I use access membership prvider and it works. but I am unable to recover passwork. It says that "" membership provider doesn't support to get and zero password." It gives me the error in turkish and I translated it. Something like that. I am using the below code;
[Code]....
how can I do that?
I have a problem....my password recovery control is not going into Question Template section ....It was working fine for a couple of days before but for some weird reason it stopped working.....Whenever i click the submit button it directly goes and calls the PasswordRecovery1_SendingMail function(it doesn't ask any password recovery question)
[code]....
I using change password control, how can i change the password without enter the current password?
View 8 RepliesI had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
I am using Membership provider.. I integrated the aspnet member tables into my database.
I need the user to enter password on a data entry form and validate it against the membership tables.
How can I do this. This is the set up. I have few fields and user enters those fields and also enters the password, and submits the form. It is kind of like signature... i am looking for something like..
If txtPassword.text = membershipprovider password
{
//do this...
}
I am using a custom membership provider with a custom ValidateUser method. The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer). I created a custom stored procedure for ValidateUser to call. I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below. My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword)
{
Byte[] originalBytes;
[code]...
I have this code for changing a user's password when they click the password reset button (with extra code to log to ELMAH so I can try to figure out what is going wrong).
This is in ASP.NET MVC 2, using the standard aspnet membership provider, with a simple View like this:
New Password: ______
Confirm Password: ______
[Reset] [Cancel]
The route to this view is `/Account/Reset/guid`, where guid is the user's id in the aspnet membership database.
The key portion of the code is where it calls `user.ChangePassword()`. You can see that it logs a message when successful. The problem is that for some users, the success message is logged, but they can not log in with the new password. For other users it logs the success message and they can log in.
if (user.ChangePassword(pwd, confirmPassword))
{
ErrorSignal.FromCurrentContext().Raise(
new Exception("ResetPassword - changed successfully!"));
return Json(new {
Msg = "You have reset your password successfully." },
JsonRequestBehavior.AllowGet);
}
The full code listing is:
[Code]....
Edit: Adding a bounty to try to get this solved. This is one of the most annoying problems on my issue list, and I have no idea how to proceed.
I have a web app developed using role & membership provider...
this is my web.config file
<authentication mode="Forms">
<forms loginUrl="Forms/LogIn.aspx" name=".ASPXFORMSAUTH" defaultUrl="Forms/main.aspx" timeout="30"></forms>
</authentication>[code]....
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
I have the authentication which will redirect the unregister user to Login.aspx. At the bottom of the page,there are a link button will redirect the user to forgotPassword.aspx With having the authentication, i discover it don't allow the unregister user to go forgotPassword.aspx but staying in the same page.
so some expert have shown me this code..
can provide me the code in web.config here?
some expert have provided me the code..but i find no where to locate this code in web.config, none of them tell me where to locate it..click this link.
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
how to use the password recovery control.
I am not able to write the code for it.
I have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.
This is my code:-
[Code]....
This code always returns the result of "Invalid User Credentials", so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something..
But this does not work..
You can see what i mean here:-
[URL]
If you select "What street did you grow up in?" from the dropdown and then put in "deeplish" in the security answer, the result should be "**EXISTS".
My application can send email using:
new SmtpClient(null).Send(message);
But users have not been receiving emails sent by the password recovery control. This had been working.
We have made a recent change with the mail server. I don't know the details.
I use ELMAH to log errors, and nothing is written to this log.
I was wondering if there something in the authentication tables that shows when a password has been reset in this manner.
Here is what I have done so far:
1) Here's the Password Recovery control:
<asp:PasswordRecovery runat="server" id="passwordrecovery" SuccessPageUrl="success.aspx" maildefinition-from=myaccount@comcast.net
<MailDefinition From="myaccount@comcast.net"
Subject="Your password"
[Code]....
3) After all this, when the test user enters the correct answer to the security question, nothing happens. I don't even receive the SuccessTemplate message--much less the test email with the password.
Is the problem that the correct answer to the security question is somehow not really being registered? Is the problem server-related? What I could I be doing wrong?
I am using password recovery control to recover the forget password and it throws me an error message at smtp.send(mm) step in aspx.cs fileHere is the error message i received "SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1. Authentication required"
Passwordrecovery.aspx code:
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server" Onsendingmail = "PasswordRecovery1_SendingMail">
<MailDefinition From = "sandip.vs@gmail.com" Subject = "Forgetton Password" Priority = "High"></MailDefinition>
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
<SuccessTextStyle Font-Bold="True" ForeColor="#5D7B9D" />
<TextBoxStyle Font-Size=Medium />
<UserNameTemplate>
<span style="text-align:center">
[code]...
It seems to work just fine but it resets the users password, emails it to them and then the user can not log in with the new password.
View 1 RepliesI don't want to reinvent the wheel with the password recovery control but I do want to customize the email message sent to the user. I have the following code but when I use this, I'm getting an error that states that the system is not configured to retrieve passwords.
I think this is due to the fact that out-of-the-box, the membership system is not configured retrieve password due to password encryption. Then how do I customize "ONLY" the email sent -- with the tem password -- without getting into complete customization of the password recovery control?
[Code]....
I doing sign up page now. Inside my sign up page, i also have forgot password table. Now the problem is, can i display my <successTemplate> out of <passwordrecovery>? Because i tried to display normal successful label failed.
View 1 RepliesI have a situation where I need to implement a Password Recovery page BUT without using the PasswordRecovery control.
Does anyone know of an example or has implemented this before?
I am using Password Recovery Control and cannot get this to work.
Here is the settings I have. I tried ports like 25, 587, 254,
[Code]....
I get errors like
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
OR sometimes...
An existing connection was forcibly closed by the remote host
I need to send an email(using SMTP) whenever the user forgets the password.....The code snippet i have is
protected
void PasswordRecovery1_SendingMail(object
sender, MailMessageEventArgs e)
{
MailMessage mm =
[Code]....
I need to call this function whenever the user clicks the Reset button...
A question has been raised concerning password recovery revealing valid user ids. Stage 1 of the password recovery asks for a userid and when progressing to stage 2 will display an error message 'Invalid user id'. In theory this would allow valid user id'sto be identified.Is there a setting we are missing? Something that would allow the user id and question to be asked, then a message saying the 'User/Question combination is invalid'.
View 2 RepliesHow do I set up an automatic password recovery feature? (This is an internet application using forms authentication.)
I am trying to set up the common senario where when a user who has forgotten his password, clicks a button to request I send him a new password. I then open his browser's default email client (that is no problem, that part I already have coded and it is working fine.) The user then clicks a button to send me his email. Now comes the problem. How do I detect that he has done that?
Am I approaching this problem correctly? Should I be requiring the user to send me an email in order to have his password reset? Or should I just have him fill in textboxes giving me his username & password? Wouldn't this allow a malicious user to abuse the system?
Doing password recovery, after a user enters their user name a verification page appears. The page seems to appear from out of nowhere as I did not create it.I would like to have controll over it and reformat it.PS: I have a number of small issues like this with Login. Is there a complete running sample somewhere that shows these things. C# code
View 1 Replies