrome save user name and password.
Problem is that when I try to create new user, its not coming user name as blank, but still showing user name that I logged in with.
I want to do in view and not through controller default vault. I tried using below example link on SO, but my code is still not working
how to set default value HTML.EditorFor()
Here is the code that I tried and its not working.
<div class="form-group">
<div class="col-md-12">
#Html.LabelFor(model => model.UserName, htmlAttributes: new { #class = "control-label" })
<br />
#Html.EditorFor(model => model.UserName, new { htmlAttributes = new { #class = "form-control", #Value ="" } })
#Html.ValidationMessageFor(model => model.UserName, "", new { #class = "text-danger" })
</div>
</div>
Please advice what should I do to fix this. You you.
Easiest way around this is to simply change the name of the property in your model from UserName to NewUserName. That way the autofill won't associate autofill entries between the two different fields. Your create and login model are different anyway.
Or, you could also try changing the name of the textbox in your View.
#Html.EditorFor(m => m.UserName, new {htmlAttributes = new { #Name="NewUserName", #id="NewUserName", #class = "form-control", #Value =""}})
You would need to add a parameter in your controller for NewUserName next to your other model parameters.

Display name instead editor field in MVC4

I have in my edit form displayed: Username, TimeZone, Customer...
I don't whant to be able to edit username, just display his name.
This code I use in View:
<label>Username </label>
<div class="editor-field">
#Html.EditorFor(model => model.username)
</div>
So what to put instead EditorFor, that will display username (just for reading, not for editing).
Why not just use #Html.DisplayFor instead? This will just display the username as a label. Or, if you wish to use #Html.EditorFor or #Html.EditorForModel, you can create a custom editor template for your username property, and in the editor template, just display the content instead of enabling editing.
Also, I would recomment you exclude this property during model binding by using [Bind(Exclude="username")] with your model parameter in your POST action method, to protect from injection attacks. More about this here.
find solution:
#Html.TextBoxFor(model => model.username, new {disabled = "disabled", #readonly = "readonly" })

Disable Required Validation Specific Field in the View ASP.NET MVC 4

if someone could give me some hint I would appreciate.
I'm searching for a while, and I even found a post I thought it would solve my problem, but it didn't.
Disable Required validation attribute under certain circumstances
Basically I have a simple User.cs model where I have username, FirstName, LastName and SignupDate
All have the required annotation and I would like to solve this without erasing the Required tag.
After I generate the view, I erase in the view the html code for the SignupDate:
<div class="editor-label">
#Html.LabelFor(model => model.SignupDate)
</div>
<div class="editor-field">
#Html.EditorFor(model => model.SignupDate)
#Html.ValidationMessageFor(model => model.SignupDate)
</div>
When I click submit it does not work.
Also if I do the suggested in the other post
<div class="editor-label">
#Html.LabelFor(model => model.SignupDate)
</div>
<div class="editor-field">
#Html.TexBoxFor(model => model.SignupDate, new { data_val = false })
</div>
If I leave it as blank also does not work..
Any suggestions? Thanks!!
You can disable client validations on the view and remove the errors on the modelstate for those entities you don't want to validate the value.
In my case I wanted to change a Password only if the user typed one. Using Html.HiddenFor was not a good approach due to sends the password to the client every time, and password shouldn't be sent.
What I did was to disable the client validations on the view
#model MyProject.Models.ExistingModelWithRequiredFields
#{
ViewBag.Title = "Edit";
Html.EnableClientValidation(false);
}
That allows me to submit the form even with empty values. Please note that all client validations are ignored, however server validations still run, so you need to clear those you don't need to be executed. In order to do this, go to the action in the controller and remove the errors for each property you need to
public ActionResult Edit(ExistingModelWithRequiredFields updatedModel)
{
var valueToClean = ModelState["RequiredPropertyName"];
valueToClean.Errors.Clear();
if(ModelState.IsValid)
{
...
//Optionally you could run validations again
if(TryValidateModel(updatedModel)
{
...
}
...
}
...
}
I think this should solve it, assuming model.SignupDate holds a value:
<%: Html.HiddenFor(model => model.SignupDate) %>

ASP MVC TextBoxFor<> somehow remember old entered values

I have one partial view with two TextBoxFor<>. I notice that when I run my application in browser that text box remembers and display old entered values in text box. I want display clear text box but can't find why this is happening. I have tried with:
ModelState.Clear();
In post method but doesn't solve anything.
<td>#Html.TextBoxFor(x => x.Username, new { #class = "loginUsername", placeholder = "Email" })
</td>
<td>#Html.TextBoxFor(x => x.Password, new { #class = "loginPassword", placeholder = "Password", type = "password" })
</td>
It might be due to a remember password feature of your browser being activated which automatically saves all username/password values on the client. You could append the autocomplete="off" attribute on your password field to avoid this from happening. This attribute is not standards compliant but most browsers respect it.

Resources