zhshqzyc
asked on
Change password failed
Did I miss something?
ChangePassword2 is an asp.net ChangePassword control.
I found that it always return a false bool.
protected void ChangePassword2_ChangedPassword(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser(Request.QueryString["UserName"]);
string currentPassword = ChangePassword2.CurrentPassword.ToString();
bool success = user.ChangePassword(currentPassword,ChangePassword2.ConfirmNewPassword);
ChangePassword2 is an asp.net ChangePassword control.
I found that it always return a false bool.
ASKER
I am using Aspnet Membership Provider. It is hard to reset password by an administrator because he can not get the current password. If there is not currentpassword property, how can I pull out the hashed password of an user from the database?
So what is a correct way to reset password by an administrator?
protected void btnResetPw_Click(object sender, EventArgs e)
{
string userName = this.Request.QueryString["UserName"];
MembershipUser user = Membership.GetUser(userName);
if (newPass.Text == confirmPass.Text && confirmPass.Text != null && confirmPass.Text.Length > 0)
{
// string currentPassword = user.Something??????????
try
{
bool success = user.ChangePassword(currentPassword, confirmPass.Text);
Maybe this logic is totally wrong?So what is a correct way to reset password by an administrator?
Aha, I think I see the problem now.
The intent is NOT for you to fetch the existing user password from the database - its for the USER to supply the existing password as a means of authenticating the user making the password change. That is assuming only the person changing the password would know the current password. So you're password change dialog would need to include a "Current Password" field that you can capture and send to the membership provider.
The intent is NOT for you to fetch the existing user password from the database - its for the USER to supply the existing password as a means of authenticating the user making the password change. That is assuming only the person changing the password would know the current password. So you're password change dialog would need to include a "Current Password" field that you can capture and send to the membership provider.
ASKER
Yes. You are right. Reset password can be done easily by the user because he/she know the current password. This can be done by including the "Existing Password" field. I believe the standard PasswordRecovery control already include this function.
However, I got an assignment for implementing a resetting the password by an administrator. Because he/she doesn't know the user's current password. So can we say the assignment itself is ridiculous or impossible or there maybe a way to complete it?
However, I got an assignment for implementing a resetting the password by an administrator. Because he/she doesn't know the user's current password. So can we say the assignment itself is ridiculous or impossible or there maybe a way to complete it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you sure the currentPassword isn't encrypted or at least encoded in some way other than cleartext? That is, if a non-cleartext password is returned by the CurrentPassword property, passing it unadulterated as the first parameter to ChangePassword will always fail.
The other possibility is that the new password supplied by the user violates the providers password strength requirement, eg contains illegal characters, too long/short, etc.
If you can provide more detail, ensure you haven't misnamed the controls holding the password values, etc. we can hopefully help you better.