Comments on: Resetting Password with ASP.NET 2.0 Membership and Multiple Providers

By: Caroline Pratt

Caroline Pratt — Wed, 04 Nov 2009 13:33:19 +0000

Todays fresh passes. 4/11-09, Barely Legal Pass! Link/Download (http://sharembit.com/386/bar-legal.zip.html)

By: Aaron Payne

Aaron Payne — Wed, 19 Aug 2009 21:57:06 +0000

Thank you!!!

Saved me a lot of time!

By: Rick Wannall

Rick Wannall — Wed, 05 Aug 2009 05:29:03 +0000

Thank you!!!!

I wanted to continue to use the randomly generated password in our store site, so I went with this:

U.ResetPassword();
string newPassword = U.GetPassword();

and then some code to send the email

Thank you so much!! I was going nuts having to deal with users who couldn’t remember their anwer, so I wanted to eliminate the step altogether. I looked around anough to get really frustrated, and then … voila!!

By: Dennis

Dennis — Sat, 11 Jul 2009 03:22:42 +0000

Simple, elegant, and although published 2 1/2 years ago, stills proves helpful today. This saved me so much time and frustration. Thank you for sharing it, Peter.

By: Frederick

Frederick — Tue, 23 Jun 2009 18:08:01 +0000

Thanks for the hint!
Here’s my solution that worked for me.

http://www.experts-exchange.com/Programming/Languages/.NET/.NET_Framework_2.0/Q_24515442.html

By: Laurie

Laurie — Fri, 08 May 2009 15:31:40 +0000

Thanks for the tip, Peter. This was extremely useful!

By: Jeremy Thomson

Jeremy Thomson — Mon, 29 Sep 2008 11:54:07 +0000

Hi,

Thanks for the advice on setting up the second membership provider to resolve this issue.

By: Peter Kellner

Peter Kellner — Tue, 17 Jun 2008 15:41:12 +0000

I should not have referenced a custom membership provider in my example. Better to have done something like:

By: Jim

Jim — Tue, 17 Jun 2008 13:13:49 +0000

Hi Peter,

First, thanks for creating this solution, as I am sure it will work for me. Many thanks to you and others who provide examples of their work.

I am having the same problem as Stephen:

Parser Error Message: Could not load type ‘SqlProviderOneShot.SqlMembershipProvider’.

Source Error:

Line 19:
Line 20:

Do I need to create another complete custom MembershipProvider class? or ?

Thanks again.

By: Jerry

Jerry — Sun, 11 May 2008 04:35:05 +0000

After talking with Peter, and looking at his code again, it worked like a champ. The part that kind of threw me for a loop was using the reset function as the old password. Here is my code in VB. Keep in mind that my provider MembersAdmin is just for the admin section of the client’s site.

Dim U As MembershipUser = Membership.Providers(“MembersAdmin”).GetUser(SUserName, False)
If Not U Is Nothing Then
U.ChangePassword(U.ResetPassword(), strPassword)
txtPassword.Text = “”
msgProgress.Text = “Password Changed”
End If

By: Jerry

Jerry — Sun, 11 May 2008 02:49:12 +0000

Atomiton

I am in the same boat as Kenny. I have a client that needs to be able to change a password for their user. Sometimes it is like pulling teeth to get these guys to walk through the process. So I set it up as above, but in order to change the password, I need old and new. If i reset it, it will go to their email and it is lost. So I figure my choices are like this.

1) change their email to the admins, fire the reset, get the new password. Then change their email back, use the emailed password to change the password to what they wanted.

2) somehow reset the password and display it on the screen without actually mailing it. Follow the second half of #1 and change to what they wanted.

3) Figure out how to hash the new password and store that result in the table with the salt key and bypass the provider. Just do a straight stored procedure.

Any thought to point me in the right direction and maybe shoot holes in my thinking? The biggest thing I need to be able to set the password to a password of my choosing, through an admin account. Everything I can think of comes up messy.

By: Atomiton

Atomiton — Sun, 03 Feb 2008 21:09:28 +0000

Kenny… not sure if you’re still reading this… but it’s probably better to just use the ResetPassword() method. It will email them their new password and you don’t have to worry about it. It’s more secure too.

You will need to implement two membership profiles for this.

I won’t go into details as there are lots of posts explaining it better than I do.

However, if you’re looking at Adding an AdminProvider for the built-in SQL Express DB that is created when you enable security from the WAT while leaving the default one for users, this could be your Web.config:

connectionStringName=”ACPDevSQL”
applicationName=”ACPPortal”
minRequiredPasswordLength=”3″
minRequiredNonalphanumericCharacters=”0″
enablePasswordRetrieval=”true”
passwordForma=”Encrypted”
enablePasswordReset=”true”
requiresQuestionAndAnswer=”true”
requiresUniqueEmail=”false”/>
connectionStringName=”ACPDevSQL”
applicationName=”ACPPortal”
minRequiredPasswordLength=”3″
minRequiredNonalphanumericCharacters=”0″
enablePasswordRetrieval=”true”
passwordForma=”Encrypted”
enablePasswordReset=”true”
requiresQuestionAndAnswer=”false”
requiresUniqueEmail=”false”/>

By: Atomiton

Atomiton — Sun, 03 Feb 2008 21:06:49 +0000

You will need to implement two membership profiles for this.

I won’t go into details as there are lots of posts explaining it better than I do.

By: Ric Plouffe

Ric Plouffe — Thu, 01 Nov 2007 16:37:38 +0000

Never mind the second question. I have extended the ChangePassword control to include the Question/Answer combination.

The first question is still something I’de like to figure out though. Everything’s working the way I have it set up now but it’s kindof a bubble gum/scotch tape solution.

Thanks

By: Ric Plouffe

Ric Plouffe — Mon, 29 Oct 2007 17:35:50 +0000

I have a situation that I have two questions about.

First, the situation:

I have implemented a capability in our website where certain “power” users are able to add new website users to our database by uploading a spreadsheet. The spreadsheet contains the new user’s First and Last name and their e-mail; the e-mail becomes their login UserName.

Upon spreadsheet upload, as records are added to a staging table in our database, I call dbo.aspnet_Membership_CreateUser passing it the parameter values it expects. right now, I am passing a known hashed password and salt value and a known password question and password answer value.

As a separate process, I have a windows service that polls the database for newly-added users and calls Membership.Provider.ChangePassword to update their password to a unique temporary password and then send them an email with instructions how to log in with their email as the UserName and the temporary password we provide.

These users, when they log into the website, are forced to change their temporary password with the ChagePassword control before they can do anything else.

The first question is:

How can I create a hashed version of the temporary password in T-SQL that is compatible with Membership/Roles and pass it to dbo.aspnet_Membership_CreateUser right from the onset instead of having to change it (again) in my windows process?

The second and more urgent question is:

Since new users added in this fashion never see the CreateUserWizard control and therefore never have an opportunity to enter their own password question/answer combination, what would be the best (and most secure) way for me to prompt them for a new password question/answer combination at the time I direct them to change their passowrd?

Right now I have no “Forgot Password?” functionality because of this conundrum.

Any guidance would be greatly appreciated…

By: Kenny

Kenny — Wed, 15 Aug 2007 01:18:05 +0000

Hi Peter,
I’ve setup my page so that I have 2 textbox, 1 for the username and the other for the new password that I want to set it to. Is there a way so that my setup will work? I’m the Admin and sometime the user want me to reset the password for them, either they forgot the password as well as the answer to the secret question, or something going on with their email.

Thank you very, very much.
Kenny.

By: Administrator

Administrator — Wed, 15 Aug 2007 01:10:13 +0000

Kenny,
You are right that GetUser() does not work. You can always get the currently logged in user by doing Context.User.Identity.Name.
-Peter Kellner

By: Kenny

Kenny — Wed, 15 Aug 2007 00:48:21 +0000

Hi Peter,
Thank you very much for the article, this is what I’m looking for… However, I’ve received error in this code:

Membership mu = Membership.Providers["CustomizedAdminMembershipProvider"].GetUser(Username);

This is the error:
No overload for mthod ‘GetUser’ takes ‘1′ arguments

Any idea why?
Thank you very much,
Kenny.

By: Jeremy Wadsworth

Jeremy Wadsworth — Sat, 11 Aug 2007 23:06:30 +0000

This is a great post. It worked great after passing in the IsUserOnline value with the user name. Thanks a lot.

By: Stephen

Stephen — Wed, 13 Jun 2007 09:47:03 +0000

Hi Peter,

Thanks for the article, as i believe it can solve my problem but when i do …

…and…

MembershipUser mu = Membership.Providers["SqlMembershipProviderOther"].GetUser(UserName, false);

i get the following error.

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load type ‘SqlProviderOneShot.SqlMembershipProvider’.

Source Error:

Line 19:
Line 20: