Password change...not to ask abour previous password

Hello experts,

I am getting my hands wet with ASP.net coming from other development technologies. I am using visual studio express 2008 and am trying to have the user change there password after initial log in. However, once a user logged in, he already put in the password and when I use changepassword control under the toolbox in Visual Web Developer, it puts the field password automatically there asking the users again for the password. How can I have that field automatically filled so the user doesn't have to reenter the password.

Thanks

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    <asp:LoginView ID="LoginView1" runat="server">
        <LoggedInTemplate>
            Welcome Back<br />
            <br />
            &nbsp;<asp:LoginName ID="LoginName1" runat="server" />
            <br />
            <asp:ChangePassword ID="ChangePassword1" runat="server" BackColor="#E3EAEB" 
                BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px" 
                Font-Names="Verdana" Font-Size="0.8em">
                <CancelButtonStyle BackColor="White" BorderColor="#C5BBAF" BorderStyle="Solid" 
                    BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" ForeColor="#1C5E55" />
                <PasswordHintStyle Font-Italic="True" ForeColor="#1C5E55" />
                <ContinueButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <ChangePasswordButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <TitleTextStyle BackColor="#1C5E55" Font-Bold="True" Font-Size="0.9em" 
                    ForeColor="White" />
                <ChangePasswordTemplate>
                    <table border="0" cellpadding="4" cellspacing="0" 
                        style="border-collapse:collapse;">
                        <tr>
                            <td>
                                <table border="0" cellpadding="0">
                                    <tr>
                                        <td align="center" colspan="2" 
                                            style="color:White;background-color:#1C5E55;font-size:0.9em;font-weight:bold;">
                                            Change Your Password</td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="CurrentPasswordLabel" runat="server" 
                                                AssociatedControlID="CurrentPassword">Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="CurrentPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="CurrentPasswordRequired" runat="server" 
                                                ControlToValidate="CurrentPassword" ErrorMessage="Password is required." 
                                                ToolTip="Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="NewPasswordLabel" runat="server" 
                                                AssociatedControlID="NewPassword">New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="NewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server" 
                                                ControlToValidate="NewPassword" ErrorMessage="New Password is required." 
                                                ToolTip="New Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="ConfirmNewPasswordLabel" runat="server" 
                                                AssociatedControlID="ConfirmNewPassword">Confirm New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="ConfirmNewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="ConfirmNewPasswordRequired" runat="server" 
                                                ControlToValidate="ConfirmNewPassword" 
                                                ErrorMessage="Confirm New Password is required." 
                                                ToolTip="Confirm New Password is required." 
                                                ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2">
                                            <asp:CompareValidator ID="NewPasswordCompare" runat="server" 
                                                ControlToCompare="NewPassword" ControlToValidate="ConfirmNewPassword" 
                                                Display="Dynamic" 
                                                ErrorMessage="The Confirm New Password must match the New Password entry." 
                                                ValidationGroup="ctl01$ChangePassword1"></asp:CompareValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2" style="color:Red;">
                                            <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Button ID="ChangePasswordPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CommandName="ChangePassword" Font-Names="Verdana" Font-Size="0.8em" 
                                                ForeColor="#1C5E55" Text="Change Password" 
                                                ValidationGroup="ctl01$ChangePassword1" />
                                        </td>
                                        <td>
                                            <asp:Button ID="CancelPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CausesValidation="False" CommandName="Cancel" Font-Names="Verdana" 
                                                Font-Size="0.8em" ForeColor="#1C5E55" Text="Cancel" />
                                        </td>
                                    </tr>
                                </table>
                            </td>
                        </tr>
                    </table>
                </ChangePasswordTemplate>
                <TextBoxStyle Font-Size="0.8em" />
                <InstructionTextStyle Font-Italic="True" ForeColor="Black" />
            </asp:ChangePassword>
        </LoggedInTemplate>
        <AnonymousTemplate>
            You are not currently logged in<br />
            <br />
            <a href="login.aspx">login.aspx</a>
        </AnonymousTemplate>
    </asp:LoginView>
    </form>
</body>
</html>

Open in new window

LVL 9
syedasimmeesaqAsked:
Who is Participating?
 
jamcosConnect With a Mentor Commented:
I'd create a TextBox for the email address, then when it changes, assign that to the UserName. Something like this in the aspx:
    e-mail address:<asp:TextBox ID="EmailAddress" runat="server" ontextchanged="EmailAddress_TextChanged"></asp:TextBox>

Then, the code behind gets (sorry my language is C#, but it should translate easily:
    protected void EmailAddress_TextChanged(object sender, EventArgs e)
    {
       UserName.Text = EmailAddress.Text;
    }
0
 
jamcosCommented:
Using the ChangePassword control, there is no such option. It will always ask for the current password. You also cannot get this and fill it in for the user, as passwords are one way encryption and can't be (reliably) decrypted. Here's the whole Microsoft reference on the ChangePassword class.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.changepassword.aspx
0
 
syedasimmeesaqAuthor Commented:
so then how do I do it?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
jamcosCommented:
For security purposes, it's very strongly recommended against. To reinforce that, the Microsoft tools simply don't allow it. To bypass that, you are going to need to write low level code that talks directly to the membership provider you are using (probably SQL or Active Directory) and see if there are methods available at that level.

With that said, if I was absolutely determined to implement this, I would capture the login id and password in a control of my own, keeping the password somewhere (like a session variable). Then, when it's time to change the password, I have it available. You'll need to create your own control for the new password to avoid the Microsoft one from asking for the current password. Then you can use the lower level ChangePassword method instead of the control.
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx
Any security person worth their salt would lynch me for even suggesting this approach.
0
 
syedasimmeesaqAuthor Commented:
ok. how about when I use create account control and i only want the users to be able to enter an email address...can I change that?

Thanks
0
 
jamcosCommented:
Hmm...I'm not sure I follow that question correctly. I know about the ASP CreateUserWizard control.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard(VS.80).aspx
That has some built in rules and others you can set:
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.createuserstep.aspx
The main required field is UserName, but you could put that in a hidden text box to prevent the user from seeing it, if you generate them. Then, password can be left off by using the AutoGeneratePassword. With Email, you have the choice of making it an optional field or mandatory by setting RequireEmail = true.
0
 
syedasimmeesaqAuthor Commented:
thanks jamcos

here is what I have now

<td>
                                <asp:TextBox ID="UserName" runat="server"  Visible="false"></asp:TextBox>
                                <asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
                                    ControlToValidate="UserName" ErrorMessage="User Name is required."
                                    ToolTip="User Name is required." ValidationGroup="CreateUserWizard1">*</asp:RequiredFieldValidator>
                            </td>

so I did hide the username...but sice it is a required field, who can I set it up so that the email address is used as username....I am using VB

Thanks again
0
 
syedasimmeesaqAuthor Commented:
thanks
0
All Courses

From novice to tech pro — start learning today.