Hello,

I need to populate CurrentPassword which is in a ChangePassword control with a session variable. I need to delete the CurrentPasword textbox so the user cannot see it. The end result should be that the user will simply enter a new password, confirm the new password and then click 'Change Password'. As the CurrentPassword will have been populated 'behind the scenes' the users password will be changed.

I guess I need to use the ChangingPassword event to pass my session variable Session("CurrentPassword") into CurrentPassword - how can I do this? (I can access CurrentPassword in my .aspx page via ChangePassword1.CurrentPassword but I don't seem to be able to assign a value to it?)

Marco

In ASP.NET, a TextBox cannot have a value assigned to it if the TextMode is password. In short, you cannot do this without using a custom text box. This post has an ongoing discussion about how to get around that: http://forums.asp.net/t/1175146.aspx Though, I don't consider it a good practice since it is a security risk. Make sure your site is using SSL if you go this route.

Hello vcsjones - here is what I am trying to do. When a user forgets there password I want them to be able to reset there password with a password they enter themselves. The user initially has to enter there email address and is sent an email. They must then click the hyperlink in the email. On the password reset page they must enter there email address (this must agree with the guid querystring value in the hyperlink) to allow the user to reset there password. Then via a changepassword control I want the user to enter there new password, confirm the password and then click change password. Behind the scenes on a changingpassword event I intend to complete a ResetPassword(), then write the new system generated password to a session variable. Then (finally) I want this session variable to be used to complete the ChangePassword() which the changepassword control will complete i.e. the CurrentPassword will be populated with the session variable.

From what you are saying this method may be insecure. I currently do not implement the question and answer, maybe I should implement question and answer. Then, I believe (is this correct?) I could complete a changepassword with the uses entering the answer to there question rather than having a remember there old password, which by the very nature of what I am trying to do - they will not know. What do you think. Do you not advise completing a ResetPassword then passing this variable into a ChangePassword - as a workaround to my (self imposed) requirement?

Cheers

Marco 

Hello - I have been experimenting with the passwordrecovery control however the random password generated and emailed to the user is in my situation not an option - because the password format is horrible (yes its secure, but the nature of the website I am designing does not require that level of security). So I am still left wondering how best to allow the user to change there password to whatever they want when they have forgotten it. I have looked at going straight to the aspnetdb by using the aspnet_membership_setpassword built in procedure - has anyone tried this?

Some very popular websites (e.g facebook) have what appears a quite simple password reset method. i.e. enter email address, receive email, click link, enter new password, confirm new password - and thats it. The question is how is this done?

Cheers
Marco

marco gwiliani:

I guess I need to use the ChangingPassword event to pass my session variable Session("CurrentPassword") into CurrentPassword - how can I do this? (I can access CurrentPassword in my .aspx page via ChangePassword1.CurrentPassword but I don't seem to be able to assign a value to it?) 

confirm the password and then click change password. Behind the scenes on a changingpassword event I intend to complete a ResetPassword(), then write the new system generated password to a session variable. Then (finally) I want this session variable to be used to complete the ChangePassword() which the changepassword control will complete i.e

Hi

My work round is inject some logic in the sending mail event like this

Protected Sub ChangePassword1_SendingMail(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.MailMessageEventArgs) Handles ChangePassword1.SendingMail

        Try

           Dim newpassword AS String =   YourGeneratedPassword()       

           Dim Oldpassword AS String=Membership.Getuser(GetUserName()).ResetPassword()

           Membership.Getuser(GetUserName()).ChangePassword(Oldpassword, newpassword )

          e.Message.Body = "Your username is : "+ GetUserName()+"   Your password is : "+ newpassword