Solved

Log In User with Parameters when Changing Password - .Net

Posted on 2011-09-13
6
258 Views
Last Modified: 2012-05-12
I have an .Net App in which want to send an email to a user that presses a Recover Password button that resets the user's password and then sends a link to the user that when followed will log the user in with a new password and bring them to the Change Password page where they must resent their password.  

I'm able to reset the password and get the new randomly generated password that I send back to the user in an email.  However, when the user follows the link back with the UserName and pw parameters, the system does not seem to log them in,

Here's the code I am using on the load event that does not seem to work:

 
try
        {
            string sUserName = Request.QueryString["UserName"].ToString();
            string sPw = Request.QueryString["pw"].ToString();

            if (Membership.ValidateUser(sUserName, sPw))
            {
                //Log the user in???
                FormsAuthentication.Authenticate(sUserName, sPw);
            }
        }

        catch (Exception r)
        {
            string sMessage = r.Message;

        }

Open in new window


Any help in logging the user in with username and password parameters would be greatly appreciated.

rbs
0
Comment
Question by:RBS
6 Comments
 
LVL 2

Expert Comment

by:sanjaysumantera
ID: 36533549
Note: I'm making an assumption that you are doing a post back to the server in your form to save the data to begin with.

After you've processed the form (i.e. saved the data to the DB) why don't you clear the controls from the page and call "CreateChildControls". This would be the quickest way to clear your input controls before rendering the page back to the user.

YMMV, this isn't necessarily the best or safest way to do this but it can/could work; however I've only used this in custom controls that did not have a corresponding ascx file.
0
 
LVL 11

Expert Comment

by:SAMIR BHOGAYTA
ID: 36533780
Hello,

You have to create one page like ActiveUser.aspx and then randomly created password pass through the parameter and put into the textbox when user click's on the redirected link. And then after check the userid and password and allow user to logged in.
0
 
LVL 6

Expert Comment

by:badalpatel
ID: 36534952
Hi,
 
Your code is correct and should run. There are couple of checks we need to make here
1. Is this login check is done in new page or login page? If its in new page then all user can access it or they do have to login to access this new page?
2. if your new password contains spaces or special chars then in you might need to user URLEncode/urlDecode funtionality here
      Server.URLDecode(Request.QueryString["pw"].ToString());
3. Please make sure that username and password are correct ones :)
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:RBS
ID: 36536746
Hi badalpatel:

1.  When the user clicks the link from his email, he is directed to a new page pw.aspx which only processes the code that I have shown in an attempt to log the person in with the temporary password just assigned and then if login is successful, redirects the user to the ChangePassword page.  All users can access the pw page and when I step through the code, it successfully validates the user and I, believe authenticates him.  

2.  The randomly generated password contains special characters.  However I have tried the app by using the link http://localhost/pw.aspx?UserName=TestUser&pw=tassword with the same results - am able to step through the code - user appears to have been logged in but is not...

3.  Yes, the usernames and pws are correct - I verified each :)

Regards,
rbs
0
 
LVL 6

Accepted Solution

by:
badalpatel earned 500 total points
ID: 36540923
Can you please do one thing here, change your code
if (Membership.ValidateUser(sUserName, sPw))
            {
                //Log the user in???
                FormsAuthentication.Authenticate(sUserName, sPw);
            }

with this one,
if (Membership.ValidateUser(sUserName, sPw))
            {
                //Log the user in???
                FormsAuthentication.SetAuthCookie(sUserName, false);
                Response.Redirect("newpage.aspx");
            }

Its worked on my sample page. Find more info here on http://forums.asp.net/t/1247123.aspx
0
 

Author Closing Comment

by:RBS
ID: 36542834
Great, thanks - worked like a charm.

rbs
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question