asp.net membership custom change of passwords by users and admins - asp.net

I am still searching StackOverFlow as well as the innertubes but have not found an example of what I need to do.
If an user has forgotten their password and they correctly answer their reminder question, the user is shown two form fields for entering a new password; Not Emailing or displaying a random generated password.
If the user calls the support center, an admin can change the password, the reminder question and the answer.
Thanks,
James

just use this code:
var user = Membership.GetUser(username);
user.ChangePassword(user.ResetPassword(), newPassword);
this simply first resets the password and then changes it to the new password, you don't need to know the reseted intermediate password

Related

Change Umbraco member password with out knowing old password

I need a functionality to change umbraco member password programatically.user can add their new password in the field I had set on umbraco node.and when they publish the node new password will come in effect.I had find a way to change current password to given one
member.ChangePassword(oldPassword, password);
But this requires oldpassword to work.and I cant provide it as user has already changed old password in the umbraco node.then I tried to get old password programatically.
string theUserPassword = Membership.GetUser(username).GetPassword();
but this also throws an error
Password Retrieval Not Enabled.
Is there any way to get old password programatically?Or Am I going in the wrong direction?
Umbraco uses the Microsoft Membership Provider.
You probably have set the property "EnablePasswordRetrieval" to false.
If you don't know the password but need to change it, you can reset the password bij using the ResetPassword method.
I know this is an old post and an answer has already been accepted, but you can actually achieve what the OP wants to do by using the return value of the ResetPassword method for the oldValue parameter of the ChangePassword method:
member.ChangePassword(member.ResetPassword(), "New Password")
This allows you to change the password for a user to a specific value without knowing their existing password.
Another option to an old question:
I am using Umbraco 7.2.4 and here is how I change the password.
var member = Services.MemberService.GetByUsername("username");
Services.MemberService.SavePassword(member, "new password");
Where "Services.MemberService" is from ApplicationContext.Current.Services.MemberService.
The first line of code is where you get the member for which you want to change the password. This can also be done by email or id.
Services.MemberService.GetByEmail("email")
Services.MemberService.GetById(id)
The second line is where you change the password. It is automatically hashed.

Membership provider Reset password to Custom Formatted password

Membership provider ResetPassword method , resets a password that contains a lot of non alfa numeric chars.
The question is if its possible to change the default password creation template to lets say Numbers Only ?
The trick that worked for me was :
Reseting the password and getting the new password , then using the new password calling method ChangePassword that will accept new generated password on my own choice , if anyone can suggest something less tricky will appreciate.

asp:LoginName displays Email instead of username

I'm having a peculiar problem. First of all the asp:LoginName displays the Email instead of the signed username.
This is the way I used to create a new user:
MembershipUser newUser = Membership.CreateUser(sAlias, sPassword, sEmail);
Also when I check the value of
System.Web.HttpContext.Current.User.Identity.Name
and also
System.Threading.Thread.CurrentPrincipal.Identity.Name
they both contain the Email instead of the username.
Login I can perform regularly, no problem.
Any ideas? Thanks a lot.
What do you see when you check the value of:
Membership.GetUser().UserName
Just an idea, that might be useful. If that doesn't help, I'll try to see what I can do tomorrow, because I have to go to bed now. :)

Can I override asp:CreateUserWizard to essentially not require a password?

Got this site with UN/PW set via the Createuserwizard control.
Client considers PW too large of a barrier to entry and wants to get rid of the password requirement but still have accounts so users simply log back in with emaill address only.
I want the quickest fix possible where I use the same provider and control but just use the same static PW for all users on signup, then sort of enter it for them when they "log in" if they return. Works like a cookie basically but has an actual login.
Problem is the Createuserwizard.Password property is read only. Can I do AutoGeneratePassword= true and force it to generate the exact same password every time?
For what it's worth, this is a simple, no secure data, basically not much stored kind of site. Lets not get into whether the req makes sense though, and the implications of this - I probably agree with you :)
Bla, bla, bla lots of stuff you probably agree with... and now to the point:
Just ditch the CreateUserWizard and call MembershipProvider.CreateUser directly. You will have to throw in a few textboxes for the email and stuff instead of the createuserwizard but it should be a walk in the park. For the login, just drop the login control too and add a textbox for the email and a "login" button. Then in code-behind call MembershipProvider.ValidateUser with the email and hardcoded password, and if it returns true (meaning the user exists) you just call FormsAuthentication.SetAuthCookie followed by FormsAuthentication.RedirectFromLoginPage and the user is logged in.

ASP.NET C# Active Directory - See how long before a user's password expires

I have an interesting problem, I am writing a password management webpage/service and I am trying to find a way to determine when a user's password is going to expire so I can manually reset their other passwords with it and send out an email, etc.
The problem I'm having is that when trying to loop through my users I'm getting the bulk of them not having a pwdlastset attribute so I can't determine when it's going to expire.
So I guess I am looking for ideas on a good way to check for when a user's password is going to expire aside from using the pwdlastset property and calculating the time left.
Thanks a bunch.
It's actually quite a bit more complicated than you might think at first...
in order to know how long a password can be valid, you need to read a "domain policy" and find out that way
Then:
if the user has the "UF_DONT_EXPIRE_PASSWD" flag set in his "userAccountControl", his password will never expire
if the "pwdLastSet" value (a "ADSLargeInteger" or Int64 value, which is rather tricky to read in the first place) is 0, the user will have to change his password the next time he logs on
if the "pwdLastSet" value is -1, the password has never been set
only if none of the above are true, then the "pwdLastSet" value contains the date when the password was last set, to which you can add the "MaxPasswordAge" from the domain policy, and this will give you the date when the user's password is going to expire
Phew! Did you think it would be this tricky? :-)
Marc
PS: If you're serious about .NET based AD programming, you ought to have this book:
The .NET Developer's Guide to Directory Services Programming
The book contains all the goodies like determining user's password expiration dates, determining user account lockout state and much much more - highly recommended! Joe and Ryan did an outstanding job getting all this information together and explaining it so that even an average Joe programmer like myself can understand it :-)
As far as I know, if pwdlastset is zero or missing, the user is either required to change their password at the next logon or their account is setup with a non-expiring password. Could this be the cause of what you are seeing?
Here's another approach:
public static DateTime GetPasswordExpirationDate(UserPrincipal user)
{
DirectoryEntry deUser = (DirectoryEntry)user.GetUnderlyingObject();
ActiveDs.IADsUser nativeDeUser = (ActiveDs.IADsUser)deUser.NativeObject;
return nativeDeUser.PasswordExpirationDate;
}
You'll need to add a reference to the ActiveDS COM library typically found at C:\Windows\System32\activeds.tlb.

Resources