I created a Membership login system for my client, now they do NOT want the user to use one of his 5 last passwords when it comes time to create a new one.
Is that something that is build in or how could I accomplish that?
I've got a system that was partially written by someone else and is a complete maintenance nightmare for such a small app. I've finally been given changes which justifies just rewriting the horrible mess so I am moving it to Django.
Before I take the plunge, I've been trying to move over the password hash and salt into the Django auth tables [sha1]$[salt]$[hash] but can't get it to hash properly (resetting passwords isn't really an option).
Here is what I've been able to find out so far:
ASP.NET stores the hash as base64 string and uses a base64 salt (before hash) I can obviously reverse the base64 hash to a byte array Django uses a hexdigest, I tried BitConverter.ToString but they hash differently
I'm trying to do a bulk insert of data into the aspnet_Membership table. I have existing records from a previous version of the system I am re-building in asp.net. I've been researching and asking questions, but I am still missing something. What is the best way to do this? I believe I need to grab my previous table and iterate over each record and insert into the new membership table via the Membership.CreateUser method. So far I have been unable to make it work. My code so far in the on click event of a button is below.
using System.Web.Security;
using System.Data;
using System.Data.SqlClient; [code]....
Is there an utility or code sample that can decrypt with the old key, and then encrypt passwords with a new key for ASP.Net membership users?
View 2 RepliesI have been trying to change a users password, I have been using this code
[Code]....
I do not get an error during the try routine, but my problem comes that when the user goes it insert their new password (using login Control) it says that the password is wrong.. and they then can't login using either their new or old password.
All Password critria is met, web.config if set so passswordQuestion = false
I have been killing myself over this for a couple weeks now and cannot find a viable solution. Here's my scenario:
I have a DTSX package that imports user data from an external database. It then creates user accounts and profiles in the local database. Users can also be created via a custom ASP.NET Membership Provider. The provider must be able to authenticate both types of users.
This was all fine and dandy during development because passwords were stored as clear text. However, now that we're ready for release the passwords format of the provider must be set to encrypted and so the users created via the DTSX must be created with an encrypted password. (I'd prefer the passwords were hashed but the client's requirements are that passwords be recoverable). The real problem seems to be creating an encrypted password within the DTSX that will be decryptable by the ASP.NET Membership Provider.
My original solution was to have the DTSX call a CLR stored procedure that had access to the same encryption logic as the provider. I got it working but our client wouldn't enable CLR integration. So that's out the window. Now I'm investigating alternatives. One alternative is to simply use the built-in encryption methods of T-SQL. But how do I share the keys used for the encryption/decryption?
My question is, is it possible to generate a password in T-SQL, say using EncryptByKey, that will also be decryptable by my provider? This means that the key in SQL must match the key in my machineKey configuration.
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
View 3 RepliesHow can I view the user passwords store in asp membership table.
I retrieve all user data on gridview but password is encrypted how to dycrypt password.
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
View 1 RepliesMy issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?
View 1 RepliesI'm trying to code a user admin page, but the Membership API doesn't allow much in terms of direct updates to e.g. password question.
View 1 RepliesI have a database of users that we used to have on a different system. The users already have their username and passwords associated with.
Now we are switching the entire system to .Net , and we will be using the membership to authenticate the users and start creating the new users with the wizard.
My question is : how could we import the users from a different database (mysql) , to the membership database on MS SQL ?
And also the passwords on the mysql database are in clear text , when we import them to the membership database on ms sql , is it going to apply the hash on them ?
Does an asp.net website developed locally with VWD 2010 and SQL Express need an SQL server on the the remote webserver or does asp.net have sufficient functionality to handle the SQL connection & requests? In particular I am using the membership features of asp.net to log users in and out.
View 3 RepliesI had to upgrade a sites ecuroty from a custom system to .net membership. I created all the users like this.
ds = Wservices.SelectBulkUsers()
If Not ds Is Nothing AndAlso Not ds.Tables(0) Is Nothing AndAlso ds.Tables(0).Rows.Count > 0 Then
For Each dr In ds.Tables(0).Rows
username = dr("username")
password = dr("password")
role = dr("SecurityClearance")
email = dr("email")
Dim newUser As MembershipUser = Membership.CreateUser(username, password, email, "", "", True, status)
Select Case role
Case "1"
Roles.AddUserToRole(username, "normal user")
Case "2"
Roles.AddUserToRole(username, "administrator")
Case "3"
Roles.AddUserToRole(username, "super administrator")
End Select
If newUser Is Nothing Then
errorMsg = username & " - " & status.ToString & "<br />"
End If
Next
litResult.Text = errorMsg
End If
I thought everything was fine and then went through the labourious task of replacing all the usersids used a as a foreign key in all the tables. It was only after doing this and trying to log on I couldnt, and noticed the membership table was empty. I assumed (stupidly) as it had done the users/ roles it must have done the membership. As I have already re-assigned the old user ids I dont want to import again as the userid will chnage. So my question is: Can I create a membership for each of the users in my aspnet_users table? I have the passwords etc in varchar fields at min from old table.
how can I add default users in my web.config to test my asp: login control
View 1 RepliesI currently built a custom form using VS 2005 to accommodate administrators when deleting users from the membership "aspnetdb" database.
I set the method for the objectDataSource to use "DeleteUser(String username, Boolean delete All Related Data), returns Boolean".
When I run the application and click the delete link from my gridview I receive the following error message:
"Value cannot be null. Parameter name: username"
How do I get the value for username?
I have been diligently learning all about the asp.net membership framework and have a test site running it all. However, during my testing, it became apparent that deleting users would be useful. I can delete users from the "aspnet_users" & "aspnet_Membership" tables simply by right-clicking on the table in server explorer, selecting "show table data", highlight the rows and press delete!!
However, this is a pain and I would much rather do this properly from code behind.
I have found out that the membership schema supplies a large number of "stored procedures" including "Delete_Users" however, when I execute this one manually, I have no idea what the last two parameters are (number of tables and something else from memory - the first two "application name" and "username" are easy to copy in to the dialog.
show me a sample set of VB code that I can use behind a "Delete User" button on my webform including how I supply the parameters. I have set up a drop down list box from teh "aspnet_users" table which displays the "UserName" and has as the SelectedValue "UserId".
I used [URL] as a guide and have something configured to show me the users which are logged into the system. This uses the aspnet_Users.LastActivityDate column to see when someone last did something on the system. It also uses the userIsOnlineTimeWindow within the web.config to determine whether a user is online or not.
But because of this userIsOnlineTimeWindow limitation of .NET, even when someone logs out of the system or closes their browser window, the system still sees them as being online. Also, if they are on a page and don't do anything for 10 minutes, the system will show them offline until they refresh their page or go to another page. know of a better, more real-time way to tracking users which are logged in, logged out, etc?
I don't want to wait 10 minutes for the system to show that a user is offline and also if there's 10 minutes of inactivity, it shows them being offline.
I would like to collect all the emails from all users in a certain role. How would I do this ?
View 1 RepliesHad a recent issue with my CMS and discovered today that all of my users created in the last week were deleted. The good news is that I have a backup of the DB, and that it uses standard ASP.NET Membership tables.
Is there a way to do a restore of this data without restoring the whole DB? The membership tables are something of a maze... is there an existing stored proc or utility out there? I'm not sure which tables would be required and which ones would not.
I want to send out an email to all users where their birthday is today. i am using the built-in asp.net (3.5) membership. All users have a profile (stored in aspnet_Profile) which contains a date/time property called 'birthday'. I need to get a list of users email addresses from the 'aspnet_Membership' table where a users birthday is today, along with the users 'firstname' which is string property in the aspnet_Profile table. i would like a list returned preferrably using C# LINQ. i am not sure how to access the birthday property in the profile table, based on the way it is stored in the db table i.e name/value columns
View 3 RepliesIs it possible to have an ASP.NET website which allows users to register and login, without using a MembershipProvider?
And instead just work directly towards custom database tables which stores user information?
I want to migrate users and posts from an existing forum I am using to a ASP.NET membership table without using CreateUser. Basically I want to maintain userIDs so that when I migrate posts they continue to associate with the correct users. Is there a way to do this or would I be better off just using CreateUser and then finding a way to re-assign the post-by-UserIDs to the correct new IDs?
View 3 RepliesI am using the asp.net membership provider tables in sql server. I'm trying to figure out how to query a list of users that are NOT in any role.
View 4 Replies
