Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old January 1st, 2007, 11:33 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default Get password value from aspnetdb.mdf

I am creating a customer app that will allow an admin to create accounts for members of a club. The admin must be able to change passwords. I go through the createuserwizard to create the account (I added fields to the wizard to store extra info in a customer db). Is there a way that I could:

a) save a new password in a custom way--in other words..just have a text box and then allow an 'admin' to click 'save' and then the old password will be overwritten by whatever is in the textbox?

b) retrieve the password...have it so that the original password populates a textbox?

I look into the aspnetdb.mdf file and see what appears to be a hash of the password--not sure how to retrieve it.

Thanks,
Rob

Reply With Quote
  #2 (permalink)  
Old January 1st, 2007, 01:04 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rob,

By default, passwords are stored in a hashed format. That's a one-way process, so there's no way to retrieve the original password from the database again. You can switch to encryption where passwords are encrypted instead of hashed. Encryption is a two-way process so you can retrieve the password. Also, with the ClearText option you can retrieve it.

Getting it is easy: just call

Membership.Provider.GetPassword(userName)

to get the password.

Changing it is easy as well: just call

Membership.Provider.ChangePassword(userName, oldPassword, newPassword)

You can use GetPassword to get the old password as the value for ChangePassword.

Hope this helps,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #3 (permalink)  
Old January 1st, 2007, 04:07 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

THANK YOU!

How do I change (what do I need to change) to make it so that password saving is encrypted, rather than hash? Also--once that is done--then all I have do do is call either of those two functions to retrieve and save?

I am changing my custom DB to save the old password in it. I found out that createuserwizard has a "password" member that I can call once the "usercreated" event has triggered. I can then store it in my DB. Since I am capturing username in it as well---I would like to think that in my "edit" feature I am adding, I can simply call one of the functions you listed below when I edit (checking first if the password was changed).

Ok--long winded--but just wondering what I need to do to change to encryption...then simply to know if that is all I need to use those two functions.

Much Thanks,
Rob

I was able to do a bit of research, as I am having another issue--I want to take the "question and answer" out of the createuserwizard, but it says that if the membership requires it, I cannot. So I am trying to disable it. My config is:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <connectionStrings>
        <remove name="LocalSqlServer" />
        <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspn etdb.mdf;User Instance=true"
            providerName="System.Data.SqlClient" requiresQuestionAndAnswer="false" />
    </connectionStrings>
<system.web>
        <roleManager enabled="true" />
        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>
<compilation debug="true"/>
</system.web>
</configuration>

I get an error on this as requiresQuestionAndAnswer="false" doesn't appear to be working. I saw something else that stated I can do passwordFormat="Hashed". I assume I can change that to "Encrypted"?

How do I have to reconfig my web.config file above ?

Thanks,
Rob
Reply With Quote
  #4 (permalink)  
Old January 1st, 2007, 05:21 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rob,

You can do this in the web.config; just redefine the membership element, like this:

<system.web>
<membership>
  <providers>
    <clear />
      <add name="AspNetSqlMembershipProvider"
      type="System.Web.Security.SqlMembershipProvider, System.Web,
           Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
      connectionStringName="LocalSqlServer"
      enablePasswordRetrieval="true"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="false"
      applicationName="/"
      requiresUniqueEmail="true"
      passwordFormat="Hashed"
      maxInvalidPasswordAttempts="5"
      passwordAttemptWindow="10"
      passwordStrengthRegularExpression=""
    />
  </providers>
</membership>

And yes, that should be all you need. The Membership API methods I mentioned earlier will talk to your SQL Server database, and change the password for the user.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #5 (permalink)  
Old January 1st, 2007, 08:33 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Imar,

As always, thanks! So--the top is the connection string, the app uses the provider with all it's defaults...and the name of the default provider is AspNetSqlMembershipProvider? Having said that, then you just put the properties in as you have shown?

Funny, how alot of this starts to make more sense once you start messing around with it.

Just as a side--what purpose does the public key token serve? Should it always remain that way--or would someone change it for some reason?

Regards,
Rob

Reply With Quote
  #6 (permalink)  
Old January 1st, 2007, 11:08 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Ok...partway there...but get the following error (also, I assume you meant to put 'Encrypted' rather than 'Hashed' for password format?

--------------------------------------------------------------------------------

You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.

??
Thanks,
Rob
**************************************
I fixed it myself--but not entirely sure, if this website went down, how I could duplicate.

I guess the machine.config file has a machineKey that you can set in your web config file. I went to the site:


and then put the following in my web.config file: (replaced key with x's)
http://www.eggheadcafe.com/articles/...achineKey.aspx



<machineKey validationKey='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxx' decryptionKey='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxx' validation='SHA1'/>


Is there something I can download to create this key randomly?

Thanks,
Rob
Reply With Quote
  #7 (permalink)  
Old January 2nd, 2007, 05:04 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Take a look here: http://p2p.wrox.com/topic.asp?TOPIC_ID=16845

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #8 (permalink)  
Old January 2nd, 2007, 09:17 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Perfecto! Thanks so much!

Reply With Quote
  #9 (permalink)  
Old October 12th, 2007, 09:12 AM
Registered User
 
Join Date: Oct 2007
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

:D

Thanks guys

I found this very useful and obviously not so painful due to your explanations

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about ASPNETDB.MDF frankym BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 4 October 3rd, 2008 11:26 AM
ASPNETDB.mdf unaccessible through IIS yukijocelyn ASP.NET 2.0 Basics 0 October 23rd, 2007 10:53 PM
ASPNETDB.MDF Changing motemape BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 3 May 27th, 2007 06:14 AM
aspnetdb.mdf Jackxxx ASP.NET 2.0 Basics 0 January 9th, 2007 01:37 PM



All times are GMT -4. The time now is 10:00 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.