ASP:ChangePassword control and changing another user's password

Discussion in 'ASP .Net' started by Savvoulidis Iordanis, Dec 2, 2009.

  1. In my application, the "Manager" membership user, is the one that creates all
    the other users. They don't have the ability to register themselves. Only
    through the Manager. So if so a user's password, must be altered later, the
    Manager opens the users list page, selects the user and a ChangePassword
    control is displayed, having the DisplayUserName property set to true (the
    user name textbox is displayed). So, the Manager types the name of the user
    to change his password, and supplies all the other password data and clicks
    on the "Change Password" button. So far so good.

    But, as the help file also mentions :
    "After the password for the given user name is changed, the user is logged
    on to the account associated with the changed password, even if the user was
    not logged on to that account previously.",

    this has the sideffect of, having the Manager log out of the application and
    logged in again as the user whose password was changed, also trying to stay
    on the same page (which is a page to be displayed only for Manager user!!!),
    so I get an authorization error. It couldn't be worse!

    Is there any way to avoid this, and leave the Manager as is, to continue his
    work?

    TIA
    Iordanis
     
    Savvoulidis Iordanis, Dec 2, 2009
    #1
    1. Advertising

  2. =?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=
    <> wrote in
    news::

    > Is there any way to avoid this, and leave the Manager as is, to
    > continue his work?


    Yes. You can use the Membership bits directly and call the methods on
    them rather than using the drag and drop controls. A bit more work, but
    you will be happier with it.

    I have an example at home on a CD, if I can find it. We set up so an
    administrator could search for a user by name, email, etc and then
    change the password without logging in as the user. In fact, I had it so
    it could be done on a completely different site <bg>, as we had multiple
    sites using the same Membership bits (custom wrapping the built in
    bits), but different databases.

    The only thing I am not sure of is whether the customization was
    necessary to change a user's information.

    If I get a chance, I will resurrect it and post a bit of code.

    Peace and Grace,

    --
    Gregory A. Beamer (MVP)

    Twitter: @gbworld
    Blog: http://gregorybeamer.spaces.live.com

    *******************************************
    | Think outside the box! |
    *******************************************
     
    Gregory A. Beamer, Dec 2, 2009
    #2
    1. Advertising

  3. Re: ASP:ChangePassword control and changing another user's passwor

    Thanks! Can't wait...
     
    Savvoulidis Iordanis, Dec 3, 2009
    #3
  4. On Wed, 2 Dec 2009 13:12:01 -0800, Savvoulidis Iordanis
    <> wrote:

    >In my application, the "Manager" membership user, is the one that creates all
    >the other users. They don't have the ability to register themselves. Only
    >through the Manager. So if so a user's password, must be altered later, the
    >Manager opens the users list page, selects the user and a ChangePassword
    >control is displayed, having the DisplayUserName property set to true (the
    >user name textbox is displayed). So, the Manager types the name of the user
    >to change his password, and supplies all the other password data and clicks
    >on the "Change Password" button. So far so good.
    >
    >But, as the help file also mentions :
    >"After the password for the given user name is changed, the user is logged
    >on to the account associated with the changed password, even if the user was
    >not logged on to that account previously.",
    >
    >this has the sideffect of, having the Manager log out of the application and
    >logged in again as the user whose password was changed, also trying to stay
    >on the same page (which is a page to be displayed only for Manager user!!!),
    >so I get an authorization error. It couldn't be worse!
    >
    >Is there any way to avoid this, and leave the Manager as is, to continue his
    >work?
    >

    As you have determined the ChangePassword control is intended to be
    used by the account holder. To avoid the problem don't use that
    control for this purpose.

    What sort of interface is used by the manager to register users? This
    management interface needs to be able to perform CRUD operations on
    user membership records. This is best done by programmatically using a
    MembershipProvider directly. Depending upon your situation a custom
    MembershipProvider may be more suitable.

    Either way a UI will need to be created to manage MembershipUser
    instances.

    regards
    A.G.
     
    Registered User, Dec 3, 2009
    #4
  5. Re: ASP:ChangePassword control and changing another user's passwor

    By the way, how can I hide the cancel button in the ChangePassword control?
    Before creating a ChangePassword.aspx page, I used to open the control in a
    popup, so the Cancel button was not needed. I clicked outside the popup
    window to close it.

    What I use is :

    CType(ChangePassword1.FindControl("CancelPushButton"), button).Visible = False

    where "CancelPushButton" is the templated cancel button name, but it didn't
    work (either in template mode or not)
     
    Savvoulidis Iordanis, Dec 3, 2009
    #5
  6. Using the following simple code, I' ve managed to do what I want, without
    reinventing the wheel and still use the control!! I just used the
    ChangingPassword event, in which I manually do what I want to do, and then
    cancel it and return to the SuccessUrl set. But anyway if this approach has
    any hidden disadvantage, I'd like to here what anyone has to say. Code
    follows :

    Protected Sub ChangePassword1_ChangingPassword(ByVal sender As Object, ByVal
    e As System.Web.UI.WebControls.LoginCancelEventArgs) Handles
    ChangePassword1.ChangingPassword
    Dim u As MembershipUser
    Dim ls_random_pass As String

    Try
    u = Membership.GetUser(ChangePassword1.UserName)

    If u IsNot Nothing Then

    ls_random_pass = u.ResetPassword()
    u.ChangePassword(ls_random_pass, ChangePassword1.NewPassword)
    End If

    e.Cancel = True
    ' πήγαινε στη σελίδα των χÏηστών
    Response.Redirect(IIf(Not
    String.IsNullOrEmpty(ChangePassword1.SuccessPageUrl),
    ChangePassword1.SuccessPageUrl, ChangePassword1.ContinueDestinationPageUrl))

    Catch ex As Exception
    ' display a message somewhere
    End Try

    End Sub

    PS. How can I disable the UserName control in the ChangePassword control?
    That's because I want to set it only through code.
     
    Savvoulidis Iordanis, Dec 3, 2009
    #6
  7. Re: ASP:ChangePassword control and changing another user's passwor

    =?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=
    <> wrote in news:8F81F8EE-
    :

    > Thanks! Can't wait...


    I will likely blog it and link here, as this issue comes up again and again
    in forums.

    Peace and Grace,

    --
    Gregory A. Beamer (MVP)

    Twitter: @gbworld
    Blog: http://gregorybeamer.spaces.live.com

    *******************************************
    | Think outside the box! |
    *******************************************
     
    Gregory A. Beamer, Dec 3, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Evgeny
    Replies:
    2
    Views:
    2,149
    Evgeny
    Jan 28, 2006
  2. Replies:
    0
    Views:
    608
  3. Ken Fine
    Replies:
    2
    Views:
    1,784
    Allen Chen [MSFT]
    Aug 25, 2008
  4. AAaron123
    Replies:
    2
    Views:
    2,376
    AAaron123
    Jan 16, 2009
  5. AAaron123
    Replies:
    1
    Views:
    1,427
    Oriane
    Jan 16, 2009
Loading...

Share This Page