Security :: Membership Change Email Of A Selected User?
Feb 23, 2010
change details of a user ( asp.net membership change email of a selected user ).
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Protected SubButton4_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button4.ClickTry Email = EmailTextBox.Text Membership.UpdateUser() updateuserlabel.Text = "User e-mail updated." Catch u As System.Configuration.Provider.ProviderException
updateuserlabel.Text = MessageEnd
End Sub
This works but what is does is to load the email of the user that is login to the textbox and then if i press the button it changes to the text assign to the textbox.What i want is to choose from all the system users and then change the email of each.
I'm currently trying to figure out enabling my users, once logged in, to change their email address that they have registered. As far as I can see it's only held in the aspnet_Membership table.
The code I have so far is as follows, but it doesn't seem to be doing anything. No errors either so I can't go down that route yet!
In my update Membership account routine, I have the sub:
[Code]....
This sub runs successfully and everything is updated, including the membership question and answer, except the membership.getuser.email address which is not updated.
I have a create user wizard on my page. Requires Security question hasbeen set to false. Once a new user is registered they can log in fine. If they forget their password, i have written code so that the user can enter the email address they used to register and a replacement is sent. The problem is I have written an application that is accessed by different people. So if the user that registered the account leaves the company
I want to implement membership where email is used as the user id. Is there a ready-made provider for this, or do I have to write my own one? Or should I just make do with the 'default' one?
I'm building an ASP.NET MVC 2 site, where I want to have users verify their email address after they register.
I want to send an email to the address with a link that the user can click to verify their email, and then handle the clicking of that link (the link will contain a specific id, of course).
Of course, this is easy to manually implement, but is there anything already built in to ASP.NET that has such a function?
I tried googling this and have had no luck. I would like to implement membership roles without any reference to email accounts or smtp. Does anyone have information on this topic?
I want to rename aspnet_application table and its columns. 1- Does membership framework allow me to do that ?2- Will there be any problem in accessing System.Web.Security functions ?3- I have to change procedures and functions etc ?
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is { //select hashed password from db return (EncodePassword(password) == dbpassword) } [code]....
I have this code for changing a user's password when they click the password reset button (with extra code to log to ELMAH so I can try to figure out what is going wrong).
This is in ASP.NET MVC 2, using the standard aspnet membership provider, with a simple View like this:
New Password: ______ Confirm Password: ______ [Reset] [Cancel]
The route to this view is `/Account/Reset/guid`, where guid is the user's id in the aspnet membership database.
The key portion of the code is where it calls `user.ChangePassword()`. You can see that it logs a message when successful. The problem is that for some users, the success message is logged, but they can not log in with the new password. For other users it logs the success message and they can log in.
if (user.ChangePassword(pwd, confirmPassword)) { ErrorSignal.FromCurrentContext().Raise( new Exception("ResetPassword - changed successfully!")); return Json(new { Msg = "You have reset your password successfully." }, JsonRequestBehavior.AllowGet); }
The full code listing is:
[Code]....
Edit: Adding a bounty to try to get this solved. This is one of the most annoying problems on my issue list, and I have no idea how to proceed.
while creating users/groups using web site administration tool, is there a way to configure it to store to a specific database rather than store to a Microsoft SQL 2005 Server Express Edition by default in the App_Data folder?
I have a custom security module which is retrieving the applicationName of the defalut Membership Provider. I am using this value for convenience only. I mean, sometimes, I will authenticate the user as per "Windows Authentication" where there is no Login Form, and yet, I need to access the "applicationName" of the membership provider.So, in some of my applications, I am not using a memberhsip, and I leave it empty. And I found out that if the <membership> is not defined in web.config, it will default to "AspNetSqlMembershipProvider" type "System.web.Security.SqlMembershipProvider".I can add an key in <appSettings>, but I like to using the applicationName of the default membership provider, becuase in other applications I am using Forms Authentication, with a custom membership provider.If try to setup a dummy memberyship provider, I will get error that the connection string is empty.How I can set the "applicationName" property in web.config if I am using "Windows" authentication, and I have no membership provider ?
Does anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
I've change it to passwordStrengthRegularExpression="^(?=.{8,15}$)(?=.*[0-9])(?=.*[A-Z]).*" however it still keeps coming up telling me that I need at least 7 characters and one nonAlphaNumberic... I looked at my machine config and made some adjustments there so that
minRequiredPasswordLength="" minRequiredNonalphanumericCharacters="" were blank
I need to give a user the ability to change the email of any other user listed in the aspnetdb. I can easily change their password, but I can't get the email to change. I thought that usr.email = [URL] would work, but it doesn't. It doesn't error, but it also doesn't change anything.
This is the basic code:
Dim usr As MembershipUser = Membership.GetUser(userName) usr.Email = txtEmail.Text
In the site I am building we have standard users and superusers. A superuser can delete another user from the system and this should result in that user being logged out (if he/she is currently logged in). We use the Membership provider. Or actually the superuser doesnīt delete the other user completely but instead sets his/her as inActive by following code:
[code]...
But, that should not matter... What I want to know is how to make the affected user being logged out. I donīt need a popup or anything to be shown to the other user that he/she is just logged out, it is enough to check if that user is logged in when he/she tries to move to another page on my site.
I'm trying to get the comments section for a user, to populate a text box which can be updated. I'm getting the "Object reference not set to an instance of an object" error. Why is this occurring?
I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
