3

I need to mask Password in View in MVC Project, where i have list of users.

Model:

 [Required]
        [StringLength(50)]
        [DataType(DataType.Password)]
        [DisplayName("Password")]
        public string Password { get; set; }

I have this code in View, where i see the Passwords at the moment.

 @Html.DisplayFor(modelItem => item.Password)

How to Mask password in View?

EDIT:

If i try with @Html.PasswordFor(modelItem => item.Password) i see this:

Image1

Mister XP
  • 63
  • 1
  • 1
  • 9

3 Answers3

8

If I understand correctly what you're trying to do, I recommend an entirely different approach. Really, there's no reason to display the correct number of dots corresponding to the number of characters in their password. Doing so is a security hole; it tells attackers that they only need to try passwords of a given length. In fact, you should not be storing passwords in plaintext to begin with, so you shouldn't know how many characters there are

All that said, I recommend using

@Html.Raw("\u2022\u2022\u2022\u2022\u2022")

The string "\u2022" refers to a unicode character for a black dot, so this will simply display 5 black dots on the line

BThompson
  • 350
  • 2
  • 14
  • yes you understand me well. this is corect and usable answer. thank you – Mister XP Apr 12 '17 at 19:47
  • Glad I could help. FYI, directly storing the value of a password is generally a Bad Idea. If an attacker gains access to your database, they can immediately access your site and cause mayhem by posing as any of your users. Furthermore, if your users use the same password for other sites (which they almost always do), their accounts on those other websites could be compromised as well. [Here's an overview](http://stackoverflow.com/questions/4181198/how-to-hash-a-password/10402129#10402129) of how to do password hashing – BThompson Apr 12 '17 at 19:56
  • And [here's](https://security.stackexchange.com/questions/36833/why-should-i-hash-passwords) a quick run through of why password hashing is so important – BThompson Apr 12 '17 at 20:00
  • Great answer, but it then begs the question of what's the point of displaying the password at all if it's always 5 black dots. That's more a question for the OP, though. About the only thing this buys you is that you will be able to potentially see if no password has been set (null), which may not even be a possibility in the first place (i.e. password may be required). If it's required then there's no point in displaying the "password" at all. If it isn't required, it would then probably be better to just display a boolean indicating whether a password is set or not. – Chris Pratt Apr 12 '17 at 20:09
  • I think is ok, because 1. Null password is not allowed, it`s requred in the registration, and not possible to be null, . 5 dots not change nothis is password is with diferent then 5 Latters or Numbers. and 3. I need this in administrator page for better look in list, and also is possible to delete table column and no problem again will not see the password. Thank you Again to all. – Mister XP Apr 13 '17 at 08:26
4
@Html.PasswordFor(modelItem => item.Password)

Try this

LiverpoolOwen
  • 806
  • 2
  • 10
  • 25
0

To create complete form which is suitable for data type attributes in model class you can use following statement: 

@Html.EditorForModel()

This method is generating code for each property of model class, which is equivalent to following:

@Html.LabelFor(model => model.Name)
@Html.TextBoxFor(model => model.Name)
matias4454
  • 11
  • 2