Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
When creating new members through the MemberService, or by creating a new Member() and calling member.Save(), the password appears in the database in plain text.
These two methods appear to be the most intuitive ways to create a new member, yet these methods do not hash the password, despite the config setting (i.e. passwordFormat="Hashed")
If I use MemberService.SavePassword() it does hash the password, but this approach requires me to modify the config setting: allowManuallyChangingPassword="true"
which violates best recommended practice.
I am very new to Umbraco, what is the correct workflow for creating new members and assigning a temporary password (hashed) so they can login?
welcome to Our!
This sounds a bit strange, because I would have expected that if you create the Member the password is stored according to the settings on the MembershipProvider.
A few questions that could help answering your question:
And then we will try to solve this!
Which version of Umbraco are you using?
Currently we are on v7.6.4
Can you share some code that you're using
I have tried many variations of creating a new member with a default password. Here is a very simple version, two lines:
cmsMember = new Member(parms.lastName + ", " + parms.firstName, parms.email, parms.email, tempPassword, cmsMemberType);
Can you copy paste the web.config MembershipProvider line that you are using?
[add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="false" /]
As you can see in the "UmbracoMembershipProvider, "passwordFormat" is set to "Hashed". Execute the code above, with this "UmbracoMembershipProvider" definition, and the password will be stored in plain text.
If this information is not clear in any way, please ask for additional clarification.
First off, please make members in the following way:
var member = memberService.CreateMember("email@example.com", "firstname.lastname@example.org", "Test", "Member");
Second: there does seem to be a bug here, when saving the password you get This provider does not support manually changing the password. We should indeed fix that!
This provider does not support manually changing the password
Sebastiaan, thank you for your reply. The code you provide is the way I am doing it for now now, as it will store the password hashed, but requirese that I modify the following config value:
I'm sorry if I wasn't clear, but I'm looking for a way to assign a temporary password, "HASHED", without changing the config, and the code I provided allows me to set the password with the recommended config value:
I hope that helps to clarify what I'm looking for:
How can I store a hashed password without setting the allowManuallyChangingPassword value to false?
Thank you for your response, I am very glad to see I am on the right track : )
You can't do what you want to do right now, it's a bug we need to fix. For now allowManuallyChangingPassword needs to be false if you want to save someone's password. :)
Sebastiaan, thank you again for responding, I know now not to beat my head against the wall, which I really appreciate : )
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted