Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
| Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old January 1st, 2007, 11:33 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default Get password value from aspnetdb.mdf

I am creating a customer app that will allow an admin to create accounts for members of a club. The admin must be able to change passwords. I go through the createuserwizard to create the account (I added fields to the wizard to store extra info in a customer db). Is there a way that I could:

a) save a new password in a custom way--in other words..just have a text box and then allow an 'admin' to click 'save' and then the old password will be overwritten by whatever is in the textbox?

b) retrieve the password...have it so that the original password populates a textbox?

I look into the aspnetdb.mdf file and see what appears to be a hash of the password--not sure how to retrieve it.

Thanks,
Rob

 
Old January 1st, 2007, 01:04 PM
Imar's Avatar
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi Rob,

By default, passwords are stored in a hashed format. That's a one-way process, so there's no way to retrieve the original password from the database again. You can switch to encryption where passwords are encrypted instead of hashed. Encryption is a two-way process so you can retrieve the password. Also, with the ClearText option you can retrieve it.

Getting it is easy: just call

Membership.Provider.GetPassword(userName)

to get the password.

Changing it is easy as well: just call

Membership.Provider.ChangePassword(userName, oldPassword, newPassword)

You can use GetPassword to get the old password as the value for ChangePassword.

Hope this helps,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old January 1st, 2007, 04:07 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

THANK YOU!

How do I change (what do I need to change) to make it so that password saving is encrypted, rather than hash? Also--once that is done--then all I have do do is call either of those two functions to retrieve and save?

I am changing my custom DB to save the old password in it. I found out that createuserwizard has a "password" member that I can call once the "usercreated" event has triggered. I can then store it in my DB. Since I am capturing username in it as well---I would like to think that in my "edit" feature I am adding, I can simply call one of the functions you listed below when I edit (checking first if the password was changed).

Ok--long winded--but just wondering what I need to do to change to encryption...then simply to know if that is all I need to use those two functions.

Much Thanks,
Rob

I was able to do a bit of research, as I am having another issue--I want to take the "question and answer" out of the createuserwizard, but it says that if the membership requires it, I cannot. So I am trying to disable it. My config is:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <connectionStrings>
        <remove name="LocalSqlServer" />
        <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspn etdb.mdf;User Instance=true"
            providerName="System.Data.SqlClient" requiresQuestionAndAnswer="false" />
    </connectionStrings>
<system.web>
        <roleManager enabled="true" />
        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>
<compilation debug="true"/>
</system.web>
</configuration>

I get an error on this as requiresQuestionAndAnswer="false" doesn't appear to be working. I saw something else that stated I can do passwordFormat="Hashed". I assume I can change that to "Encrypted"?

How do I have to reconfig my web.config file above ?

Thanks,
Rob
 
Old January 1st, 2007, 05:21 PM
Imar's Avatar
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi Rob,

You can do this in the web.config; just redefine the membership element, like this:

<system.web>
<membership>
  <providers>
    <clear />
      <add name="AspNetSqlMembershipProvider"
      type="System.Web.Security.SqlMembershipProvider, System.Web,
           Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
      connectionStringName="LocalSqlServer"
      enablePasswordRetrieval="true"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="false"
      applicationName="/"
      requiresUniqueEmail="true"
      passwordFormat="Hashed"
      maxInvalidPasswordAttempts="5"
      passwordAttemptWindow="10"
      passwordStrengthRegularExpression=""
    />
  </providers>
</membership>

And yes, that should be all you need. The Membership API methods I mentioned earlier will talk to your SQL Server database, and change the password for the user.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old January 1st, 2007, 08:33 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Imar,

As always, thanks! So--the top is the connection string, the app uses the provider with all it's defaults...and the name of the default provider is AspNetSqlMembershipProvider? Having said that, then you just put the properties in as you have shown?

Funny, how alot of this starts to make more sense once you start messing around with it.

Just as a side--what purpose does the public key token serve? Should it always remain that way--or would someone change it for some reason?

Regards,
Rob

 
Old January 1st, 2007, 11:08 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Ok...partway there...but get the following error (also, I assume you meant to put 'Encrypted' rather than 'Hashed' for password format?

--------------------------------------------------------------------------------

You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.

??
Thanks,
Rob
**************************************
I fixed it myself--but not entirely sure, if this website went down, how I could duplicate.

I guess the machine.config file has a machineKey that you can set in your web config file. I went to the site:


and then put the following in my web.config file: (replaced key with x's)
http://www.eggheadcafe.com/articles/...achineKey.aspx



<machineKey validationKey='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxx' decryptionKey='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxx' validation='SHA1'/>


Is there something I can download to create this key randomly?

Thanks,
Rob
 
Old January 2nd, 2007, 05:04 AM
Imar's Avatar
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Take a look here: http://p2p.wrox.com/topic.asp?TOPIC_ID=16845

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old January 2nd, 2007, 09:17 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Perfecto! Thanks so much!

 
Old October 12th, 2007, 09:12 AM
Registered User
 
Join Date: Oct 2007
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

:D

Thanks guys

I found this very useful and obviously not so painful due to your explanations





Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about ASPNETDB.MDF frankym BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 4 October 3rd, 2008 11:26 AM
ASPNETDB.mdf unaccessible through IIS yukijocelyn ASP.NET 2.0 Basics 0 October 23rd, 2007 10:53 PM
ASPNETDB.MDF Changing motemape BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 3 May 27th, 2007 06:14 AM
aspnetdb.mdf Jackxxx ASP.NET 2.0 Basics 0 January 9th, 2007 01:37 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.