 |
| ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
June 5th, 2006, 01:41 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Login Controls and Recover Password
I have setup my app to use forms authentication, the canned db schema, and the new 2.0 login controls. Everything was working fine, until I got to messing with the Login Change Password control. I think I may have changed my own password, and I don't know to what. I am sure I could delete the user and setup a new admin user, but it got me to thinking how to recover a password from the encrypted field in the db...?
Although some docs I have read say to go to ASP.NET Configuration under the website menu and "Edit User"...that screen does not show me the password, nor does it allow me to change the password.
So, how can I retrieve a password from the db?
-------------------------
Beware of programmers with screwdrivers...
__________________
-------------------------
Beware of programmers with screwdrivers...
|
|
June 5th, 2006, 02:09 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
As a follow up, I was able to get my SMTP working and used the password recovery control to have my password sent to me. What I got was "daW3wdJQ]2231Oza1Aj" which definitely was NOT my password, but did work for logging in...is the password not retrievable once it has been encrypted in the db?
-------------------------
Beware of programmers with screwdrivers...
|
|
June 7th, 2006, 04:42 PM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
It depends,
The provider can be configured for three different options: Hashed, Encrypted and plain text passwords.
Only the latter two are reversible; you'll never be able to retrieve the original password if it was stored as a hash...
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
|
|
June 8th, 2006, 07:01 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks Imar.
-------------------------
Beware of programmers with screwdrivers...
|
|
June 19th, 2006, 03:38 PM
|
|
Registered User
|
|
Join Date: May 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I have configured my web.config to use clear passwords like this...
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Clear"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="3"/>
When I receieve the password recovery email the password is still gibberish. i.e.
Please return to the site and log in using the following information.
User Name: terryhutt
Password: #BWQ?%-3zDgJUG
Does anyone know why the password isn't sent correctly?
Thanks
|
|
June 19th, 2006, 03:43 PM
|
|
Registered User
|
|
Join Date: May 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Followup -
I looked in the membership table of the aspnetdb database and saw that my request to recover my password had actually changed the password to the gibberish I got in the email so I guess it kind of worked after all.
New question - when using clear passwords, why does the password still get changed? Is there a way to prevent this behaviour and simply email the original password?
Thanks again
|
|
June 19th, 2006, 04:23 PM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
By default, passwords are hashed in the system. Since hashing is a one-way process, it can't be reversed. So, you get a random password in the password recovery control.
If you set the passwordFormat to clear, you also need to set enablePasswordRetrieval to true. With a False setting (the default) you still get a random password.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
|
|
June 20th, 2006, 01:15 PM
|
|
Registered User
|
|
Join Date: Jan 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
hey got a question.
how do you set up the smtp function within you asp.net 2.0 configuration to send the password. I been trying to get mine working but It will not allow me to reach my mail server. any ideas would be very helpful
|
|
June 20th, 2006, 01:24 PM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi there,
You can configure the system.net node in the webconfig:
Code:
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network host="smtp.YourProvider.Com" port="25"/>
</smtp>
</mailSettings>
</system.net>
</configuration>
The network element also allows you to set a username and a password.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
|
|
November 15th, 2006, 02:50 PM
|
|
Authorized User
|
|
Join Date: Sep 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Sorry to ressurect this thread but my question is related
My default install had the passwords set as encrypted
Is there a stored proc or other method that will aloow me to retrieve passwords from my database?
|
|
|
