Security :: Send Mail After MembershipProvider.ResetPassword?
Jan 21, 2010
I have a web page, where the administrator can reset other users password.I am not using any membership controls here.I found that i can use Membership.Provider.ResetPassword() function.But i want to send the new password to the user through the mail, just like in password recovery control, reusing the mail configuration in the web.config file(which membership use with the password recovery control).Do i need to explicitly do the coding for sending the mail, using SMTP client, and mail message class?or is there any builtin functionality inside membership for this just like in password recovery?
The problem I'm running into is that when people reset their passwords, it seems the ResetPassword() method returns a password that is longer than I want and has characters that can be confusing (l,1,i,I,0,O). Furthermore, I'm sending my users an email with a plain-text message and an HTML message (I'm using MailMessage with AlternateViews). If the password has unsafe HTML characters in it, when the email clients render the HTML text the password might be different (e.g. the %, &, and < aren't exactly HTML safe).
I've looked over the "add" element that belongs in the web.config, but I don't see any extra configuration properties to only include certain characters in the ResetPassword() method and to limit the password length.
Can I configure the ResetPassword() method to limit the password length and limit the character set it is choosing from?
Right now I have a workaround: I call ResetPassword() to make sure the supplied answer is correct, and then I use a RandomPassword generator I downloaded off the internet to generate a password that I like (without ambiguous characters, HTML safe, and only 8 characters long) and then I call ChangePassword() to change the user's password after I've already reset it.
I have a "Contact Us" page where in users will give in their email id and a query and on submitting the form, web admin would receive that email.
If I configure their email id to "from" MailAddress and send the mail, it will fail to do so if the ID is from popular mail domains like gmail or hotmail but would work with other unpopular or non existent domains like me@abcxyzmail.om without any credentials provided!
It worked with gmail after I configured SMTP and network credentials properly. The aim is to let the admin of my website who receives the email be able to hit the reply button in his mail client and see the "to" field populated with the "from" field filled in "contact us" page. Is there any proper way to do this or a tip or trick to accomplish it.
We at Our company having our own local network in which consists around 20 users. We do not have Internet connections. Now I've created an asp.net website to share the data among the different users.How to create unique mail ids for each user.
This code is working fine in my local system but when i upload it on server then it gives this error. From the last 1 year it was working fine but from last few days it gives me above said error, please suggest me is there any authentication required to send mail from server (my hosting plan is with 1and1.com)
I am making mailing system and i am using SQL MAIL service and i need to send mail to other server(application and mail server on different locations).so i some how i need to use queue systems. for example if i send 5000 mail then it should go in batch of 500-500. if i write code in core vb.net then user need to stay untill all batches complete. so some how i need a system by which user just click and mail address fetching and sending process works in background as well send in batch.
I'm working with the default asp.net membershipprovider. Now, by default, that requires that all members registere have all unique email-addresses.However, I'd like to override that because, in a code behind of a certain webpage, I do not need emails to be unique.
I trying to understand how a server farm would use MembershipProvider / RoleProvider. If I have a million users, I do not want to have multiple copies of the MembershipProvider / RoleProvider database. I would like to have one set of machines used for login but then redirect users to other machines in the server farm depending applications the users decide to use. However, once they are redirected to the new machine, I do not want the user to have to relogin. I want the credentials and role information to be available.
Does anyone know how MembershipProvider / RoleProvider is configured for this type architecture?
I have created a custom MembershipProvider and RoleProvider which communications with some existing business logic. The issue I have is that the user login in my business logic requires 3 arguments (group id, user id, and password) and the MembershipProvider and RoleProvider I implemented just use 1 or 2 arguments (username, password). Right now I append my group id and user id together and pass it as the username then parse it in the implemented methods. Is there a better way to do this?
Note, I can handle the login fine because I can call my own ValidateUser method. The main issue is when the implemented methods are called from other things like the RoleProvider.GetRolesForUser(username) method when I use the AuthorizeAttribute.
I'm using various ASP.NET controls out of the box such as the CreateUserWizard control, Login control etc... For custom controls, I have sanitized my inputs by making sure they conform to expected values. However, is this required for the controls such as the CreateUserWizard control, or is that handled internally? Do I need to provide any extra server side validation to these controls and, if so, would it be best to do it in the "CreateUserWizardControl_CreatingUser" event?
Does Forms Authentication require that cookies be enabled to use MembershipProvider and RoleProvider? If so, can anyone tell me the minimum security level I need to tel clients to use.
Say for my ASP.NET application, I have implemented my custom RoleProvider by using my existing Users table on my Oracle 11g database. Then, for my Membership Provider, can I still use the AspNetSqlMembershipProvider that comes with the .NET framework and uses SQL Server?
I have written an assembly (DLL) containing two classes, MyMembershipProvider and MyRoleProvider, which are derived from MembershipProvider and RoleProvider, respectively. I have implemented most but not all of the abstract methods; the remaining ones all throw a NotImplementedException. I have signed the assembly and added a reference to it in my web-site project, where the relevant web.config sections look like this:
[Code]....
When I fire up the site, however, I get the following error:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Exception has been thrown by the target of an invocation.
The error message points to the <add /> tag in the <roleManager /> section: if I take that out, however (enabled="false"), it comes back again as soon as I try to log-in to the site (this time pointing to the membership section). I have verified that is recognising the classes by changing the name in the "type" attribute (to something that doesn't exist), at which point it throws a different error. Therefore I'm presuming there's a problem with my assembly code somewhere; but how can I find out where? I have debug=true in the web.config and also compiled the assembly with Debug options, but no clues.
In asp i tryed to send mail with images. so i used AlternateViews and LinkedResources from System.net.mail class. before sending the mail i would like to add email.Fields.Add [URL] here System.net.mail class doesn't contain Fields. System.web.mail only have Fields.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 74.125.47.109:25
used the built-in Membership framework and has implemented his own provider by creating a class that inherits from MembershipProvider (found in System.Web.Security). I actually went ahead and created a custom provider which inherits from MembershipProvider. The problem is that there are several methods I do not really need. Also, the schema is totally different. Plus, most methods return a MembershipUser which means my User class has to inherit from it as well. So really, what benefits does the MembershipProvider and the whole Membership framework add to my system? Do these benefits justify the fact that I won't be using most of the methods on the class?
sending mail using asp.net to the aol domain? My users complain either they don't get the mail or they go to the spam box and it doesn't go to the user's mail quickly. Is there a trick to this for aol? It goes to yahoo or gmail really quick
