[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Membership User Reset Password

Posted on 2009-02-09
7
Medium Priority
?
3,511 Views
Last Modified: 2012-05-06
I'm trying to provide the users and Admin users the ability to reset their password and then change it on the next login.  The reset password works and the users can login but if they try to chagne their password to something more readable I get the follow error.

"The password supplied is invalid.  Passwords must conform to the password strength requirements configured for the default provider"

I'm trying to Reset and then changing the password using the code below.  I still get the same error.  


Web.Config
 
	  minRequiredPasswordLength="3"
           minRequiredNonalphanumericCharacters="0"
	  enablePasswordReset="true"
  requiresQuestionAndAnswer="true"
  attributeMapPasswordQuestion="userPwdResetQ"
  attributeMapPasswordAnswer="userPwdResetA"
  attributeMapFailedPasswordAnswerCount="badPWDCount"
  attributeMapFailedPasswordAnswerTime="badPasswordTime"
  attributeMapFailedPasswordAnswerLockoutTime="badPasswordLockoutTime"     
 
Method to reset and change password:
 
  MembershipUser user = Membership.GetUser(uid);
                string newpwd = "newPassword!";
 
                string resetpwd = user.ResetPassword("QuestionAnswser");
 
                Membership.UpdateUser(user);
 
                user.ChangePassword(resetpwd, newpwd);

Open in new window

0
Comment
Question by:zekuser
  • 3
  • 3
7 Comments
 
LVL 7

Expert Comment

by:60MXG
ID: 23592198
You need to do it on the .config file!  Here is the forum for your answer!

http://forums.asp.net/p/1112286/1715037.aspx#1715037

0
 
LVL 6

Expert Comment

by:rdogmartin
ID: 23593564
I'm not sure why your code is failing, but it may help to skip the ResetPassword / UpdateUser step. Try this:

user.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword);

This won't work if you are using hashed passwords but it should work for encrypted and clear.
0
 

Author Comment

by:zekuser
ID: 23593681
I know you have to do it in the config File!! that is why i posted the web config section first.  The only piece I didn't paste in was passwordStrengthRegularExpression="".  

I'll try the cuser.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword); to see if it works.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:zekuser
ID: 23593894
I'm getting Attribute not recognized enablePasswordRetrieval.  I researched a little more and I found this on MSDN.


The ActiveDirectoryMembershipProvider class does not support this method. " 
0
 
LVL 6

Expert Comment

by:rdogmartin
ID: 23594128
Yes, you are correct about the AD provider. I went through this last year. In the end I found that while I could change my own password using the ChangePassword control, I couldn't change anyone else's.

0
 

Author Comment

by:zekuser
ID: 23594170
I have an admin account that I supply to the Provider in the web.config file and I can change a users password.  The problem is that I need to know what the users password was .  I can reset the users password (without knowing their password) but this password is generated by the provider.  The password has to exist for a minimum of 24 hours becuas that is the minimum in the policy.  My options as I see them are to either set the min password age = 0 in the policy or force users to wait 24 hours to change their password.

0
 
LVL 6

Accepted Solution

by:
rdogmartin earned 1500 total points
ID: 23594293
I don't think you'll ever get AD to provide you with the user's password so that you can call user.ChangePassword. Isn't an AD password stored using a 1-way hash? If it is, no one - not even Windows - can turn that back into clear text for you to pass around as a parameter.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question