Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Perry Cope 2 posts 92 karma points
    1 week ago
    Perry Cope
    0

    I'm trying to implement Password history for Members so that a user can not enter a password they have previously used.

    Im planning on doing this by adding an extra table and storing the hashed password history there and checking against it when a Member updates password.

    The Issue i am having is that the password format is set too hashed and cant figure out how to generate the Hashed password in the same way Members.ChangePassword does, so i cant check against the PasswordHistory table.

    Ive tried

    var _passwordhasher = new MembershipProviderPasswordHasher(Membership.Provider.AsUmbracoMembershipProvider());
    var hashed = _passwordhasher.HashPassword(model.NewPassword);
    

    And

    var hash = Membership.Provider.AsUmbracoMembershipProvider().HashPasswordForStorage(model.NewPassword);
    

    Neither give same result as

    var attempt = Members.ChangePassword(Membership.GetUser().UserName, new Umbraco.Web.Models.ChangingPasswordModel()
                    {
                        NewPassword = model.NewPassword,
                        OldPassword = model.OldPassword
                    }, Membership.Provider);
    var originalPasswordhash = _memberService.GetByUsername(Membership.GetUser().UserName).RawPasswordValue;
    
  • Perry Cope 2 posts 92 karma points
    1 week ago
    Perry Cope
    100

    I managed to find an answer to this after a day of going through the source code, and rethinking my approach.

    The provider has a protected method of

    MembershipProviderBase.CheckPassword
    

    I made a public method on my custom provider that took in the raw Passwords from the History table and returned the above method's result.

Please Sign in or register to post replies

Write your reply to:

Draft