Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

asp.net mvc5 OWIN

Posted on 2016-08-18
3
Medium Priority
?
95 Views
Last Modified: 2016-08-18
Guys,

I implemented owin authentication user and all works  fine. I have one problem that i can't figure how to implement.

i'm trying to reset password for user, and the only things the framework provided is  this method:
example:
Usermanager.ResetPassword(model.Id, code, model.Password);

I would like to reset the password without passing any token and sent email to user. what I would like to do is to reset the password and tell user what is new password :).
There is a way to do it that way?
0
Comment
Question by:Moti Mashiah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 41761310
As usual I found my solution by myself --useless website :)
Here is the solution:

var Usermanager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));

            Usermanager.RemovePassword(model.Id);
            Usermanager.AddPassword(model.Id, model.Password);

Open in new window

0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41761318
I don't think you've thought this out.
1. A password is a secret.  The only way two people can keep a secret is if one is dead.
2. Most systems don't store the plaintext password. They store a salted hash of the password this means that you can't send the user the password.  If you go to a site and the site does offer you the recovery method which sends you the password it is insecure.
3. Implementing your proposed method allows someone other than the user to change the password. Another no-no. See Point #1
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 41761334
Thank you for your message, but I think that I didn't explained all my scenario.

I'm building this authentication for internal users and my requirements was to let only the Admin the access of managing users.

In the solution I provide the Admin will not be able to know the password users have as its stored in the database as a hashing password or reset, but he will be able to remove and add new password to the default password the company agree on, then the user in the first login will type the default password and will require to change the password to the one he likes(of course depend on policy).

Let me know if you still see any concern regarding this implementation.

"Kinda of active directory logic"

Thanks,
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question