We've been asked to disable Autocomplete for the sign in page on our MS Dynamics CRM application. We have a sign-in page because we're using IFD.
This turns out to require an unsupported customization of ADFS, as we're using ADFS 2.1, which really doesn't support any customization at all.
Unsupported here, simply means that a patch might overwrite our changes or the page might change completely, no big deal in this case, as it's unlikely that many changes will be rolled out for ADFS 2.1, but it pays to be careful when doing unsupported customization.
Most of our users use IE 9, which means that autocomplete=off will work, however, some of our users don't, which means that we have to have a new solution.
We're are modifying the FormsSignIn.aspx page. This page can normally be found in c:\inetpub\wwwroot\ls\, but it really does depend on how ADFS is installed.
function EnablePasswordField(){
document.getElementById('<%=PasswordTextBox.ClientID%>').readOnly=false;
document.getElementById('<%=PasswordTextBox.ClientID%>').select();
}
function DisablePasswordField(){
document.getElementById('<%=PasswordTextBox.ClientID%>').readOnly=true;
}
and then the markup:
<asp:TextBox runat="server" ID="PasswordTextBox" TextMode="Password" onfocus="EnablePasswordField()" onblur="DisablePasswordField()" ReadOnly="true" autocomplete="off"></asp:TextBox>
The key here is to make the password textbox readonly and use the JavaScript functions to make the control writable on focus and readonly when it loses focus, this seems to be enough to thwart autocomplete, for now at least.
This is the complete page:
<%@ Page Language="C#" MasterPageFile="~/MasterPages/MasterPage.master" AutoEventWireup="true" ValidateRequest="false" CodeFile="FormsSignIn.aspx.cs" Inherits="FormsSignIn" Title="<%$ Resources:CommonResources, FormsSignInPageTitle%>" EnableViewState="false" runat="server" %> <%@ OutputCache Location="None" %> <asp:Content ID="FormsSignInContent" ContentPlaceHolderID="ContentPlaceHolder1" runat="server"> <script> function EnablePasswordField(){ document.getElementById('<%=PasswordTextBox.ClientID%>').readOnly=false; } function DisablePasswordField(){ document.getElementById('<%=PasswordTextBox.ClientID%>').readOnly=true; } </script> <div class="GroupXLargeMargin"> <asp:Label Text="<%$ Resources:CommonResources, FormsSignInHeader%>" runat="server" /></div> <table class="UsernamePasswordTable"> <tr> <td> <span class="Label"> <asp:Label Text="<%$ Resources:CommonResources, UsernameLabel%>" runat="server" /></span> </td> <td> <asp:TextBox runat="server" ID="UsernameTextBox" autocomplete="off"></asp:TextBox> </td> <td class="TextColorSecondary TextSizeSmall"> <asp:Label Text="<%$ Resources:CommonResources, UsernameExample%>" runat="server" /> </td> </tr> <tr> <td> <span class="Label"> <asp:Label Text="<%$ Resources:CommonResources, PasswordLabel%>" runat="server" /></span> </td> <td> <asp:TextBox runat="server" ID="PasswordTextBox" TextMode="Password" onfocus="EnablePasswordField()" onblur="DisablePasswordField()" ReadOnly="true" autocomplete="off"></asp:TextBox> </td> <td> </td> </tr> <tr> <td></td> <td colspan="2" class="TextSizeSmall TextColorError"> <asp:Label ID="ErrorTextLabel" runat="server" Text="" Visible="False"></asp:Label> </td> </tr> <tr> <td colspan="2"> <div class="RightAlign GroupXLargeMargin"> <asp:Button ID="SubmitButton" runat="server" Text="<%$ Resources:CommonResources, FormsSignInButtonText%>" OnClick="SubmitButton_Click" CssClass="Resizable" /> </div> </td> <td> </td> </tr> </table> </asp:Content>
No comments:
Post a Comment