How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords.
View 2 RepliesI am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
View 1 RepliesI'm attempting to create a pure t-sql representation of the default SHA-1 password hashing in the ASP.Net Membership system. Ideally, what I would get would be this:
UserName Password GeneratedPassword
cbehrens 34098kw4D+FKJ== 34098kw4D+FKJ==
Note: that's bogus base-64 text there. I've got base64_encode and decode functions that round-trip correctly. Here's my attempt, which doesn't work: SELECT UserName, Password, dbo.base64_encode(HASHBYTES('SHA1', dbo.base64_decode(PasswordSalt) + 'test')) As TestPassword FROM aspnet_Users U JOIN aspnet_membership M ON U.UserID = M.UserID
I've tried a number of variations on the theme, to no avail. I need to do this in pure T-Sql; involving a console app or something like that will double the work. So if anyone can supply what precisely the syntax should be to duplicate that password from the ASP.Net membership stuff
i am generate random password and show it in a textbox. when i am set textbox property textmode to password then it doesn't show in textbox but when i set it singleline then password shows in textbox. I am using following code --
textbox1.attributes.add("value",passwordvalue);
for show i am using --
textbox1.text = textbox1.attributes["value"].tostring();
Same happing with when i edit record. password doesn't show in textbox.
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
I using change password control, how can i change the password without enter the current password?
View 8 RepliesI had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
My ChangePassword method returns a boolean value indicating whether the change of password has been successful or not. When the user enters a new password, I want to check if the password length is at least 8 and there is at least one non-alphanumeric character(both these parameters specified in the web.config file). If I want to check in my code if the password entered is at least 8 characters, I would write some code like this:
if(newpassword.Length !=8)
{
//do something
}
Like the Length property, is there some property that can check if the password contains at least one non-alphanumeric character?
Am using ASP.NET membership authentication in a small website and i just noticed some thing funny during testing. Am trying to enable user to change their login password any time they wish, i dragged a change password control to the form, i changed the password for my test account, but now all passwords are still working.
I can login with the old password as well as the new password with this particular test account. If i try with any other random characters as the new password, i cant successfully login (which OK). But if type the old password, am able to login, if i type the new password, am still able to login, am finding this very strange.
I can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
View 4 RepliesUsing Stored Procedure (SQL) Am looking to generate a 10 digit alphanumeric number. How do i proceed.
Example:
132AXD1LKM
AD157LKJ1A
how can we attached secure PDF to mail in asp.net ...(Means when we attache any pdf to mail after getting mail at d opening of pdf it should ask password..)
View 1 RepliesHow generate OTP and send That OTP as mail in c#
View 1 RepliesI am using membership control in my webapplication.On reseting password, i want control should generate password such that i can define the length of the password.
View 5 Repliesi am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
[code]....
How do I change the required password format in membership?
View 2 RepliesDo I need to make a Custom Membership Provider or is there another way?
I have a project using ASP.NET Forms Authentication and the Microsoft SQL Membership Provider. The website is DONE. I use this provider everywhere. (Register, Login, Forgot Password, etc...) Until now, my website users have not needed complex passwords. The users' passwords were really just pins. The user could select anything for a password in the past. I had almost no restrictions for this website because none of the data is private or personal. However I have received new requirements.
Here are the new password requirements:
Passwords must be at least 8 characters in length. Passwords must be created using 3 of the following 4 character types:
Uppercase
Lowercase
Numeric
Punctuation
Do not use your name or User ID in the password. Do not use old passwords again later. Passwords must be changed at least every 60 days. Passwords may not contain your User ID or any part of your full name. Password history retention will prohibit use of the last 24 passwords. Passwords may be changed by users only once in any 6-day period.
I realize I am going to have to modify all of the following pages: Register, Login, Forgot Password, etc... fortunately I stopped using the default controls a long time ago.
My first thought was that I need to write a Custom Membership Provider. I don't know how to make the standard provider to do most of this. I could write code to do.
Do I modify the aspnet_membership table? Should I add my own table aspnet_something? Can the user profile table be used for this problem? Do I need my own MembershipUser class?
Evaluting the method signature, it is required to know old password while changing it.
membershipUser.ChangePassword(userWrapper.OldPassword, userWrapper.Password)
Is there any way to change password without knowing old one.
Is there possibility to create new user with Membership.CreateUser but not to specify the user's password?
I tried with minRequiredPasswordLength="0" minRequiredNonalphanumericCharacters="0", but it didn't work.
I also tried with "" and DBNull.Value for password in the function but it didn't work.
Is there a way to do this?
How can I set up membership provider to only accept passwords that adhere to the following rules:
Minimum 6 characters
Contains at least one letter and number
Should be case sensitive
I have developed a Silverlight app using forms authentication and the asp net membership, aspnetdb, the whole enchilada.The bug I see is that the password for my users change by them self every bow and then, the way I fix them is by deleting the user and creating them again, this has been I problem all the time.In a post I read the problem was manifesting because I didn't have a machineKey in my web.config, I now do, so I dunno what the problem is this time...Is there a definitive fix to this? can you please provide assistance?
View 11 RepliesI am using the below post to encrypt and decrypt the password.
ENCRYPT POST
Now my code is working for Encryption. But now what I want is,
When I am using Forgot passwprd functionality, I want to send the decrypted password to the respective user in the Email.
In my database table the password is saved in the Encrypted format.
I have the code decrypt code from the above mentioned post, the question is where to place in the below code so that it will decrypt it properly
Here is my code:-
protected void btnSubmit_Click(object sender, EventArgs e) {
DataSet ds = new DataSet();
using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultCSRConnection"].ConnectionString)) {
conn.Open();
[Code] ....
My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case)Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)?
View 2 RepliesURL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
View 1 Replies