Security :: Password Recovery Does Not Work Correctly
Feb 11, 2011It seems to work just fine but it resets the users password, emails it to them and then the user can not log in with the new password.
View 1 RepliesIt seems to work just fine but it resets the users password, emails it to them and then the user can not log in with the new password.
View 1 RepliesI have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.
This is my code:-
[Code]....
This code always returns the result of "Invalid User Credentials", so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something..
But this does not work..
You can see what i mean here:-
[URL]
If you select "What street did you grow up in?" from the dropdown and then put in "deeplish" in the security answer, the result should be "**EXISTS".
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
how to use the password recovery control.
I am not able to write the code for it.
My application can send email using:
new SmtpClient(null).Send(message);
But users have not been receiving emails sent by the password recovery control. This had been working.
We have made a recent change with the mail server. I don't know the details.
I use ELMAH to log errors, and nothing is written to this log.
I was wondering if there something in the authentication tables that shows when a password has been reset in this manner.
Here is what I have done so far:
1) Here's the Password Recovery control:
<asp:PasswordRecovery runat="server" id="passwordrecovery" SuccessPageUrl="success.aspx" maildefinition-from=myaccount@comcast.net
<MailDefinition From="myaccount@comcast.net"
Subject="Your password"
[Code]....
3) After all this, when the test user enters the correct answer to the security question, nothing happens. I don't even receive the SuccessTemplate message--much less the test email with the password.
Is the problem that the correct answer to the security question is somehow not really being registered? Is the problem server-related? What I could I be doing wrong?
I am using password recovery control to recover the forget password and it throws me an error message at smtp.send(mm) step in aspx.cs fileHere is the error message i received "SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1. Authentication required"
Passwordrecovery.aspx code:
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server" Onsendingmail = "PasswordRecovery1_SendingMail">
<MailDefinition From = "sandip.vs@gmail.com" Subject = "Forgetton Password" Priority = "High"></MailDefinition>
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
<SuccessTextStyle Font-Bold="True" ForeColor="#5D7B9D" />
<TextBoxStyle Font-Size=Medium />
<UserNameTemplate>
<span style="text-align:center">
[code]...
I don't want to reinvent the wheel with the password recovery control but I do want to customize the email message sent to the user. I have the following code but when I use this, I'm getting an error that states that the system is not configured to retrieve passwords.
I think this is due to the fact that out-of-the-box, the membership system is not configured retrieve password due to password encryption. Then how do I customize "ONLY" the email sent -- with the tem password -- without getting into complete customization of the password recovery control?
[Code]....
I doing sign up page now. Inside my sign up page, i also have forgot password table. Now the problem is, can i display my <successTemplate> out of <passwordrecovery>? Because i tried to display normal successful label failed.
View 1 RepliesI have a situation where I need to implement a Password Recovery page BUT without using the PasswordRecovery control.
Does anyone know of an example or has implemented this before?
I am using Password Recovery Control and cannot get this to work.
Here is the settings I have. I tried ports like 25, 587, 254,
[Code]....
I get errors like
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
OR sometimes...
An existing connection was forcibly closed by the remote host
I need to send an email(using SMTP) whenever the user forgets the password.....The code snippet i have is
protected
void PasswordRecovery1_SendingMail(object
sender, MailMessageEventArgs e)
{
MailMessage mm =
[Code]....
I need to call this function whenever the user clicks the Reset button...
A question has been raised concerning password recovery revealing valid user ids. Stage 1 of the password recovery asks for a userid and when progressing to stage 2 will display an error message 'Invalid user id'. In theory this would allow valid user id'sto be identified.Is there a setting we are missing? Something that would allow the user id and question to be asked, then a message saying the 'User/Question combination is invalid'.
View 2 RepliesHow do I set up an automatic password recovery feature? (This is an internet application using forms authentication.)
I am trying to set up the common senario where when a user who has forgotten his password, clicks a button to request I send him a new password. I then open his browser's default email client (that is no problem, that part I already have coded and it is working fine.) The user then clicks a button to send me his email. Now comes the problem. How do I detect that he has done that?
Am I approaching this problem correctly? Should I be requiring the user to send me an email in order to have his password reset? Or should I just have him fill in textboxes giving me his username & password? Wouldn't this allow a malicious user to abuse the system?
Doing password recovery, after a user enters their user name a verification page appears. The page seems to appear from out of nowhere as I did not create it.I would like to have controll over it and reformat it.PS: I have a number of small issues like this with Login. Is there a complete running sample somewhere that shows these things. C# code
View 1 RepliesI have a problem....my password recovery control is not going into Question Template section ....It was working fine for a couple of days before but for some weird reason it stopped working.....Whenever i click the submit button it directly goes and calls the PasswordRecovery1_SendingMail function(it doesn't ask any password recovery question)
[code]....
I'm using vs2008, asp.net3.5, c#. In the Password Recovery control, there is only user name at the UsernameTemplate. How can I , or can I, add an additional field for user to also enter their SSN? How do I verify this myself if Password Recovery cannot do the verification for me. I mean, where, like when the submit button is click? And then how do I cancel the submit for PR if tax id is not valid?
View 3 RepliesI want to send the Customized email body text to user with new Password like the below
View 6 RepliesI use password recovery control for testing purposes. Passwords are stored in the database as hashed format.
Control can successfully send email to user but password always wrong. whats wrong here?
[Code]....
i am using password recovery control. but i have one difficulty that when user click on the "Forgot Password" link he will redirect to enter "UserName" view of password recovery template. and when user enter "User Name" and click submit button he will redirect to the "Question" view of the Password recovery control and then user click on the "Cancel" button. but when user again click on the "Forgot Password" link the "Question" view is displayed instead of the "UserName" view. i m not able to reset Password control to "UserName" view.
View 4 RepliesI use access membership prvider and it works. but I am unable to recover passwork. It says that "" membership provider doesn't support to get and zero password." It gives me the error in turkish and I translated it. Something like that. I am using the below code;
[Code]....
how can I do that?
once user answers security question and clicks submit that you can then re direct them to a new page and display their password on screen? rather than send an email?
View 1 RepliesI want get code for how to stop sending mail when email format is wrong in password recovery control and getting error message and also how to getting error message, means how to stop that.
View 5 RepliesThere seems to be something wrong with the create user wizard?I am using hashed password storage. When I change it to clear storage I see the user's password is being stored as something completly different than what they typed in.Example: changeme1 now equates to something like: 4W*KQQ4%=SIf I use 4W*KQQ4%=S as the password to login with it works but changeme1 does not.When I use the reset password wizard it updates the password just fine and it works when I login next.Any clues what could be causing this?
View 1 RepliesI have the authentication which will redirect the unregister user to Login.aspx. At the bottom of the page,there are a link button will redirect the user to forgotPassword.aspx With having the authentication, i discover it don't allow the unregister user to go forgotPassword.aspx but staying in the same page.
so some expert have shown me this code..
can provide me the code in web.config here?
some expert have provided me the code..but i find no where to locate this code in web.config, none of them tell me where to locate it..click this link.