Can Configure The ResetPassword In C# MembershipProvider

Apr 2, 2010

I have an C# asp.net app using the default Sql MembershipProvider. My web.config has a few settings that control how I'm using this Provider:

enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"

The problem I'm running into is that when people reset their passwords, it seems the ResetPassword() method returns a password that is longer than I want and has characters that can be confusing (l,1,i,I,0,O). Furthermore, I'm sending my users an email with a plain-text message and an HTML message (I'm using MailMessage with AlternateViews). If the password has unsafe HTML characters in it, when the email clients render the HTML text the password might be different (e.g. the %, &, and < aren't exactly HTML safe).

I've looked over the "add" element that belongs in the web.config, but I don't see any extra configuration properties to only include certain characters in the ResetPassword() method and to limit the password length.

Can I configure the ResetPassword() method to limit the password length and limit the character set it is choosing from?

Right now I have a workaround: I call ResetPassword() to make sure the supplied answer is correct, and then I use a RandomPassword generator I downloaded off the internet to generate a password that I like (without ambiguous characters, HTML safe, and only 8 characters long) and then I call ChangePassword() to change the user's password after I've already reset it.

View 3 Replies


Similar Messages:

Security :: Send Mail After MembershipProvider.ResetPassword?

Jan 21, 2010

I have a web page, where the administrator can reset other users password.I am not using any membership controls here.I found that i can use Membership.Provider.ResetPassword() function.But i want to send the new password to the user through the mail, just like in password recovery control, reusing the mail configuration in the web.config file(which membership use with the password recovery control).Do i need to explicitly do the coding for sending the mail, using SMTP client, and mail message class?or is there any builtin functionality inside membership for this just like in password recovery?

View 8 Replies

Membership Provider ResetPassword Isn't Working?

Jul 7, 2010

I have encountered a very strange issue. Whenever I use the .NET membership provider to reset a password, it generates strange characters, which don't represent the password at all.An example of the password it generates is:

쥳⮚聙蟐֡ᑡ壈I#BAhy(ox32+y*

It does this on every password. Has anyone seen this before or know a fix?

View 1 Replies

C# - Trying To Unit Test The MembershipProvider?

Nov 21, 2010

I'm trying to unit test the MembershipProvider, however I cant figure out how or whether there is any need for unit testing of it...

My business layer:

public interface IAccountService
{
MembershipCreateStatus CreateUser(string userName, string password, string email);
}
public class AccountService : IAccountService
{
private readonly MembershipProvider provider;
public AccountService() : this(null) { }
public AccountService(MembershipProvider providera)
{
this.provider = providera ?? Membership.Provider;
}
public MembershipCreateStatus CreateUser(string userName, string password, string email)
{
if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", userName);
if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", password);
if (String.IsNullOrEmpty(email)) throw new ArgumentException("Value cannot be null or empty.", email);
MembershipCreateStatus status;
provider.CreateUser(userName, password, email, null, null, true, null, out status);
return status;
}
}

The only examples I've found so far requires a "MockMembershipProvider" with a local database setup... seems quite odd to me.

View 1 Replies

Custom MembershipProvider With Web Interface And DAL?

Jan 7, 2010

I'm working on an ASP.NET solution with 2 projects. One is the web interface and the other contains my business logic. I'm using LINQ to SQL for my data access in the second project.

Apart of my database, I have a table called Users which holds user information.

I've started to implement a MembershipProvider. I notice that MembershipUser is coupled with MembershipProvider. What is the most correct way of getting my BLL/DAL to talk about Users?
Should I minimally implement MembershipUser and whenever a user calls a method, it will call for eg. GetUserInfo() in my BLL/DAL, to get complete information about the user?

Or should I make the MembershipUser class methods call my custom "Users" class methods (like a wrapper) in the BLL/DAL (this custom users class is not related to linq)?

Or can I somehow extend the Linq to sql class "CFUsers" to extend MembershipUser.

View 1 Replies

Php - MembershipProvider.GetPassword Algorithm?

Dec 1, 2010

We are converting an ASP site (using DotNetNuke) to a new PHP site. The only thing we have right now is a full export of the existing database. One of the tables is called "aspnet_Membership" and contains the following fields:

Password (looks like base64)
PasswordFormat (always value 2)
PasswordSalt (looks like base64)
PasswordQuestion (always empty)
PasswordAnswer (always empty)

We would like to decode these passwords and hash them to fit our own framework. From what I understand from the .NET documentation these kind of passwords can be decrypted. Is there an algorithm available that can do this or is it more complicated than that? Will it be possible if we create an ASP script on the current server?

View 2 Replies

MVC :: Get Reference To Current MembershipProvider?

Aug 5, 2010

Within a controller action, how do I get a reference to the current MembershipProvider? That would be the one specified in web.config as the default provider. I newed up an AccountMembershipService object, but it does not expose the _provider within it.I am not entirely clear on what I want. I want to create a site user in code and then store the UserId as a foreign key in the vendor master of my application. To do that I am thinking I can add a method to my custom membership provider that creates a user and returns the ID of that new user. What I need is be able to get a reference to the custom membership provider in the controller action method.

View 1 Replies

Security :: Get The ConnectionStringName Of MembershipProvider?

Nov 12, 2010

i have a class library for membership provider and inherits from System.Web.Security.sqlMembershipProvider

i just want to change somthing in it this class library will work in difrent web form application

i need to get the connectionStringName in web.config where the membership set to work with it.

how can i get the connectionStringName?

View 3 Replies

C# - Password Validator For MembershipProvider?

Nov 23, 2010

I would like to validate a password field for creating / updating users in asp.net (.net 3.5). The password will be used for a MembershipProvider.What is the best way to implement this so that the validation will use the configuration settings of the membership provider? Of course I can just write the code, but this seems like something so fundamental that there must be a drop-in way to do it.[edit] clarified that this is a password field for new users or for changing passwords, so ValidateUser doesn't help.

View 3 Replies

How To Change An Email In The Db User The MembershipProvider

Oct 14, 2010

I need to give a user the ability to change the email of any other user listed in the aspnetdb. I can easily change their password, but I can't get the email to change. I thought that usr.email = [URL] would work, but it doesn't. It doesn't error, but it also doesn't change anything.

This is the basic code:

Dim usr As MembershipUser = Membership.GetUser(userName)
usr.Email = txtEmail.Text

View 1 Replies

C# - Implement Custom MembershipUser And MembershipProvider

Apr 4, 2011

I try to implement a Custom MembershipPriver with a Custom MemberShipUser in my own database (with a specifics Users Table Model) : This is ly diffent files:

iTwitterMembershipProvider.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Collections.Specialized;
using iTwitter.Models;
public class iTwitterMembershipProvider : MembershipProvider
{
public override string ApplicationName
{
get { return _ApplicationName; }
set { _ApplicationName = value; }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
return false;
}
public override iTwitterMembershipUser CreateUser(string login,
string password,
string email,
string tokenKey,
string tokenSecret,
string twitterUserId,
object providerUserKey,
out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(login,
password,
true);

[Code.....]

View 2 Replies

Access :: Add An Element To Membership For MembershipProvider?

Jan 19, 2011

i am using AccessMembershipProvider in my asp.net project.

I want to add "Address" element to membership.

I added a column "Address" to aspnet_Membership table in ASPNetDB.mdb.

But i can't do other settings.(web.config, configuration,AccessMembershipProvider.cs)

View 2 Replies

Security :: Membershipprovider And Requiresuniqueemail=false?

Jun 7, 2010

I'm working with the default asp.net membershipprovider. Now, by default, that requires that all members registere have all unique email-addresses.However, I'd like to override that because, in a code behind of a certain webpage, I do not need emails to be unique.

View 4 Replies

Security :: Unit Testing MembershipProvider?

Nov 21, 2010

I'm trying to unit test the MembershipProvider, however I cant figure out how or whether there is any need for unit testing of it...My business layer:

[Code]....

The only examples I've found so far requires a "MockMembershipProvider" with a local database setup... seems quite odd to me.

View 1 Replies

WCF / ASMX :: Writing A MembershipProvider That Authenticates Using A Provider?

Jul 6, 2010

I've been wondering how i go about writing a MembershipProvider that authenticates using a WCF Provider. At the moment i have a wcf service that will authenticate a username and password.

I can write my own Membership provider that will authenticate using WCF calls, thats no problem. What i want is to have the WCF as the actually provider.

Meaning in the web.config file i just put the WCF service as the MembershipProvider. Or is this not possible or not the way this is to be done.

View 1 Replies

.net - How To Control MembershipProvider Instance Creation / Lifetime

Nov 16, 2010

I have registered a custom MembershipProvider class in my Web.Config file. I'm using Inversion Of Control using Castle Windsor and I have registered my custom MembershipProvider class as transient (because it's using a service that's transient as well).

This means that I want the Membership provider instance recreated on every web request. Currently, it is created only once per application domain so when it tries to access the service it depends on, that service instance is reused while it is not supposed to.

Now I need to find a way of having Windsor control the lifetime of my custom MembershipProvider but I don't know how. I expected a factory sitting around somewhere in the .NET Framework, allowing me to override the instance creation and rerouting it to Windsor but I can't find anything alike.

By the way, I'm using .NET 4.0.

UPDATE: Here's some of my code so you can see what I'm doing exactly:

[Code]....

View 2 Replies

Configuration :: Using A WCF Dataservice As A Base For MembershipProvider And Web.config?

Sep 23, 2010

I was wondering if it is possible to use a WCF Dataservice as the MemberShipProvider for a forms auth application. I have written code for a provider (below), but I do not know what to do as far as a connection string, or any other web.config properties.

Here is the code for my provider, anytime it says Odbc that is because I based this off of the custom Odbc provider on the msdn site. The only ACTUAL references to any odbc connection are in the comments:

[Code]....

View 1 Replies

Security :: MembershipProvider / RoleProvider With Server Farm

Nov 16, 2010

I trying to understand how a server farm would use MembershipProvider / RoleProvider. If I have a million users, I do not want to have multiple copies of the MembershipProvider / RoleProvider database. I would like to have one set of machines used for login but then redirect users to other machines in the server farm depending applications the users decide to use. However, once they are redirected to the new machine, I do not want the user to have to relogin. I want the credentials and role information to be available.

Does anyone know how MembershipProvider / RoleProvider is configured for this type architecture?

View 4 Replies

Security :: Custom MembershipProvider / RoleProvider With Login

May 18, 2010

I have created a custom MembershipProvider and RoleProvider which communications with some existing business logic. The issue I have is that the user login in my business logic requires 3 arguments (group id, user id, and password) and the MembershipProvider and RoleProvider I implemented just use 1 or 2 arguments (username, password). Right now I append my group id and user id together and pass it as the username then parse it in the implemented methods. Is there a better way to do this?

Note, I can handle the login fine because I can call my own ValidateUser method. The main issue is when the implemented methods are called from other things like the RoleProvider.GetRolesForUser(username) method when I use the AuthorizeAttribute.

[Code]....

[Code]....

View 1 Replies

Security - How To Sanitize Input From C# MembershipProvider Controls

Jan 9, 2010

I'm using various ASP.NET controls out of the box such as the CreateUserWizard control, Login control etc... For custom controls, I have sanitized my inputs by making sure they conform to expected values. However, is this required for the controls such as the CreateUserWizard control, or is that handled internally? Do I need to provide any extra server side validation to these controls and, if so, would it be best to do it in the "CreateUserWizardControl_CreatingUser" event?

View 2 Replies

Membership - Can Create A Website With Users Without Using MembershipProvider

Feb 20, 2010

Is it possible to have an ASP.NET website which allows users to register and login, without using a MembershipProvider?

And instead just work directly towards custom database tables which stores user information?

View 3 Replies

Membershipprovider: Automatically Logging Out When Session Ends?

Sep 9, 2010

I have some problems with getting my website to log out the authenticated user automatically when the session ends (the user closes the browser).

This is what I have in my web.config:

[code]...

When I close the browser, the user is still logged in. How do I make the website forget the user through an option, so the user himself can decide if the website should remember or not?

View 1 Replies

Unable To Create MembershipUser For Custom MembershipProvider

Oct 28, 2010

I created a custom membership provider and am getting the following error trying to create a new "MembershipUser".

Could not load type 'MyTestApp.Membership.TestMembershipProvider' from assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.

I am running this from a Unit Test project, so I'm not sure if that's causing the issue, but I did include System.Web, System.Web.ApplicationServices as well as a reference to MyApp.Membership and MyApp.DataModels (Entity objects).

The error happens inside my "GetUser" function which is below, my configuration is also below.

[code]....

View 1 Replies

Save Some Info In The Session Within A Custom MembershipProvider?

Nov 5, 2010

I want to save some info in the Session when the users successfully logins with my custom MembershipProvider, but I have no access to the Session in the provider's ValidateUser method.

public class CustomMembershipProvider : MembershipProvider
{
/* Override other methods and properties here */
public override bool ValidateUser(string username, string password)
{
/* do something to validate the username and password
* and set the validUser variable */
if (validUser)
{
/* want to store some info in the Session here, but I can't access
* it here, because this is not a Page */
}
return validUser;
}
}

View 1 Replies

Security :: Are Cookies Required In Order To Use MembershipProvider And RoleProvider

Dec 25, 2010

Does Forms Authentication require that cookies be enabled to use MembershipProvider and RoleProvider? If so, can anyone tell me the minimum security level I need to tel clients to use.

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved