syedasimmeesaq
asked on
Password change...not to ask abour previous password
Hello experts,
I am getting my hands wet with ASP.net coming from other development technologies. I am using visual studio express 2008 and am trying to have the user change there password after initial log in. However, once a user logged in, he already put in the password and when I use changepassword control under the toolbox in Visual Web Developer, it puts the field password automatically there asking the users again for the password. How can I have that field automatically filled so the user doesn't have to reenter the password.
Thanks
I am getting my hands wet with ASP.net coming from other development technologies. I am using visual studio express 2008 and am trying to have the user change there password after initial log in. However, once a user logged in, he already put in the password and when I use changepassword control under the toolbox in Visual Web Developer, it puts the field password automatically there asking the users again for the password. How can I have that field automatically filled so the user doesn't have to reenter the password.
Thanks
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
</div>
<asp:LoginView ID="LoginView1" runat="server">
<LoggedInTemplate>
Welcome Back<br />
<br />
<asp:LoginName ID="LoginName1" runat="server" />
<br />
<asp:ChangePassword ID="ChangePassword1" runat="server" BackColor="#E3EAEB"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em">
<CancelButtonStyle BackColor="White" BorderColor="#C5BBAF" BorderStyle="Solid"
BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" ForeColor="#1C5E55" />
<PasswordHintStyle Font-Italic="True" ForeColor="#1C5E55" />
<ContinueButtonStyle BackColor="White" BorderColor="#C5BBAF"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em"
ForeColor="#1C5E55" />
<ChangePasswordButtonStyle BackColor="White" BorderColor="#C5BBAF"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em"
ForeColor="#1C5E55" />
<TitleTextStyle BackColor="#1C5E55" Font-Bold="True" Font-Size="0.9em"
ForeColor="White" />
<ChangePasswordTemplate>
<table border="0" cellpadding="4" cellspacing="0"
style="border-collapse:collapse;">
<tr>
<td>
<table border="0" cellpadding="0">
<tr>
<td align="center" colspan="2"
style="color:White;background-color:#1C5E55;font-size:0.9em;font-weight:bold;">
Change Your Password</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="CurrentPasswordLabel" runat="server"
AssociatedControlID="CurrentPassword">Password:</asp:Label>
</td>
<td>
<asp:TextBox ID="CurrentPassword" runat="server" Font-Size="0.8em"
TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="CurrentPasswordRequired" runat="server"
ControlToValidate="CurrentPassword" ErrorMessage="Password is required."
ToolTip="Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="NewPasswordLabel" runat="server"
AssociatedControlID="NewPassword">New Password:</asp:Label>
</td>
<td>
<asp:TextBox ID="NewPassword" runat="server" Font-Size="0.8em"
TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server"
ControlToValidate="NewPassword" ErrorMessage="New Password is required."
ToolTip="New Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="ConfirmNewPasswordLabel" runat="server"
AssociatedControlID="ConfirmNewPassword">Confirm New Password:</asp:Label>
</td>
<td>
<asp:TextBox ID="ConfirmNewPassword" runat="server" Font-Size="0.8em"
TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="ConfirmNewPasswordRequired" runat="server"
ControlToValidate="ConfirmNewPassword"
ErrorMessage="Confirm New Password is required."
ToolTip="Confirm New Password is required."
ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:CompareValidator ID="NewPasswordCompare" runat="server"
ControlToCompare="NewPassword" ControlToValidate="ConfirmNewPassword"
Display="Dynamic"
ErrorMessage="The Confirm New Password must match the New Password entry."
ValidationGroup="ctl01$ChangePassword1"></asp:CompareValidator>
</td>
</tr>
<tr>
<td align="center" colspan="2" style="color:Red;">
<asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
</td>
</tr>
<tr>
<td align="right">
<asp:Button ID="ChangePasswordPushButton" runat="server" BackColor="White"
BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px"
CommandName="ChangePassword" Font-Names="Verdana" Font-Size="0.8em"
ForeColor="#1C5E55" Text="Change Password"
ValidationGroup="ctl01$ChangePassword1" />
</td>
<td>
<asp:Button ID="CancelPushButton" runat="server" BackColor="White"
BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px"
CausesValidation="False" CommandName="Cancel" Font-Names="Verdana"
Font-Size="0.8em" ForeColor="#1C5E55" Text="Cancel" />
</td>
</tr>
</table>
</td>
</tr>
</table>
</ChangePasswordTemplate>
<TextBoxStyle Font-Size="0.8em" />
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
</asp:ChangePassword>
</LoggedInTemplate>
<AnonymousTemplate>
You are not currently logged in<br />
<br />
<a href="login.aspx">login.aspx</a>
</AnonymousTemplate>
</asp:LoginView>
</form>
</body>
</html>
ASKER
so then how do I do it?
For security purposes, it's very strongly recommended against. To reinforce that, the Microsoft tools simply don't allow it. To bypass that, you are going to need to write low level code that talks directly to the membership provider you are using (probably SQL or Active Directory) and see if there are methods available at that level.
With that said, if I was absolutely determined to implement this, I would capture the login id and password in a control of my own, keeping the password somewhere (like a session variable). Then, when it's time to change the password, I have it available. You'll need to create your own control for the new password to avoid the Microsoft one from asking for the current password. Then you can use the lower level ChangePassword method instead of the control.
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx
Any security person worth their salt would lynch me for even suggesting this approach.
With that said, if I was absolutely determined to implement this, I would capture the login id and password in a control of my own, keeping the password somewhere (like a session variable). Then, when it's time to change the password, I have it available. You'll need to create your own control for the new password to avoid the Microsoft one from asking for the current password. Then you can use the lower level ChangePassword method instead of the control.
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx
Any security person worth their salt would lynch me for even suggesting this approach.
ASKER
ok. how about when I use create account control and i only want the users to be able to enter an email address...can I change that?
Thanks
Thanks
Hmm...I'm not sure I follow that question correctly. I know about the ASP CreateUserWizard control.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard(VS.80).aspx
That has some built in rules and others you can set:
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.createuserstep.aspx
The main required field is UserName, but you could put that in a hidden text box to prevent the user from seeing it, if you generate them. Then, password can be left off by using the AutoGeneratePassword. With Email, you have the choice of making it an optional field or mandatory by setting RequireEmail = true.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard(VS.80).aspx
That has some built in rules and others you can set:
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.createuserstep.aspx
The main required field is UserName, but you could put that in a hidden text box to prevent the user from seeing it, if you generate them. Then, password can be left off by using the AutoGeneratePassword. With Email, you have the choice of making it an optional field or mandatory by setting RequireEmail = true.
ASKER
thanks jamcos
here is what I have now
<td>
<asp:TextBox ID="UserName" runat="server" Visible="false"></asp:Text Box>
<asp:RequiredFieldValidato r ID="UserNameRequired" runat="server"
ControlToValidate="UserNam e" ErrorMessage="User Name is required."
ToolTip="User Name is required." ValidationGroup="CreateUse rWizard1"> *</asp:Req uiredField Validator>
</td>
so I did hide the username...but sice it is a required field, who can I set it up so that the email address is used as username....I am using VB
Thanks again
here is what I have now
<td>
<asp:TextBox ID="UserName" runat="server" Visible="false"></asp:Text
<asp:RequiredFieldValidato
ControlToValidate="UserNam
ToolTip="User Name is required." ValidationGroup="CreateUse
</td>
so I did hide the username...but sice it is a required field, who can I set it up so that the email address is used as username....I am using VB
Thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.changepassword.aspx