Hiya Guys, Firstly like to appologise if this question has been asked before, if it has just point me in the right direction please.
OK I have an umbraco 4.0.2.1 site and I am setting up a role based protection members area on the front end site and the <asp:login> controls and such work lovely.
However the default <asp:PasswordRecovery> control I had no luck due to password being hashed. As when changing the membership provider settings in the web.config I get a YSOD saying
Provider cannot retrieve hashed password
OK then I thought I would create a custom .NET usercontrol to reset the password and send out an email.
With the code below it is definately resetting the password with a new password, however when i try to then login, the new password sent out doesn't work. What am I doing wrong?
Was watching speedskating yesterday so I made a mistake. You need to assign the new password to the member also. I am using the umbraco member objects for this. I know this is not the prefered approach but when using the default member objects you can set the password . I've used the code below:
I've found this quite interesting, I originally (wrongly) assumed that to change a member's password, you would set set the password property, and it would work out the hashing or encryption, such as:
m.ChangePassword("password");
What I actually found was this just wrote the value straight into the database, and thus the user could not log on after changing the password, so, I found that using the helper functions, you could hash the password manually, this applies for members changing their password, creating new accounts, or an administrator having the ability to set a members password (outside of Umbraco's admin suite)
If you wish to set the password directly, without using the MembershipProvider, this works and correctly hashed the password (GeneratePassword just does a Guid.NewGuid().ToString().Replace("-", "").Substring(0, 6) - but this could be anything.)
Forgotton Password reset password not working - Umbraco 4.0.2.1
Hiya Guys,
Firstly like to appologise if this question has been asked before, if it has just point me in the right direction please.
OK I have an umbraco 4.0.2.1 site and I am setting up a role based protection members area on the front end site and the <asp:login> controls and such work lovely.
However the default <asp:PasswordRecovery> control I had no luck due to password being hashed. As when changing the membership provider settings in the web.config I get a YSOD saying
Provider cannot retrieve hashed password
OK then I thought I would create a custom .NET usercontrol to reset the password and send out an email.
With the code below it is definately resetting the password with a new password, however when i try to then login, the new password sent out doesn't work. What am I doing wrong?
Appreciate your input guys.
Thanks,
Warren
Hi Warren,
I think this may be related to the double hashing bug:
http://umbraco.codeplex.com/WorkItem/View.aspx?WorkItemId=23320
I submitted a patch for this, which has been accepted into version 4.1.
I think the only workaround at this stage is to turn off password hashing.
Although I might double check that.
T
Cheers Tim :)
Hmmm not sure if I can go bleeding edge with this client's site and go with the 4.1 beta 2 release.
I'll run it past the guys at work and see what they have to say though.
Warren
Hi Warren,
Had the same last week. Change the line
newPassword = user.ResetPassword();
to
newPassword = Membership
.GeneratePassword(6,2)
bit hard coded but 6 is the length of your password and the 2 the amount of nonAlphanumeric digits
More info on msdn
Cheers,
Richard
Hiya Richard,
Did this definately work for you?
As I have just tried this and I am getting the new password sent in the email, but it still doesnt work with the login.
Hi Warren,
Was watching speedskating yesterday so I made a mistake. You need to assign the new password to the member also. I am using the umbraco member objects for this. I know this is not the prefered approach but when using the default member objects you can set the password . I've used the code below:
Hope it works for you,
Richard
I've found this quite interesting, I originally (wrongly) assumed that to change a member's password, you would set set the password property, and it would work out the hashing or encryption, such as:
m.ChangePassword("password");What I actually found was this just wrote the value straight into the database, and thus the user could not log on after changing the password, so, I found that using the helper functions, you could hash the password manually, this applies for members changing their password, creating new accounts, or an administrator having the ability to set a members password (outside of Umbraco's admin suite)
In this example, 1 is the fictional member ID!
Ian i totally forgot about this post, but this looks like a good solution to the problem.
Warren
Works using 4.0.4.2 as well.
Thanks for that Ian! :)
string newpassword = GeneratePassword(); member.Password = newpassword; member.Save();If you wish to set the password directly, without using the MembershipProvider, this works and correctly hashed the password (GeneratePassword just does a Guid.NewGuid().ToString().Replace("-", "").Substring(0, 6) - but this could be anything.)
is working on a reply...