Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old April 16th, 2007, 01:49 PM
Friend of Wrox
 
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default problem with custom membership provider

Hi,

When an anonymous user has created an new account (with the CreateUserWizard control), i want to let asp.net generate a password and to send it (AutoGeneratePassword="true") to the address of the email provided by the new membershipuser in the CreateUserWizard control.

i think i need to define a custom provider for membership and i tried this:

web.config:
-----------
<connectionStrings>
  <add name="aspnetdb" connectionString="Data
Source=.\SQLEXPRESS;AttachDbFilename=|DataDirector y|\ASPNETDB.MDF;Integrated
Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>

<authentication mode="Forms" />

<membership defaultProvider="MyMembershipProvider">
<providers>
<add name="MyMembershipProvider"
 type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
          connectionStringName="aspnetdb"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          passwordFormat="Encrypted"
          requiresQuestionAndAnswer="true"
          applicationName="/"
/>
</providers>
</membership>

code-behind:
------------
 Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
        If User.Identity.IsAuthenticated Then
            Dim pw As String
            pw = Membership.GetUser.GetPassword.ToString
        End If
    End Sub


But this generate the error:
"You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key."

at line "pw = Membership.GetUser.GetPassword.ToString"
I know passwordFormat can be "Clear" and "Hashed'. But "Clear" is not so safe and "Hashed" cannot be retrieved.

Thanks for help
Hertendreef


  #2 (permalink)  
Old April 16th, 2007, 02:40 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi hertendreef,

I am not sure if you have to do all this custom stuff. Here's what I would try:

1. Set AutoGeneratePassword to true. This hides the Password box from the control.

2. Set up a MailDefinition to send the e-mail. Point it to a BodyFileName you want to send and give this text file a placeholder like ##Password## for example.

3. Handle the SendingMail event that fires right before the mail is sent.

Inside this event, use e.Message.Body to change the body text and embed the new password that you can retrieve from the CreateUserWizard. E.g.:

e.Message.Body.Replace("##Password##", CreateUserWizard1.Password);

That way, the new password gets inserted in the message before it gets sent.

Does this help?



---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #3 (permalink)  
Old April 16th, 2007, 04:39 PM
Friend of Wrox
 
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Imar,

thanks for replying.

I did what you said, it works except that the email contains "##password##" instead of the password itself.

I defined a textfile "pw.txt" and in that file, i wrote ##password##.
Is that what you mean by
"give this text file a placeholder like ##Password## for example."?



  #4 (permalink)  
Old April 17th, 2007, 01:01 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Yes, that's what I meant. However, what I forgot to add was that you have to reassign the modified Body to the Body property:

e.Message.Body = e.Message.Body.Replace("##Password##", CreateUserWizard1.Password);

My previous example just created a new string, without reassigning it to the e-mail.

BTW, the pw.txt file is meant to the be the body of the entire message, so you probably want it to look like:
Code:
Hi there,

Thank you for signing up to out site. Bla Bla Bla.

Your password is: ##password##

Regards,

The Hertendreef Team
You can use other placeholder, for example for the URL of the site or the user's name and customize those as well.

HtH,

Imar


---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #5 (permalink)  
Old April 17th, 2007, 01:51 AM
Friend of Wrox
 
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Imar,

still a little problem ...

i did this in code-behind:
--------------------------
e.Message.Body = e.Message.Body.Replace("##Password##", CreateUserWizard1.Password)

and this in aspx file:
----------------------
 <MailDefinition
   BodyFileName="pw.txt"
   From="welcome@dorknozzle.com"
   Subject="your password"/>

and the pw.txt file contains this:
----------------------------------
Hi there,

Thank you for signing up to out site. Bla Bla Bla.
Your password is: ##password##
Regards,

and now i get this:
-------------------
Hi there, Thank you for signing up to out site. Bla Bla Bla. Your password is: ##password## Regards,






  #6 (permalink)  
Old April 17th, 2007, 02:33 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Replace is case sensitive, so either make sure both sides (the file and the replace operation) use ##password## (not ##Password## in one and ##password## in the other, or use an overloaded version of Replace that replaces without looking for case differences.

Imar


---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #7 (permalink)  
Old April 17th, 2007, 04:40 AM
Friend of Wrox
 
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Imar,

it works now.
A last question:
By default is the password format "hashed". But i read somewhere that "hashed" password can't be retrieved. So how can here the password be retrieved then?

Thanks

  #8 (permalink)  
Old April 17th, 2007, 11:40 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

You're correct. Hashing is an irreversible process so there's no way to get the old password based on the hash (other than by brute force).

However, .NET enables password reset, where a new password is generated and sent to the user.

The fact you can see it in the CreateUserWizard is because it has just been generated there and is thus available in clear text (otherwise the AutogeneratePassword option would be useless). Afterwards, you can't see the password as clear text anymore...

Does this clarify things?

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #9 (permalink)  
Old April 17th, 2007, 12:11 PM
Friend of Wrox
 
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Great explanation
Thanks Imar

 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Custom Membership Provider Scott663 BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 4 August 1st, 2008 05:16 PM
Custom Membership provider question aspcoder BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 3 July 27th, 2008 09:59 AM
Custom Membership Provider kulkarnimonica ASP.NET 2.0 Professional 0 June 21st, 2007 03:56 PM
Issue with custom membership provider cacaldo ASP.NET 2.0 Professional 1 October 7th, 2006 03:05 AM
custom membership provider msrnivas General .NET 1 September 18th, 2005 04:28 AM



All times are GMT -4. The time now is 05:19 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.