Kind of stuck here on an implementation of a custom Membership provider i have written to use a WebService to handle membership calls
I have a GridView of all the users from the aspnet_Users table and am trying to wire in a "Reset Password" row command but I see that all the Membership methods are requiring the PasswordAnswer to use ".GetPassword" or ".ChangePassword"... how can I retrieve
this using the stock membership provider
If it helps, here is the setup i have written:
- Website hosted at one place, with a custom Membership provider in place that goes to another server which i have mimic'd all the Methods as a web service, in the web service i am calling the out-of-the-box membership stuff and returning the data back across
the web service.....
So in the WebService call of the Membership provider, i need to get the answer (which is in "Encrypted" form btw, not Hashed or PlainText) so that i can reset the user's password
"If you make it idiot proof, they'll build a better idiot"
[quote user="pkellner"]and, you must have AspNetSqlMembershipProviderNoQuestionAnswer set to true
That is what i am trying to avoid... as i like the more secure way for the user themselves to reset/retireve their password, but at the same time i want a site administrator to be able to click "reset and email new password" for people that have totally
forgotten/lost their login information....
I've been poking around in Reflector to see what the stock stuff is doing, hopefully somewhere in here lies the answer of "how do i select the un-encrypted 'passwordAnswer' field from table aspnet_Membership"
** edit **
For anyone running across this topic,
this web page is a gold mine of explaining Membership and Password (which as far as i can tell right now, is telling me i'm f-cked, lol)
"If you make it idiot proof, they'll build a better idiot"
you can have two providers for membership with different parameters pointing at the same memberhsip database. Users get q/a, you can reset password in code.
you can have two providers for membership with different parameters pointing at the same memberhsip database. Users get q/a, you can reset password in code.
Then in my web service handling Password retrieval/reset/etc I have:
<WebMethod()> _ Public Function GetPassword(ByVal i_Username
As String, ByVal i_Answer
As String) As String
Return Membership.Provider.GetPassword(i_Username, i_Answer) End Function
<WebMethod()> _ Public Function GetPasswordWithoutAnswer(ByVal i_Username)
As String
Return Membership.Providers("AdminMembershipProvider").GetPassword(i_Username,
String.Empty) End Function
And call one method or the other depending on who is doing the request.... works like a charm... thanks for pointing out that previous link
custom membership password
"If you make it idiot proof, they'll build a better idiot"
MorningZ
Star
8849 Points
1822 Posts
How to retrieve PasswordAnswer -or- reset password without it
Sep 26, 2006 09:28 PM|LINK
Kind of stuck here on an implementation of a custom Membership provider i have written to use a WebService to handle membership calls
I have a GridView of all the users from the aspnet_Users table and am trying to wire in a "Reset Password" row command but I see that all the Membership methods are requiring the PasswordAnswer to use ".GetPassword" or ".ChangePassword"... how can I retrieve this using the stock membership provider
If it helps, here is the setup i have written:
- Website hosted at one place, with a custom Membership provider in place that goes to another server which i have mimic'd all the Methods as a web service, in the web service i am calling the out-of-the-box membership stuff and returning the data back across the web service.....
So in the WebService call of the Membership provider, i need to get the answer (which is in "Encrypted" form btw, not Hashed or PlainText) so that i can reset the user's password
pkellner
All-Star
24018 Points
3616 Posts
ASPInsiders
Moderator
MVP
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 12:28 AM|LINK
You can do this:
string newPassword = mu.ResetPassword();
mu.ChangePassword(newPassword, password);
and, you must have AspNetSqlMembershipProviderNoQuestionAnswer set to true.
Here is some userful info on this.
http://forums.asp.net/1206792/ShowPost.aspx (how to have multiple providers)
http://peterkellner.net
Microsoft MVP • ASPInsider
MorningZ
Star
8849 Points
1822 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 02:19 PM|LINK
[quote user="pkellner"]and, you must have AspNetSqlMembershipProviderNoQuestionAnswer set to true
That is what i am trying to avoid... as i like the more secure way for the user themselves to reset/retireve their password, but at the same time i want a site administrator to be able to click "reset and email new password" for people that have totally forgotten/lost their login information....
I've been poking around in Reflector to see what the stock stuff is doing, hopefully somewhere in here lies the answer of "how do i select the un-encrypted 'passwordAnswer' field from table aspnet_Membership"
** edit **
For anyone running across this topic, this web page is a gold mine of explaining Membership and Password (which as far as i can tell right now, is telling me i'm f-cked, lol)
pkellner
All-Star
24018 Points
3616 Posts
ASPInsiders
Moderator
MVP
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 02:27 PM|LINK
using this link:
http://forums.asp.net/1206792/ShowPost.aspx
you can have two providers for membership with different parameters pointing at the same memberhsip database. Users get q/a, you can reset password in code.
http://peterkellner.net
Microsoft MVP • ASPInsider
MorningZ
Star
8849 Points
1822 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 02:42 PM|LINK
using this link:
http://forums.asp.net/1206792/ShowPost.aspx
you can have two providers for membership with different parameters pointing at the same memberhsip database. Users get q/a, you can reset password in code.
Brilliant!
[img]http://www.moonbattery.com/archives/guinness_commercial.jpg[/img]
Wow, i never would have even considered that.... i'll give it a whirl
MorningZ
Star
8849 Points
1822 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 07:41 PM|LINK
So in my web.config i have:
<membership> <providers> <remove name="AspNetSqlMembershipProvider" /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b44f5f7f11d50a3a" connectionStringName="MembershipDb" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="OurSite" requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="^(?=.*\d).{4,8}$" /> <add name="AdminMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b44f5f7f11d50a3a" connectionStringName="MembershipDb" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="OurSite" requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="^(?=.*\d).{4,8}$" /> </providers> </membership>Then in my web service handling Password retrieval/reset/etc I have:
<WebMethod()> _
Public Function GetPassword(ByVal i_Username As String, ByVal i_Answer As String) As String
Return Membership.Provider.GetPassword(i_Username, i_Answer)
End Function
<WebMethod()> _
Public Function GetPasswordWithoutAnswer(ByVal i_Username) As String
Return Membership.Providers("AdminMembershipProvider").GetPassword(i_Username, String.Empty)
End Function
And call one method or the other depending on who is doing the request.... works like a charm... thanks for pointing out that previous link
custom membership password
pkellner
All-Star
24018 Points
3616 Posts
ASPInsiders
Moderator
MVP
Re: How to retrieve PasswordAnswer -or- reset password without it
Sep 27, 2006 08:48 PM|LINK
http://peterkellner.net
Microsoft MVP • ASPInsider
jzelhart
Member
21 Points
10 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Feb 19, 2007 08:05 PM|LINK
Thank you very much - this was driving me crazy!
Have a great day!
cheetahtech
Member
348 Points
130 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Apr 02, 2008 06:47 PM|LINK
Thank you also. This is an amazing (but shi**y) feature.
cheetahtech
Member
348 Points
130 Posts
Re: How to retrieve PasswordAnswer -or- reset password without it
Apr 02, 2008 07:48 PM|LINK
For anyone else having problems and they can't seem to figure whats wrong. Try making the applicationpath="/"
It took me a while to get it and I just wasted 4 hours on company time, but I finally got it.