Password change...not to ask abour previous password

Hello experts,

I am getting my hands wet with ASP.net coming from other development technologies. I am using visual studio express 2008 and am trying to have the user change there password after initial log in. However, once a user logged in, he already put in the password and when I use changepassword control under the toolbox in Visual Web Developer, it puts the field password automatically there asking the users again for the password. How can I have that field automatically filled so the user doesn't have to reenter the password.

Thanks

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    <asp:LoginView ID="LoginView1" runat="server">
        <LoggedInTemplate>
            Welcome Back<br />
            <br />
            &nbsp;<asp:LoginName ID="LoginName1" runat="server" />
            <br />
            <asp:ChangePassword ID="ChangePassword1" runat="server" BackColor="#E3EAEB" 
                BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px" 
                Font-Names="Verdana" Font-Size="0.8em">
                <CancelButtonStyle BackColor="White" BorderColor="#C5BBAF" BorderStyle="Solid" 
                    BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" ForeColor="#1C5E55" />
                <PasswordHintStyle Font-Italic="True" ForeColor="#1C5E55" />
                <ContinueButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <ChangePasswordButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <TitleTextStyle BackColor="#1C5E55" Font-Bold="True" Font-Size="0.9em" 
                    ForeColor="White" />
                <ChangePasswordTemplate>
                    <table border="0" cellpadding="4" cellspacing="0" 
                        style="border-collapse:collapse;">
                        <tr>
                            <td>
                                <table border="0" cellpadding="0">
                                    <tr>
                                        <td align="center" colspan="2" 
                                            style="color:White;background-color:#1C5E55;font-size:0.9em;font-weight:bold;">
                                            Change Your Password</td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="CurrentPasswordLabel" runat="server" 
                                                AssociatedControlID="CurrentPassword">Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="CurrentPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="CurrentPasswordRequired" runat="server" 
                                                ControlToValidate="CurrentPassword" ErrorMessage="Password is required." 
                                                ToolTip="Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="NewPasswordLabel" runat="server" 
                                                AssociatedControlID="NewPassword">New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="NewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server" 
                                                ControlToValidate="NewPassword" ErrorMessage="New Password is required." 
                                                ToolTip="New Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="ConfirmNewPasswordLabel" runat="server" 
                                                AssociatedControlID="ConfirmNewPassword">Confirm New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="ConfirmNewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="ConfirmNewPasswordRequired" runat="server" 
                                                ControlToValidate="ConfirmNewPassword" 
                                                ErrorMessage="Confirm New Password is required." 
                                                ToolTip="Confirm New Password is required." 
                                                ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2">
                                            <asp:CompareValidator ID="NewPasswordCompare" runat="server" 
                                                ControlToCompare="NewPassword" ControlToValidate="ConfirmNewPassword" 
                                                Display="Dynamic" 
                                                ErrorMessage="The Confirm New Password must match the New Password entry." 
                                                ValidationGroup="ctl01$ChangePassword1"></asp:CompareValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2" style="color:Red;">
                                            <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Button ID="ChangePasswordPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CommandName="ChangePassword" Font-Names="Verdana" Font-Size="0.8em" 
                                                ForeColor="#1C5E55" Text="Change Password" 
                                                ValidationGroup="ctl01$ChangePassword1" />
                                        </td>
                                        <td>
                                            <asp:Button ID="CancelPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CausesValidation="False" CommandName="Cancel" Font-Names="Verdana" 
                                                Font-Size="0.8em" ForeColor="#1C5E55" Text="Cancel" />
                                        </td>
                                    </tr>
                                </table>
                            </td>
                        </tr>
                    </table>
                </ChangePasswordTemplate>
                <TextBoxStyle Font-Size="0.8em" />
                <InstructionTextStyle Font-Italic="True" ForeColor="Black" />
            </asp:ChangePassword>
        </LoggedInTemplate>
        <AnonymousTemplate>
            You are not currently logged in<br />
            <br />
            <a href="login.aspx">login.aspx</a>
        </AnonymousTemplate>
    </asp:LoginView>
    </form>
</body>
</html>

Open in new window

LVL 9
syedasimmeesaqAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jamcosCommented:
Using the ChangePassword control, there is no such option. It will always ask for the current password. You also cannot get this and fill it in for the user, as passwords are one way encryption and can't be (reliably) decrypted. Here's the whole Microsoft reference on the ChangePassword class.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.changepassword.aspx
0
syedasimmeesaqAuthor Commented:
so then how do I do it?
0
jamcosCommented:
For security purposes, it's very strongly recommended against. To reinforce that, the Microsoft tools simply don't allow it. To bypass that, you are going to need to write low level code that talks directly to the membership provider you are using (probably SQL or Active Directory) and see if there are methods available at that level.

With that said, if I was absolutely determined to implement this, I would capture the login id and password in a control of my own, keeping the password somewhere (like a session variable). Then, when it's time to change the password, I have it available. You'll need to create your own control for the new password to avoid the Microsoft one from asking for the current password. Then you can use the lower level ChangePassword method instead of the control.
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx
Any security person worth their salt would lynch me for even suggesting this approach.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

syedasimmeesaqAuthor Commented:
ok. how about when I use create account control and i only want the users to be able to enter an email address...can I change that?

Thanks
0
jamcosCommented:
Hmm...I'm not sure I follow that question correctly. I know about the ASP CreateUserWizard control.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard(VS.80).aspx
That has some built in rules and others you can set:
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.createuserstep.aspx
The main required field is UserName, but you could put that in a hidden text box to prevent the user from seeing it, if you generate them. Then, password can be left off by using the AutoGeneratePassword. With Email, you have the choice of making it an optional field or mandatory by setting RequireEmail = true.
0
syedasimmeesaqAuthor Commented:
thanks jamcos

here is what I have now

<td>
                                <asp:TextBox ID="UserName" runat="server"  Visible="false"></asp:TextBox>
                                <asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
                                    ControlToValidate="UserName" ErrorMessage="User Name is required."
                                    ToolTip="User Name is required." ValidationGroup="CreateUserWizard1">*</asp:RequiredFieldValidator>
                            </td>

so I did hide the username...but sice it is a required field, who can I set it up so that the email address is used as username....I am using VB

Thanks again
0
jamcosCommented:
I'd create a TextBox for the email address, then when it changes, assign that to the UserName. Something like this in the aspx:
    e-mail address:<asp:TextBox ID="EmailAddress" runat="server" ontextchanged="EmailAddress_TextChanged"></asp:TextBox>

Then, the code behind gets (sorry my language is C#, but it should translate easily:
    protected void EmailAddress_TextChanged(object sender, EventArgs e)
    {
       UserName.Text = EmailAddress.Text;
    }
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
syedasimmeesaqAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.