Security :: Creating An Admin Tool To Reset Password Without Question / Answer?
Oct 29, 2010
I'm dealing with a scenario where a legitimate user doesn't have a clue about his password, secret question or the answer. So, I was trying to create an admin tool that would help me in situations like these where the admin should be able to type in username and reset the password without having to know/enter answer to secret question. I understand that I need to make some changes to the web.config for this to work. I thought I made all the changes but my ResetPassword() requests are still not working.
Here's my web.config settings for the provider.
[Code]....
View 4 Replies
Similar Messages:
Jul 31, 2010
I have a small requirement i.e if any user forgot the passwordhe would like to reset the password by contacting an admin or mailing. Now if the admin logged in he will check for the user name if the user name matches i would like to send a mail to that user by resetting the password
View 2 Replies
Mar 7, 2010
I am creating a website for reset the password in one of the application from the back end.
I have created a webpage with only one button called "RESET".
If user click the button, it should check the user have already access the application from the "USER" table. If no access, the message appears "You do not have an access."
If yes, next step whether the user have authenticate. If yes update the encrypted password from new table called "UMRESET" to the application table "USER" password.
View 2 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Aug 25, 2010
I have a question with this tool. I have a database listed in the App_folder, and the database has a connection in Server explorer. The connection string is listed in the web.config file, and I am able to add users and roles with the Web Admin Tool. However,when in the Web Admin Tool, under Configuration tab, I receive an error when I click on the "test" button. The error reads " Could not establish a connection to the database.If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider."
View 6 Replies
Apr 17, 2010
I'm looking for a way to create a login control without the use of web admin tool
Here are my system requirements
Windows 7 Visual Studio 2008 Professional Edition Microsoft SQL Server 2005 Express Edition ESET Anti-virus but SQL and Studio files excluded from being scanned. I have got a database. I've created the front end of the user login control manually not using the toolbox. Basically what I need is that once a user has registered. He then logs in. when he enters his username and password how do I code it so the database realises it's him/her and takes them to their LOGGED IN user
View 7 Replies
Sep 30, 2010
I am using PasswordRecovery to reset a password and email it to the user.
I am sending an email programmatically with PasswordRecovery1_SendingMail.
In this sub, how do I get the new reset password to include it in the email?
View 4 Replies
Mar 15, 2010
Is there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
View 1 Replies
Jun 22, 2010
I am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
<add name="MySqlMembershipProvider" connectionStringName="SQL2005DB380ConnectionString" applicationName="MyAppName" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Encrypted" enablePasswordReset="true" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
How can I get old password and reset new password.
View 4 Replies
Feb 21, 2011
I'm using the built-in membership in my ASP.NET Web Forms 4 app.
I'm also using the PasswordRecovery control for handling users who have forgotten their passwords. Before I reinvent the wheel, I've decided to post this question.
As one can imagine, in most cases, people give it a few tries before requesting a password change. Of course in the process, they lock out their accounts. The problem is that password recovery does not work for locked out accounts.
How do I first unlock the account if I'm using PasswordRecovery control?
View 4 Replies
Jan 17, 2011
I want to get code for reset password based on passwordquestion and passwordanswer in membership.
View 1 Replies
Feb 11, 2010
Following one of the other tutorials I have figured out how to manage users [URL] but it does not mention how to delete them from the GridView. I have attached my Page's code plus my VB script. I have added a delete link into the GridView for preparation but all I would like is the VB script so that when the user clicks delete it deletes the user from the GridView and Databse. I hope I have made every really simple, anyway here it is:
ManageUsers.aspx
[Code]....
View 2 Replies
Jul 10, 2010
I have converted the change password control to a template. It is inside an update panel. After changing the password the confirm button takes the user to the success step by updating the update panel. Then by clicking the OK button, I would like to reset the password changer to its initial state so that the user can change the password again. Right now I am not sure how this is done and the control simply remains at the second step, telling the user "password has been changed" . User can press OK. What must I write in the OK button click event to reset the password control to its original state?
View 3 Replies
Mar 1, 2010
I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 Replies
Jan 6, 2011
I am working on an Ecommerce website. I have created a database using Server Explorer named 'MyTestStore' and created Tables and Stored procedures inside it.
Than I used the program called aspnet_regsql.exe (which is in:
C:windowsMicrosoft.NETFrameworkv2.0.50727) to create the membership and roles tables. And this tool created all the membership tables in the MyTestStore database. All is fine till this point.
Enabling Roles:
Now I need to enable roles, insert admin and users into this membership tables in my database. so I opened up ASP.Net Configuration Tool but when I enable and create roles it automatically creates a database called ASPNETDB under App_Data folder whereas, I want to have the roles enabled in the database MyTestStore. But it keeps creating the database ASPNETDB. How do Imap the ASP.Net configuration Tool to create and add users into my database called MyTestStore instead of that default ASPNETDB.
View 6 Replies
Jun 28, 2010
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
View 2 Replies
Jan 27, 2010
Me with C# asp.net
I want to show the admin pages only after logging in a form with username and password and also want to logout from the admin pages, if in the browser history select a admin page after logout it should not be shown
how can I do it.
View 1 Replies
Jan 22, 2011
I can't get past the "Test" link on the "Provider" tab in my Web Site Admin Tool (WSAT).
I'm running SQL Express (10.0.2531.0) and have created my "ASPNETDB" database using the version of aspnet_regsql that came with .Net 2.0. (When that work, I re-ran the version that came with 4.0.)
I have the following in my web.config:
[Code]....
And this:
[Code]....
When I go into the WSAT, to the Provider tab, I select "AspNetSqlProvider" and click test.
The error message I get is this:
Could not establish a connection to the database.
If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
View 2 Replies
Mar 11, 2011
When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
View 4 Replies
Mar 3, 2011
I have a working dropdown box that gives the answers yes & no. When "yes" is selected I need to create a message box that displays a simple message and allows the user to click ok, to get back to the survey.
I have been working with it, and tried several things but no luck. What would the code look like, and where exactly would I place it to fire at the right time. I am working in VB, with an aspx & aspx.vb page.
View 3 Replies
Jan 30, 2011
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the ASP.Net membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
View 1 Replies
Oct 11, 2010
How do you create your web site data admin for your customers. Do you do them programatically or do you use any specific tool?
I have been using AspMaker and is not a bad option but I'm sure there are a few more options out there. I've seen that MS has a Web Data Administrator but for me it looks more than an sql server web admin tool rather than a frontend that has the business logic.
View 1 Replies
May 25, 2010
I've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
View 2 Replies
Mar 22, 2010
I have an application with a custom mebership (I'm still working on it). There is some funcionality in the application for asociating users. This means that (if already associated) one user could switch to some other user with just a click.
My question is:
Can I do a function that would allow me to authenticate one user without sending the password as a parameter?
View 1 Replies
Apr 28, 2010
I am trying to send an email using the gmail smtp server. I am trying to enter the SMTP settings into the Web Site Admin tool. I have set
Server Name: smtp.gmail.com
server port: 587
from: myemail@gmail.com
Sender's User Name: my real gmail username
Sender's Password: my real gmail password
I am getting the following error when I try to send an email as a result on using the CreateUserWizard after successfully creating a new user.
Code:
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. i29sm30127820vcr.12
View 2 Replies
