I need to force users to change password at least every 30 days. How to start with it? I noted in database that table users has column credentials_expire_at and when it's set to past date such an user can't login and I thought of allowing password change in login form when message of expiration detected.
You need to do it in this way:
Create EventListener to onSecurityInteractiveLogin event
Check the date
If it fails redirect to change password form
Look at this coderwall protip: http://coderwall.com/p/cfmbaq
Related
I send a link as email to the users asking them to reset the password. Clicking on the link redirects to a page in my project. How can I set the expiration time for this link to 24 hours, and how do I know if this link is not re-used again? Whats the best way to do this?
Thanks
I dont know how your process looks like but the recommend way is to use a guid to identify the
passwort reset process.
This is how a process should look like.
Create a database table with the userId, createDate, closeDate, and a guid
Create a new entry in the table
Send the mail with a link to your page that has the uuid from the entry
If the user enters the page (clicks the link) you check if the process is still open (closeDate is null)
Check if the createDate is within the last 24 hours
User can change password
You set the closeDate
store email sent date&time in the database(where your maintaning userdetails) .
when your are open link for reset password capture present date. compare both date&time values . they you can procced. may this helps you.
I have an idea
Create a Time.now() and encrypt this using encryption and attach with your link
Send using Email and other option
go to the link page
write code on page load Request the sent encrypted Date Time and decipher it
match time if time is over then send to an error page else continue
Like -:- http://Yourhost/foldername.aspx?val=encryptedTimeDate
I need a functionality to change umbraco member password programatically.user can add their new password in the field I had set on umbraco node.and when they publish the node new password will come in effect.I had find a way to change current password to given one
member.ChangePassword(oldPassword, password);
But this requires oldpassword to work.and I cant provide it as user has already changed old password in the umbraco node.then I tried to get old password programatically.
string theUserPassword = Membership.GetUser(username).GetPassword();
but this also throws an error
Password Retrieval Not Enabled.
Is there any way to get old password programatically?Or Am I going in the wrong direction?
Umbraco uses the Microsoft Membership Provider.
You probably have set the property "EnablePasswordRetrieval" to false.
If you don't know the password but need to change it, you can reset the password bij using the ResetPassword method.
I know this is an old post and an answer has already been accepted, but you can actually achieve what the OP wants to do by using the return value of the ResetPassword method for the oldValue parameter of the ChangePassword method:
member.ChangePassword(member.ResetPassword(), "New Password")
This allows you to change the password for a user to a specific value without knowing their existing password.
Another option to an old question:
I am using Umbraco 7.2.4 and here is how I change the password.
var member = Services.MemberService.GetByUsername("username");
Services.MemberService.SavePassword(member, "new password");
Where "Services.MemberService" is from ApplicationContext.Current.Services.MemberService.
The first line of code is where you get the member for which you want to change the password. This can also be done by email or id.
Services.MemberService.GetByEmail("email")
Services.MemberService.GetById(id)
The second line is where you change the password. It is automatically hashed.
I am still searching StackOverFlow as well as the innertubes but have not found an example of what I need to do.
If an user has forgotten their password and they correctly answer their reminder question, the user is shown two form fields for entering a new password; Not Emailing or displaying a random generated password.
If the user calls the support center, an admin can change the password, the reminder question and the answer.
Thanks,
James
just use this code:
var user = Membership.GetUser(username);
user.ChangePassword(user.ResetPassword(), newPassword);
this simply first resets the password and then changes it to the new password, you don't need to know the reseted intermediate password
Got this site with UN/PW set via the Createuserwizard control.
Client considers PW too large of a barrier to entry and wants to get rid of the password requirement but still have accounts so users simply log back in with emaill address only.
I want the quickest fix possible where I use the same provider and control but just use the same static PW for all users on signup, then sort of enter it for them when they "log in" if they return. Works like a cookie basically but has an actual login.
Problem is the Createuserwizard.Password property is read only. Can I do AutoGeneratePassword= true and force it to generate the exact same password every time?
For what it's worth, this is a simple, no secure data, basically not much stored kind of site. Lets not get into whether the req makes sense though, and the implications of this - I probably agree with you :)
Bla, bla, bla lots of stuff you probably agree with... and now to the point:
Just ditch the CreateUserWizard and call MembershipProvider.CreateUser directly. You will have to throw in a few textboxes for the email and stuff instead of the createuserwizard but it should be a walk in the park. For the login, just drop the login control too and add a textbox for the email and a "login" button. Then in code-behind call MembershipProvider.ValidateUser with the email and hardcoded password, and if it returns true (meaning the user exists) you just call FormsAuthentication.SetAuthCookie followed by FormsAuthentication.RedirectFromLoginPage and the user is logged in.
I have one question. How to change the link after the user has submitted the form? What I mean is that once the user submit the form, the link that direct the user to the FORM will be change to another url which is ViewFormA.asp. How can I do that? Need your advice. Thanks.
Does this help?
Response.Redirect "/ViewFormA.asp"
at first, in the beginning of FORM page on the server side you need to check your own special Cookie or Session variable (like Session("AlreadySubmitted"))
a) if this variable is exist , it means that the user already submitted the form and must be redirected to an other page.
b) if this variable is not exist yet or equal to zero , the user is allowed to fill the FORM and submit the data.
at second, on a page that get submitted data you have to set this variable to 1