Security :: Password Retrieval / Configure It To Work With The Log In Name And Email Address?
May 5, 2010
By default the Password Recovery control requires the username to send the user the login details. Is there any way I can configure it to work with either the log in name and email address or failing that just email address?
Is it possible to use the PasswordRecovery control to recover a password using the email address instead of the user name?
Ideally I'd like to have the PasswordRecovery control allow users to enter their email address instead of their user name and then proceed to answer the security question.
I had a web application. We needed to move it to anotherserver, after we moved that, the membership database (aspnetdb) did not work.....finally i solved the problem, and now I have another problem. although in the web.config enablepasswordretrieval is set to true, and the type is clear, i get error in password retrieval.
i have an aspx page which on page load needs to populate a text box with the current users email address (user is in Active Directory), any body know how to retrieve the email address from Active Directory, i have read this article on the web but am a bit confused
string userName = Environment.UserName; string domainName = Environment.UserDomainName; //Set the correct format for the AD query and filter string ldapQueryFormat = @"LDAP://{0}.com/DC={0},DC=com"; string queryFilterFormat = @"(&(samAccountName={0})(objectCategory=person)(objectClass=user))"; SearchResult result = null; using(DirectoryEntry root = newDirectoryEntry(rootQuery)) { using(DirectorySearcher searcher = new DirectorySearcher(root)) { searcher.Filter = searchFilter; SearchResultCollection results = searcher.FindAll(); result = (results.Count != 0) ? results[0] : null; } } string primaryEmail = result.Properties["mail"][0] as string;
There is no defintion of rootQuery- so not sure what that is, or a definition for searchFilter
In my application i have login Page in that i have login Control of asp.net, when user clicks on submit button i am authenticating the user and and redirecting to default url.
now what i want is using address bar i want to authenticate the same process with out opening the login page and give user name and password in the login control. Directly i want to inject the username and password in the address bar and need the same functionality what the submit button does.
i have articles on net using post methods but i am not able to do this.
In my update Membership account routine, I have the sub:
[Code]....
This sub runs successfully and everything is updated, including the membership question and answer, except the membership.getuser.email address which is not updated.
I have a create user wizard on my page. Requires Security question hasbeen set to false. Once a new user is registered they can log in fine. If they forget their password, i have written code so that the user can enter the email address they used to register and a replacement is sent. The problem is I have written an application that is accessed by different people. So if the user that registered the account leaves the company
How do I give user's the ability to sign in using either their username or email address? How do I implement profile URLS so that domain.com/username Server.Transfers to ViewProfile.aspx?userID=342 How do I implement a multi-domain auth system for a single web app so that users can create the same username at different domains?
When the member comes back to the site after verifingt the new email address, I need to check if he/she is logged on ( ie cookie is active) to the site for redirection. And If he/she is not logged on maybe log them on then redirect
I'm currently trying to figure out enabling my users, once logged in, to change their email address that they have registered. As far as I can see it's only held in the aspnet_Membership table.
The code I have so far is as follows, but it doesn't seem to be doing anything. No errors either so I can't go down that route yet!
I am unsure how to go about my task. I need to get the email property from asp.net's profile class.
I am loading a formview based on username stored in an sql table. I want to get the email address from the users profile based on the matching username fields
In pseudo code:
Get profile.emailaddress where username.text = profile.username
I don't want to reinvent the wheel with the password recovery control but I do want to customize the email message sent to the user. I have the following code but when I use this, I'm getting an error that states that the system is not configured to retrieve passwords.
I think this is due to the fact that out-of-the-box, the membership system is not configured retrieve password due to password encryption. Then how do I customize "ONLY" the email sent -- with the tem password -- without getting into complete customization of the password recovery control?
i am using the concept of sending email through asp.net on click of button.but i hv to give the email id along with the password to send the email.Is there any way of sending the email without giving the user password of email in the web config as the client may refuse to give its password to developer because of security reasons.many sites like asp.net send email to user without asking their user password how it is possible
I am using Password Recovery Control and cannot get this to work.
Here is the settings I have. I tried ports like 25, 587, 254,
[Code]....
I get errors like
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
OR sometimes...
An existing connection was forcibly closed by the remote host
I have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.
This is my code:-
[Code]....
This code always returns the result of "Invalid User Credentials", so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something..
But this does not work..
You can see what i mean here:-
[URL]
If you select "What street did you grow up in?" from the dropdown and then put in "deeplish" in the security answer, the result should be "**EXISTS".
I have an ASP.Net 4.0 application that is using Forms Authentication and ActiveDirectoryMembershipProvider. It authenticates against Active Directory running on Windows Server 2008 R2.I use ChangePassword control for changing passwords.When the user changes the password he can log on for some time with the old password. My client feels this is a security problem with the application. Is there any way to make sure the old password does not work after the user changes it?Also, if I do iisreset on the web server, the old password stops working. The password must be cached somewhere in the web app.
I cannot send email to the the users when they forget their password ( I am using .NET's Forgot password wizard), and I am using the below code in the web.config file. My hosting provider is Go Daddy and it is a shared hoting.
[code]...
I can email the password in my local machine by using the forgot password wizard, but after I have uploaded all the files in Go Daddy, it does not work. That means, I am wrong somewhere at above mentioned code.