I'm using the PasswordRecovery .NET control to reset member passwords. I have set the UmbracoMembershipProvider to enablePasswordReset="true" and passwordFormat="Hashed". When the control resets the password, I receive an email with a new password and the database is updated with a new hashed password. However when I try to login, the new password doesn't work. If I go into the admin area and change the password in the members section, the password is properly changed. What am i missing?
Umbraco v 4.0.2.1 asp.net 2.0.50727 w/ 3.5 SP1 Windows 2003/IIS6
If i'm the only person having this problem, then i must be doing something wrong. Please help! I can't go live with this website if I can't provide a mechanism for resetting a password.
I have tried using the ASP.NET PasswordRecovery control with both hashed and encrypted. Both reset the password, but the password in the email doesn't work.
I have also tried setting the password manually:
Member m = Member.GetMemberFromEmail(email); string password = Membership.GeneratePassword(8, 1); m.Password = password;
This also resets the password to something, but when i try to logon using the new password it doesn't work.
The only way I am able to change the password is through the Admin.
My Web.config membership provider looks like this:
Adam - I have experienced the same problem. My workaround was to use the left 8 characters of a new GUID as the temporary password. It is generally random and unique enough for a password reset process.
Member m = Member.GetMemberFromEmail(email);
string password = Left(Guid.NewGuid.ToString, 8);
m.Password = password;
Yes, that works for manually setting the m.password property.
But, the PasswordRecovery .NET control uses the ResetPassword method in the membership provider. The umbraco membership provider encodes the password and sets the m.password property with the encoded password. however, the SET method of the Password property calls EncodePassword(). In effect, encoding the password twice.
I managed to ge this working by creating a project and overriding the ResetPassword method and not encoding the password, I then added another membership provider to the web.config. Then in the PasswordRecovery page I set the MembershipProvider to my new one!!!
namespace NewUmbracoMembershipProvider { public class NewUmbracoMembershipProvider : umbraco.providers.members.UmbracoMembershipProvider {
public override string ResetPassword(string username, string answer) {
umbraco.cms.businesslogic.member.Member memberFromLoginName = Member.GetMemberFromLoginName(username); if (memberFromLoginName == null) { throw new MembershipPasswordException("The supplied user is not found"); }
Password Reset saving incorrect password
I'm using the PasswordRecovery .NET control to reset member passwords. I have set the UmbracoMembershipProvider to enablePasswordReset="true" and passwordFormat="Hashed". When the control resets the password, I receive an email with a new password and the database is updated with a new hashed password. However when I try to login, the new password doesn't work. If I go into the admin area and change the password in the members section, the password is properly changed. What am i missing?
Umbraco v 4.0.2.1
asp.net 2.0.50727 w/ 3.5 SP1
Windows 2003/IIS6
Thanks in advance!
Adam
Comment author was deleted
Hi Adam,
Sounds like a bug, could you submit it to the issue tracker on codeplex.
I've submitted the issue on codeplex.
WorkItemId: 23320</span>
If i'm the only person having this problem, then i must be doing something wrong. Please help! I can't go live with this website if I can't provide a mechanism for resetting a password.
I have tried using the ASP.NET PasswordRecovery control with both hashed and encrypted. Both reset the password, but the password in the email doesn't work.
I have also tried setting the password manually:
This also resets the password to something, but when i try to logon using the new password it doesn't work.
The only way I am able to change the password is through the Admin.
My Web.config membership provider looks like this:
I believe this issue is a bug in the umbraco.providers.members.UmbracoMembershipProvider.ResetPassword
Line 665 sets the Member.Password property with an Encoded password.
The problem is that the Set method of the Password property also encodes the password, so the password is essentially encoded twice
Adam - I have experienced the same problem. My workaround was to use the left 8 characters of a new GUID as the temporary password. It is generally random and unique enough for a password reset process.
Yes, that works for manually setting the m.password property.
But, the PasswordRecovery .NET control uses the ResetPassword method in the membership provider. The umbraco membership provider encodes the password and sets the m.password property with the encoded password. however, the SET method of the Password property calls EncodePassword(). In effect, encoding the password twice.
I managed to ge this working by creating a project and overriding the ResetPassword method and not encoding the password, I then added another membership provider to the web.config. Then in the PasswordRecovery page I set the MembershipProvider to my new one!!!
WEB.CONFIG:
<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
<providers>.
<add enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" defaultMemberTypeAlias="WebsiteUser"
passwordFormat="Encrypted" name="NewUmbracoMembershipProvider" type="NewUmbracoMembershipProvider.NewUmbracoMembershipProvider" />
CODE:
namespace NewUmbracoMembershipProvider
{
public class NewUmbracoMembershipProvider : umbraco.providers.members.UmbracoMembershipProvider
{
public override string ResetPassword(string username, string answer)
{
umbraco.cms.businesslogic.member.Member memberFromLoginName = Member.GetMemberFromLoginName(username);
if (memberFromLoginName == null)
{
throw new MembershipPasswordException("The supplied user is not found");
}
string password = Membership.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters);
memberFromLoginName.Password = password;
return password;
}
}
}
Saintwright!
Thanks a lot for this. Saved my ass.
/John
is working on a reply...