Security :: Bug In PasswordRecovery Control?
Apr 5, 2010
I have asked the following question multiple times but did not receive any proper reply.
I have a web page which is using PasswordRecovery control.
Its working fine but I have a scenario in which I have to disable Viewstate for the whole application.
Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).
View 1 Replies
Similar Messages:
Aug 11, 2010
For reasons to long to go in to I have to change the behaviour/appearance of the Success page on our password recovery page.
We've been tasked with making the Success template identical to the UserName template i.e. with a label and text box for UserName and identical messages on both pages.
Basically our client wants no difference between successful password retireval and failure - the same message will display regardless e.g. "An email has been sent to <username> with your password."
Which reminds me - in the success/failure message they'd like the entered UserName to appear but I can only get it to appear if it's a valid username - if it's nonsense the UserName is blank.
View 2 Replies
Nov 17, 2010
I am using passwordrecovery control.
After entering username and keying enter key(from keyboard) it was not firing submitbutton_click event. So i have added defaultbutton property in the panel control, and it is working fine. And my problem here is..
Clicking on submit button it is showing security question. After answering the security question, i have to click on the submit button either by mouse click or tab enter.
What i need to do is.. after answering the security question, I should be able to hit enter key instead of mouse clicking on submit button.
View 3 Replies
Mar 31, 2010
I have a web page which is using PasswordRecovery control.
But I have a scenario in which I have to disable Viewstate for the whole application.
Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).
View 2 Replies
Jan 26, 2010
Is it possible to use the PasswordRecovery control to recover a password using the email address instead of the user name?
Ideally I'd like to have the PasswordRecovery control allow users to enter their email address instead of their user name and then proceed to answer the security question.
View 3 Replies
Jul 12, 2010
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
View 2 Replies
Jun 5, 2010
Is it possible to create a passwordRecovery by the email address instead of the username? A lot of our members forgot their username.
View 1 Replies
Dec 24, 2010
I have a PasswordRecovery control set up on an ascx control as shown below. In some cases users have gotten two emails with different passwords sent at the same time. They're insistent that they haven't hit the button twice. I am using the CSSFriendly adapters, so I can take that off and see if it corrects the problem. Otherwise I suppose I could put this on the aspx page rather than a control.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
View 5 Replies
Dec 12, 2010
I am new to asp.net 4.0 and I am having a hard time changing the PasswordRecovery to email instead of username. here is my aspx page (the page won't hit the vb code unless i enter the username not the email)
[Code]....
View 9 Replies
May 3, 2010
I'm customizing the look and feel of the PasswordRecovery control. The problem is this. I've already set the "Search" button on my site as the default button. I've noticed that all the buttons used in customizing PasswordRecovery use "Button" as their IDs. So in my Page_Load() event, I tried this.Form.DefaultButton = pr1.FindControl("Button").UniqueID; where pr1 is the PasswordRecovery control. But I keep getting "Object reference not set to an instance of an object" error where I try to set Button as the default button.How do I make sure that the user can actually hit "Enter" to use PasswordRecovery as opposed to having to click the buttons?
View 4 Replies
Jan 31, 2011
I've build a PasswordRecovery, but it always returns this error code. What is wrong?
The aspx code:
[Code]....
I don't use any code behind, maybe i sould do? but what, it should work without any coding? The txt file:
Bij deze ontvangt u uw nieuwe wachtwoord:<br><br>
Gebruikersnaam: <% UserName %><br>
Wachtwoord: <% Password %><br><br>
Met vriendelijke groeten
View 1 Replies
Nov 20, 2010
[Code]....
how to make this work (I assume that no code behind is needed to make this work in its simplest form?).After user correctly answers the security question and presses submit, no email is sent. No message is displayed. Nothing. What is missing?
View 6 Replies
Jul 20, 2010
Is there any easy way of setting a failure text within the PasswordRecovery control?
I want to be able to notify users that there was a problem with sending an email. Is there a failure - counterpart to the SuccessTemplate i can use or is there any other template/control within the passwordRecovery control whose value can be set in a handler to the onsendmailerror event?
(Please don't send MSDN links to PasswordRecovery or onsendmailerror, i've read them)
View 4 Replies
Jan 24, 2011
I want to use PasswordRecovery control in modalpopup. After successfully completing first step of password recovery.I close the modal popup and now again when i open modal popup it shows with second step of the password recovery. But I want default first step when user close the modal popup.
View 1 Replies
Oct 28, 2010
I have a password recovery control on my login page. I want to have it send the user specified (and after question/answer filled out correctly) password in an email. I keep throwing an error though, saying that the SMTP needs authentication. I've used a lot of email capabilities in my application, but I set all the SmtpClient properties programmatically, so I never had to rely on system.net mailSettings section of the web.config file. But now I am relying on it, because I am not intercepting any events (unless that would be easiest) of the password recovery control. Here is my system.net excerpt from my web.config file:
[Code]....
What am I not doing here to specify SMTP authentication? Why am I throwing this error? I'm putting my credentials in there with username and password. Am I not configuring the PasswordRecovery control correctly?
View 4 Replies
Apr 12, 2010
Example scenario in an ASP.NET application using SQL Server membership provider :
1) a user can't remember their exact password, and tries many times in a short space of time to login with an invalid password (say 5 times in a 10 minute window). This locks out the user (i.e. sets the IsLockedOut flag of the aspnet_Membership table to 1).
2) user goes to the "forgot my password" screen to try to get a new password emailed to them. This screen uses the PasswordRecovery control. User enters their correct user id, but then cannot go further in the password recovery process, since the IsLockedOut flag is 1. (They don't even get to see their security question).
3) The user would then have to phone tech support to get themselves unlocked etc.
To reduce the burden on support staff, we are trying to reduce the times step 3 is required, by making the PasswordRecovery control (if possible), work with locked out users. i.e. when they enter their login ID, the security question comes up, and IF they enter the correct answer, the system will unlock the user, and email the new temporary password to them. I'm wondering if it is possible to tweak the PasswordRecovery control to do this.
View 1 Replies
Aug 15, 2012
I am using password recovery control in forgotpassword.aspx page. By default the password recovery control validates the Login id and the security question of a particular user. But i want to give an alternate option. That is, If the user forgets the security answer he can give his PAN Number as identificaiton. Its should be an option like either he can provide security answer or his PAN number. Can we acheive this functionality. Because from my knowledge it looks like Security Answer is mandatory. But i want to provide alternate option that user should give his security answer, if he forgets he can use PAN number for his identificaition. UpmMembershipProvider has default property (requiresQuestionAndAnswer) which is set as true.
View 1 Replies
Jul 12, 2012
My PasswordRecovery Control is not working. It is giving me SMTP problem. I set my proper gmail address with port number, valid user name and password. But not working? Do I require to set more settings?
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. pg3sm5232120pbc.2
Web.config :
<system.net> <mailSettings> <smtp from="myemailid@Gmail.com"> <network host="smtp.gmail.com" password="mypassword" port="587" userName="myemailid@Gmail.com" /> </smtp> </mailSettings> </system.net>
View 1 Replies
Apr 30, 2010
I use master/content page and use this code (below) for validation, if I place the PasswordRecovery outside LoginView the validation is marked up correctly, but placed back inside the LoginView the PasswordRecovery compilation error is CS0103: The name 'PasswordRecovery1' does not exist in the current context.
[code]....
View 1 Replies
Jan 17, 2011
Firstly, I'm a newbie to ASP.net, but have around ten years of ('classic') ASP and VB6 experience.I have spent the last 12 hours or so googling for a solution to this problem, so it's nothing obvious (to myself or anyone else I can find talking about it, at least). Things I have ruled out so far include:1) Lack of SMTP server (fixed)2) Firewall issues3) Web.config <mailsettings> directivesI am developing my app locally (VS-2010, Windows 7 Premium ). When I kick off my application containing a form with the PasswordRecovery control in it, and run the password recovery control, I get the error:
[Code]....
This I figured is because I am running Windows 7, which doesn't have IIS7.5 (and thus an SMTP server) running by default. So I enabled IIS 7.5 in component settings, and lo and behold there it was. However there was no SMTP server included (those kind folk at Microsoft like to randomly remove things in system upgrades).So I dug around and installed a free smtp mailserver "hMailServer", and set it up with a the relay mail server address I use with my O2 email, with default credentials.I ran the test and it confirmed that I was indeed reaching the server OK. It also said I could therefore reference Localhost as my smtp server.I also realised I was missing the web.config <mailsettings> directives, so included (under <system.net> <mailsettings>):
<smtp deliveryMethod="Network" from ="zenid@here.com">
<network host="localhost" defaultCredentials="true" port="20" />
</smtp>
[code]...
View 11 Replies
Aug 11, 2010
I'm getting an unhandled exception when using a PasswordRecovery control to reset a password and I can't find where the error is coming from or what it means. The PasswordRecovery control is hooked in to a custom MembershipProvider, which uses a custom MembershipUser class. Code: The replacements dictionary must contain only strings. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ArgumentException: The replacements dictionary must contain only strings.
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
[ArgumentException: The replacements dictionary must contain only strings.]
System.Web.UI.WebControls.MailDefinition.CreateMailMessage(String recipients, IDictionary replacements, String body, Control owner) +1366
System.Web.UI.WebControls.MailDefinition.CreateMailMessage(String recipients, IDictionary replacements, Control owner) +290
System.Web.UI.WebControls.LoginUtil.CreateMailMessage(String email, String userName, String password, MailDefinition mailDefinition, String defaultBody, Control owner) +180
System.Web.UI.WebControls.LoginUtil.SendPasswordMail(String email, String userName, String password, MailDefinition mailDefinition, String defaultSubject, String defaultBody, OnSendingMailDelegate onSendingMailDelegate, OnSendMailErrorDelegate onSendMailErrorDelegate, Control owner) +367
System.Web.UI.WebControls.PasswordRecovery.AttemptSendPasswordUserNameView() +537
System.Web.UI.WebControls.PasswordRecovery.AttemptSendPassword() +55
System.Web.UI.WebControls.PasswordRecovery.OnBubbleEvent(Object source, EventArgs e) +103
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
View 30 Replies
Mar 8, 2010
I am using the ASP.NET membership provider controls (ChangePassword and PasswordRecovery) and they generally work just fine. Unfortunately they don't send any emails once the process is finished. I set up the SMTP server using the ASP.NET Configuration Website and it added the following lines to the web.config:
<system.net>
<mailSettings>
<smtp from="maildaemon@pagetailors.de">
<network host="pagetailors.de" password="XXXX" userName="XXXX" />
</smtp>
</mailSettings>
</system.net>
I also tried using the IP adress of the server instead of the domain. In addition to that I set the maildefinition properties on the used web controls:
<MailDefinition From="maildaemon@pagetailors.de"
Subject="Your new password">
</MailDefinition>
Once I finish changing or resetting the password, the controls shows the success message. It does not show any errors but the mails are not sent. I also checked the SMTP log files on the server (it's a MailEnable server) but couldn't even find an attempt to send these messages. I am using a custom email helper class which manually sends an email using the following settings:
public static void SendEmail(string from, string to, string subject, string body)
{
SmtpClient mailClient = new SmtpClient(ConfigReader.GetStringValue("MailServer"));
mailClient.Credentials = new NetworkCredential(ConfigReader.GetStringValue("MailUsername"),
ConfigReader.GetStringValue("MailPassword"));
MailMessage mailMessage = new MailMessage(from, to, subject, body);
mailClient.Send(mailMessage);
}
The values for mailserver, username and password read from the config file are the same as defined in the ASP.NET configuration tool. These mails are delivered successfully.
View 2 Replies
Jan 18, 2010
I'm working on a project in VS 2010 that was created in VS 2005 & 2008. I am using the standard PasswordRecovery control. When a goes through the password recovery process, everything appears to be normal. They enter their user name, have to answer the security question, then the "Your password has been sent to you" message is displayed. But, the email is never received. I have tried user names with several different email addresses, but no messages are received. What is a good way to debug this? Here are my settings:
In web.config:
<appSettings>
<!-- The following line is set up for Gmail (otherwise, value="localhost") -->
<add key="MailServer" value="[URL]"/>...
Membership Provider:
<providers><add name="CustomizedMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteConnection" applicationName="/" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/></providers>...
Also, all of the other emails generated from my site are being sent and received successfully.
View 6 Replies
Sep 10, 2010
I am using a PasswordRecovery Control and have changed one of the validators to a custom Validator, however, OnServerValidate neer seems to get called.
Can someone tell me how to get the OnServerValidate to work correctly?
View 4 Replies
Feb 9, 2010
I am customizing the asp:PasswordRecovery control by adding an own UserNameTemplate. This all works fine, but as soon as I am adding any "Angle Bracket Percent" (<%=) into the UserNameTemplate, the entire PasswordRecovery control falls back to the default design and doesn't use my own UserNameTemplate anymore.
For instance, if I customize a asp:PasswordRecovery control as follows, it works fine ...
[Code]....
... but when I add <%= "Hello world" %> it uses the default layout:
[Code]....
Is this a bug or do I need to change anything? Using Angle Bracket Percent in asp:Login (within LayoutTemplate) works fine, but not in asp:PasswordRecovery. The reason why I need/want to use Angle Bracket Percent is because I want to get localized text out of an XML file (e.g. "<%= GetText("ForgotPassword.Introduction") %>"). However, this shouldn't be the problem as asp:PasswordRecovery even breaks if I use the "<%= "Hello world" %> phrase in the example stated above.
View 3 Replies
