Link to home
Start Free TrialLog in
Avatar of syedasimmeesaq
syedasimmeesaqFlag for United States of America

asked on

Password change...not to ask abour previous password

Hello experts,

I am getting my hands wet with ASP.net coming from other development technologies. I am using visual studio express 2008 and am trying to have the user change there password after initial log in. However, once a user logged in, he already put in the password and when I use changepassword control under the toolbox in Visual Web Developer, it puts the field password automatically there asking the users again for the password. How can I have that field automatically filled so the user doesn't have to reenter the password.

Thanks

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    <asp:LoginView ID="LoginView1" runat="server">
        <LoggedInTemplate>
            Welcome Back<br />
            <br />
            &nbsp;<asp:LoginName ID="LoginName1" runat="server" />
            <br />
            <asp:ChangePassword ID="ChangePassword1" runat="server" BackColor="#E3EAEB" 
                BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px" 
                Font-Names="Verdana" Font-Size="0.8em">
                <CancelButtonStyle BackColor="White" BorderColor="#C5BBAF" BorderStyle="Solid" 
                    BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" ForeColor="#1C5E55" />
                <PasswordHintStyle Font-Italic="True" ForeColor="#1C5E55" />
                <ContinueButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <ChangePasswordButtonStyle BackColor="White" BorderColor="#C5BBAF" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#1C5E55" />
                <TitleTextStyle BackColor="#1C5E55" Font-Bold="True" Font-Size="0.9em" 
                    ForeColor="White" />
                <ChangePasswordTemplate>
                    <table border="0" cellpadding="4" cellspacing="0" 
                        style="border-collapse:collapse;">
                        <tr>
                            <td>
                                <table border="0" cellpadding="0">
                                    <tr>
                                        <td align="center" colspan="2" 
                                            style="color:White;background-color:#1C5E55;font-size:0.9em;font-weight:bold;">
                                            Change Your Password</td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="CurrentPasswordLabel" runat="server" 
                                                AssociatedControlID="CurrentPassword">Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="CurrentPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="CurrentPasswordRequired" runat="server" 
                                                ControlToValidate="CurrentPassword" ErrorMessage="Password is required." 
                                                ToolTip="Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="NewPasswordLabel" runat="server" 
                                                AssociatedControlID="NewPassword">New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="NewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="NewPasswordRequired" runat="server" 
                                                ControlToValidate="NewPassword" ErrorMessage="New Password is required." 
                                                ToolTip="New Password is required." ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Label ID="ConfirmNewPasswordLabel" runat="server" 
                                                AssociatedControlID="ConfirmNewPassword">Confirm New Password:</asp:Label>
                                        </td>
                                        <td>
                                            <asp:TextBox ID="ConfirmNewPassword" runat="server" Font-Size="0.8em" 
                                                TextMode="Password"></asp:TextBox>
                                            <asp:RequiredFieldValidator ID="ConfirmNewPasswordRequired" runat="server" 
                                                ControlToValidate="ConfirmNewPassword" 
                                                ErrorMessage="Confirm New Password is required." 
                                                ToolTip="Confirm New Password is required." 
                                                ValidationGroup="ctl01$ChangePassword1">*</asp:RequiredFieldValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2">
                                            <asp:CompareValidator ID="NewPasswordCompare" runat="server" 
                                                ControlToCompare="NewPassword" ControlToValidate="ConfirmNewPassword" 
                                                Display="Dynamic" 
                                                ErrorMessage="The Confirm New Password must match the New Password entry." 
                                                ValidationGroup="ctl01$ChangePassword1"></asp:CompareValidator>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="center" colspan="2" style="color:Red;">
                                            <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td align="right">
                                            <asp:Button ID="ChangePasswordPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CommandName="ChangePassword" Font-Names="Verdana" Font-Size="0.8em" 
                                                ForeColor="#1C5E55" Text="Change Password" 
                                                ValidationGroup="ctl01$ChangePassword1" />
                                        </td>
                                        <td>
                                            <asp:Button ID="CancelPushButton" runat="server" BackColor="White" 
                                                BorderColor="#C5BBAF" BorderStyle="Solid" BorderWidth="1px" 
                                                CausesValidation="False" CommandName="Cancel" Font-Names="Verdana" 
                                                Font-Size="0.8em" ForeColor="#1C5E55" Text="Cancel" />
                                        </td>
                                    </tr>
                                </table>
                            </td>
                        </tr>
                    </table>
                </ChangePasswordTemplate>
                <TextBoxStyle Font-Size="0.8em" />
                <InstructionTextStyle Font-Italic="True" ForeColor="Black" />
            </asp:ChangePassword>
        </LoggedInTemplate>
        <AnonymousTemplate>
            You are not currently logged in<br />
            <br />
            <a href="login.aspx">login.aspx</a>
        </AnonymousTemplate>
    </asp:LoginView>
    </form>
</body>
</html>

Open in new window

Avatar of jamcos
jamcos

Using the ChangePassword control, there is no such option. It will always ask for the current password. You also cannot get this and fill it in for the user, as passwords are one way encryption and can't be (reliably) decrypted. Here's the whole Microsoft reference on the ChangePassword class.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.changepassword.aspx
Avatar of syedasimmeesaq

ASKER

so then how do I do it?
For security purposes, it's very strongly recommended against. To reinforce that, the Microsoft tools simply don't allow it. To bypass that, you are going to need to write low level code that talks directly to the membership provider you are using (probably SQL or Active Directory) and see if there are methods available at that level.

With that said, if I was absolutely determined to implement this, I would capture the login id and password in a control of my own, keeping the password somewhere (like a session variable). Then, when it's time to change the password, I have it available. You'll need to create your own control for the new password to avoid the Microsoft one from asking for the current password. Then you can use the lower level ChangePassword method instead of the control.
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx
Any security person worth their salt would lynch me for even suggesting this approach.
ok. how about when I use create account control and i only want the users to be able to enter an email address...can I change that?

Thanks
Hmm...I'm not sure I follow that question correctly. I know about the ASP CreateUserWizard control.
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard(VS.80).aspx
That has some built in rules and others you can set:
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.createuserstep.aspx
The main required field is UserName, but you could put that in a hidden text box to prevent the user from seeing it, if you generate them. Then, password can be left off by using the AutoGeneratePassword. With Email, you have the choice of making it an optional field or mandatory by setting RequireEmail = true.
thanks jamcos

here is what I have now

<td>
                                <asp:TextBox ID="UserName" runat="server"  Visible="false"></asp:TextBox>
                                <asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
                                    ControlToValidate="UserName" ErrorMessage="User Name is required."
                                    ToolTip="User Name is required." ValidationGroup="CreateUserWizard1">*</asp:RequiredFieldValidator>
                            </td>

so I did hide the username...but sice it is a required field, who can I set it up so that the email address is used as username....I am using VB

Thanks again
ASKER CERTIFIED SOLUTION
Avatar of jamcos
jamcos

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks