Security

Re: Couldone Help Please withChangePassword Id setting up

Sonia25 — Fri, 27 Apr 2007 02:31:59 GMT

I change the password format to Clear by stated by claybo and it works. But when i change back to hashes the same error as stated on my first post this my web.config

Thanks

authentication mode="Forms">

forms name="SqlAuthCookie"

timeout="10" />

authentication>

authorization>

allow roles="ADMIN" />

deny roles="ADMIN" />

allow users="*" />

authorization>

membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="20">

providers>

clear/>

add name="SqlMembershipProvider"

type="System.Web.Security.SqlMembershipProvider"

connectionStringName="LocalSqlServer"

enablePasswordRetrieval="false"

enablePasswordReset="true"

requiresQuestionAndAnswer="True"

passwordFormat="Hashed"

minRequiredPasswordLength="7"

minRequiredNonalphanumericCharacters="0"

applicationName="/Lesson1" />

providers>

membership>

roleManager enabled="true" />

compilation debug="true" strict="false" explicit="true"/>

Re: Couldone Help Please withChangePassword Id setting up

XiaoYong Dai – MSFT — Thu, 26 Apr 2007 02:59:49 GMT

When you hash the password, it does not retreive the current password. The system generates a new passwords, applies it to the user (storing it in the database) and then E-Mails the user the new password.

Re: Couldone Help Please withChangePassword Id setting up

claybo — Wed, 25 Apr 2007 18:18:06 GMT

You're welcome...Let me know it it works in the end for you...your options are plain text in the db which is not good, encrypt the password before storing it (better) and hashed (best security wise but like i said before you can't email a hashed password)

If you're storing critical info though like credit card numbers I'd still go with the hashed and forgo the emailing of the password.

Re: Couldone Help Please withChangePassword Id setting up

Sonia25 — Wed, 25 Apr 2007 18:04:15 GMT

Yes i'm using hashed i'm supprise that no one here new that included myself that you cannot email hased password. i'm will change it

Thanks

Re: Couldone Help Please withChangePassword Id setting up

claybo — Wed, 25 Apr 2007 17:21:14 GMT

Are you using hashing to encrypt your password? If so you can't email a hashed password. The only way around this is to change the user's password to a known value, and then save the hash for the new passoword.

Re: Couldone Help Please withChangePassword Id setting up

Sonia25 — Wed, 25 Apr 2007 13:29:11 GMT

I'm using a gmail account and i dont have problem sending email .The error happen when the password is generated and i paste it in the changepassword id to change it. do i have config my provider by running the reg.sql cmd. i'm using an aspnetdb on a sql2000 hosting

Thanks

Re: Couldone Help Please withChangePassword Id setting up

XiaoYong Dai – MSFT — Wed, 25 Apr 2007 06:20:21 GMT

I guess this error is due toTLS, The SMTP server on the server housing IIS (localhost) is configured to require TLS encryption. I am not sure what SMTP service you have installed on the server. If it is IIS SMTP service, go to the SMTP service property -> Delivery -> Outbound Security and make sure TLS encryption is unchecked.

Here is a good thread covering issues that come up on the forums

http://forums.asp.net/thread/1580731.aspx

Couldone Help Please withChangePassword Id setting up

Sonia25 — Mon, 23 Apr 2007 02:06:11 GMT

I setup my membershiprole and everthing works fine except the changepassword id. I can send email through the passwordrecovery but when i put the new password that the system send the user i keep getting this. Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.

And whenever i try to change the password with the password the user created , i get this error the below .

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first d22sm6862612and

Description