I want to change password. however, i am not sure because I did not use my side as a membership at all.
However, when the user log in, i saved username as a session.
So is it possible for me to use the session.. check the database.. and change the password from there??? :)
How am I suppose to do that?
I'm using the ChangePassword method of membership provider to change the password and one of the requirement before calling the ChangePassword is to retrieve the current password. But I'm getting error:
padding is invalid and cannot be removed
below is my web.config:
[code]....
if user login first time in application in how i promot for change password in Asp.Net C#.
View 1 RepliesI'm using the ChangePassword method of membership provider to change the password and one of the requirement before calling the changepassword is to retrieve the current password. But I'm getting error:padding is invalid and cannot be removedbelow is my web.config:
< system.web> < machineKey validationKey="4FD671E39167DFB91A918018007D095E50B7D2971B01AEDE26A7233FD9CC4A470F80689997EC2C7BB515F9D82C8B4D1F3A8495193630B11E8401C96BD0A5A133" decryptionKey="ED1555E75C7B91738172E0086456C70B9CAA4C44214FC2B1907123993EA4FA53" validation="SHA1"
decryption="AES"/>....< /system.web>
I want to force the user to change his password after his first login. Now, where should I put the redirection code to ChangePassword page ?
If I put it in the Page_Load of Default page, user can move to any page because he is Authenticated. If I put it in the Page_Load of Master page, the ChangePassword page uses the same master page, and it'll enter in an infinit loop of redirections.
I though of ignoring the redirection if the Page is the ChagePassword page from the Master page, and I found this answer which says:
This sounds like a bad idea to start with. The idea of the master is that it shouldn't care what page is there as this is all common code for each page.
I was wondering how I would go about changing a users password in ASPNETDB? There are some stored procedure I've been playing around with such as dbo.aspnet_Membership_setpassword and resetpassword but I've managed to corrupt the login password for my user as now I cannot login anymore (gives wrong username or password message in my webform login screen).Any ideas how I can successfully change my password from the ASPNETDB / stored procedure ?
View 5 RepliesI am designing a site with that requires users to login in to access info. How do I save the user name and password in viewstate or session. so I can use it in other pages later.
View 2 RepliesI can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
In create user wizard control forgot password and change password...
View 1 RepliesI use ASP.NET Form Authentication method in my project to keep login information as user id in user's cookie like the below code. It works well without any problem.
FormsAuthentication.SetAuthCookie(userInfo.id.ToString(), model.AutoLogin);
But the problem occurs when user use automatic login and then he change his password. In some site, I see it will force you to re-login when you change password. It's quite easy for forcing current page to log out and re-login again.
But I don't find any nice idea for forcing other auto-login cookie in other browser to login again. I have some quite ugly idea for doing that but I don't like it.
Keep latest change password date in user data.
Put it in authentication cookie like the following code.
FormsAuthentication.SetAuthCookie(userInfo.id.ToString() + '|' + userInfo.ChangePasswordDate, model.AutoLogin);
Change user's password via stored procedure in ASPNETDB. Changed to another post [URL]
View 1 RepliesDoes anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.
I using change password control, how can i change the password without enter the current password?
View 8 RepliesI am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
it is possible to change dynamically the session time for currently logged user. I'm communicating with a WebService which does a long-running task, and while the it sends the final response, I don't want the user to be logged out.
View 2 RepliesHow can I change the default session time in an ASP.NET website to something user defined - perhaps 1 hr?I assume the default session time is 20 mins..
View 3 Repliesi want to generate the new sessionid in the same httpcontext once the user is successfully authenticated.so, how can i do that ? ( please dont ask why do you want it, i got such kind of requirement).
View 3 RepliesAm using ASP.NET membership authentication in a small website and i just noticed some thing funny during testing. Am trying to enable user to change their login password any time they wish, i dragged a change password control to the form, i changed the password for my test account, but now all passwords are still working.
I can login with the old password as well as the new password with this particular test account. If i try with any other random characters as the new password, i cant successfully login (which OK). But if type the old password, am able to login, if i type the new password, am still able to login, am finding this very strange.
I have a problem with changing the password from Microsoft Access Database. I get an Error "No data exists for the row/column". The password in the database is encrypted and when I change the password it should be decrypting the password and new password should be updated with encryption again. I have following Encryption and Decryption Function:
Code:
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Text
[code]....
when user click forgot password it asked user name and email and send his password on his email.
How implement this task in asp.net. with datbase sql server.
Article : Encrypt and Decrypt Username or Password stored in database
The whole thing works very well but my issue is, after entering and encrypted password how does the user then log into the database?
When a user types in his password, the typed in password will not match the ecnrypted value in the database.
So how do I decrypt what is in the database and compare with what the user typed in and then validate the user.
My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case)Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)?
View 2 RepliesURL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
View 1 RepliesI have a web form, which is to allow user to reset their password. When I clicked on the button, I got this error
"Input string was not in a correct format."
The code behind the button is:
[Code]....
When the user types in the new password, this new password will be hashed upon clicking the button and saved into the database.
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?