Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 5th, 2006, 01:41 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to ~Bean~
Default Login Controls and Recover Password

I have setup my app to use forms authentication, the canned db schema, and the new 2.0 login controls. Everything was working fine, until I got to messing with the Login Change Password control. I think I may have changed my own password, and I don't know to what. I am sure I could delete the user and setup a new admin user, but it got me to thinking how to recover a password from the encrypted field in the db...?
Although some docs I have read say to go to ASP.NET Configuration under the website menu and "Edit User"...that screen does not show me the password, nor does it allow me to change the password.

So, how can I retrieve a password from the db?

-------------------------
Beware of programmers with screwdrivers...
__________________
-------------------------
Beware of programmers with screwdrivers...
  #2 (permalink)  
Old June 5th, 2006, 02:09 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to ~Bean~
Default

As a follow up, I was able to get my SMTP working and used the password recovery control to have my password sent to me. What I got was "daW3wdJQ]2231Oza1Aj" which definitely was NOT my password, but did work for logging in...is the password not retrievable once it has been encrypted in the db?



-------------------------
Beware of programmers with screwdrivers...
  #3 (permalink)  
Old June 7th, 2006, 04:42 PM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

It depends,

The provider can be configured for three different options: Hashed, Encrypted and plain text passwords.

Only the latter two are reversible; you'll never be able to retrieve the original password if it was stored as a hash...

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
  #4 (permalink)  
Old June 8th, 2006, 07:01 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to ~Bean~
Default

Thanks Imar.

-------------------------
Beware of programmers with screwdrivers...
  #5 (permalink)  
Old June 19th, 2006, 03:38 PM
Registered User
 
Join Date: May 2006
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have configured my web.config to use clear passwords like this...

        <add name="AspNetSqlMembershipProvider"
             type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="LocalSqlServer"
             requiresQuestionAndAnswer="true"
             requiresUniqueEmail="true"
             passwordFormat="Clear"
             minRequiredNonalphanumericCharacters="0"
             minRequiredPasswordLength="3"/>

When I receieve the password recovery email the password is still gibberish. i.e.

Please return to the site and log in using the following information.
User Name: terryhutt
Password: #BWQ?%-3zDgJUG

Does anyone know why the password isn't sent correctly?
Thanks


  #6 (permalink)  
Old June 19th, 2006, 03:43 PM
Registered User
 
Join Date: May 2006
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Followup -
I looked in the membership table of the aspnetdb database and saw that my request to recover my password had actually changed the password to the gibberish I got in the email so I guess it kind of worked after all.

New question - when using clear passwords, why does the password still get changed? Is there a way to prevent this behaviour and simply email the original password?

Thanks again

  #7 (permalink)  
Old June 19th, 2006, 04:23 PM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

By default, passwords are hashed in the system. Since hashing is a one-way process, it can't be reversed. So, you get a random password in the password recovery control.

If you set the passwordFormat to clear, you also need to set enablePasswordRetrieval to true. With a False setting (the default) you still get a random password.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
  #8 (permalink)  
Old June 20th, 2006, 01:15 PM
Registered User
 
Join Date: Jan 2006
Location: jackson, ms, USA.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hey got a question.

how do you set up the smtp function within you asp.net 2.0 configuration to send the password. I been trying to get mine working but It will not allow me to reach my mail server. any ideas would be very helpful

  #9 (permalink)  
Old June 20th, 2006, 01:24 PM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi there,

You can configure the system.net node in the webconfig:
Code:
  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network">
        <network host="smtp.YourProvider.Com" port="25"/>
      </smtp>
    </mailSettings>
  </system.net>
</configuration>
The network element also allows you to set a username and a password.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
  #10 (permalink)  
Old November 15th, 2006, 02:50 PM
b67 b67 is offline
Authorized User
 
Join Date: Sep 2006
Location: , , .
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to b67
Default

Sorry to ressurect this thread but my question is related

My default install had the passwords set as encrypted

Is there a stored proc or other method that will aloow me to retrieve passwords from my database?

 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Loading Password into Login Control amatytfc ASP.NET 2.0 Basics 5 July 2nd, 2007 09:00 AM
login and password airjaws Pro Visual Basic 2005 18 June 19th, 2007 04:21 PM
login and password airjaws Visual Basic 2005 Basics 5 June 18th, 2007 09:22 PM
Login/Password Java application larry Apache Tomcat 2 December 20th, 2005 04:42 AM
Login with username and password morpheus Classic ASP Basics 4 November 19th, 2003 11:54 AM



All times are GMT -4. The time now is 12:49 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.