Setting the value of Password Fields in ASP.NET 2.0 (a tip and rant rolled up into 1)
I just learned a great tip for setting the value of a password field in asp.net. For those of you who have ever attempted to work with a TextBox where the TextMode is set to password, I feel your pain. For some reason, you can't set the text value the way that you normally would by setting the Text Property. I have spent time searching far and wide and every single post that I have come across says the same two things.
a) You can't set the text property of a Password Type field for security reasons.
b) Okay, you can set the text property, but you have to do it in the form of setting an attribute of the text box. The typical format is:
Now, let me address these two points seperately. First, ummmm well thanks for protecting me. The last time I had protection like this, the "protectors" wore business suits and dark glasses and helped protect the whole neighborhood. But I digress... My question is, Do you have to protect me on every single postback????? I can understand that I might have to set the attribute on the Page_Load event, but is it really protecting me by having the user retype it every single time? In my scenario, the next field is a drop-down box. When the user clicks on the drop down to select a value, the password they just typed is cleared out. All of this protection having a negative affect on the usability of my form. I keep telling the user that they are doing something wrong, but they are starting to suspect it is really the fault of the my app.
Regarding the second point, yes you can store it away and set the attribute property of the textbox, but the place to store it is quite unclear to me. It would have to be some place that occurs before each PostBack. I tried using the Page_Unload event, but it is too late to keep it in the ViewState. I considered using a session variable, but that is just wrong.. A hidden field? Well, the user can go into view source and see it as clear text.
So, it took me only about 10 minutes to build the whole form and then an additional 27 zillion hours to find out how to keep the value of the Password field. Fortunately, one of my colleages in a nearby cubicle and a wiser programmer than I (Jeff Kwak) offered this simple and elegant solution. Here goes....
Protected Sub txtPassword_PreRender(ByVal sender As Object, ByVal e As System.EventArgs) Handles txtPassword.PreRender
txtPassword.Attributes("value") = txtPassword.Text
It works beautifully! Thanks Jeff.