none
The less-than character is causing problems in the password registration portal. RRS feed

  • Question

  • The less-than character is causing problems in the password registration portal. One of my users has a password starting with < (less-than). He cannot pass the first page of the portal. The message is:

    Prohibited Input

    Loading ...

    Your input contains text in a format that is not allowed. Try again with different input, or contact your help desk or system administrator. (Error 3009)

    Go to Self-Service Password Registration home page

    I have two questions. Why, and what can I do about it. Many thanks for your help.


    GH

    Tuesday, April 16, 2013 1:54 PM

Answers

  • You see this because the portal is protecting itself from cross site scripting attacks. If you have upgraded to build 4.1.3419.0 or later then you support this character. To support using this character in a new password, open the web.config file and find the following entry:

    <add key="Base64EncodePasswordFields" value="false" />

    Change the value to “true”. Make sure to update this for both password registration and password reset portal servers.

    • Marked as answer by Guy Horn Wednesday, April 24, 2013 1:05 PM
    Saturday, April 20, 2013 4:24 PM

All replies

  • Hi,

    Password complaxity depends upon your DC Policies.

    Check there for the complexity Details.

    Tuesday, April 16, 2013 8:41 PM
  • Hi,

    Password complaxity depends upon your DC Policies.

    Check there for the complexity Details.

    Hallo,

    Mind that password registration is an authenticated action. Unlike password reset which is an anonymous action. The user is already logged on with valid credentials. So he must have a valid Windows password.


    GH

    Wednesday, April 17, 2013 11:32 AM
  • You see this because the portal is protecting itself from cross site scripting attacks. If you have upgraded to build 4.1.3419.0 or later then you support this character. To support using this character in a new password, open the web.config file and find the following entry:

    <add key="Base64EncodePasswordFields" value="false" />

    Change the value to “true”. Make sure to update this for both password registration and password reset portal servers.

    • Marked as answer by Guy Horn Wednesday, April 24, 2013 1:05 PM
    Saturday, April 20, 2013 4:24 PM
  • You see this because the portal is protecting itself from cross site scripting attacks. If you have upgraded to build 4.1.3419.0 or later then you support this character. To support using this character in a new password, open the web.config file and find the following entry:

    <add key="Base64EncodePasswordFields" value="false" />

    Change the value to “true”. Make sure to update this for both password registration and password reset portal servers.

    Hello,

    Thank you for the right answer. I tested it and it works fine. It doens not say we will implement in in production. I find the warning about cross scripting not to be ignored.


    GH

    Wednesday, April 24, 2013 2:16 PM
  • If you do not enable the entry "Base64EncodePasswordFields" and leave the setting of it to "false", are there more characters prohibited or only the "less-than" (<) character?
    Tuesday, May 14, 2013 7:35 AM