How do I retreive Password, Secret Question and its answer from the Memberhisp API?

Discussion in 'ASP .Net Security' started by Learner, May 22, 2006.

  1. Learner

    Learner Guest

    Hi there,
    Our business doesn' t allow the anonymous users to create an account
    on our website. Only web admin creates user account. So using
    createuserWizard we are able to create users. But once we create the
    user we need to be able to send his UserID , password and Secret
    Question and also its answer to the user so that he can use this info
    to change his/her password.

    Could you please some one help me how do I get the UserID, Password,
    Secret Question and its answer once we create the User?

    Thanks,
    -L
    Learner, May 22, 2006
    #1
    1. Advertising

  2. You can handle the CreateUserWizard_UserCreated event to access the values
    from the control.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi there,
    > Our business doesn' t allow the anonymous users to create an account
    > on our website. Only web admin creates user account. So using
    > createuserWizard we are able to create users. But once we create the
    > user we need to be able to send his UserID , password and Secret
    > Question and also its answer to the user so that he can use this info
    > to change his/her password.
    >
    > Could you please some one help me how do I get the UserID, Password,
    > Secret Question and its answer once we create the User?
    >
    > Thanks,
    > -L
    Dominick Baier [DevelopMentor], May 22, 2006
    #2
    1. Advertising

  3. Learner

    Learner Guest

    Hello Dominick,
    I am sorry if I didn't pose my question right in my previous posting.
    Yes I am using the same thing but how do I get the user password?
    here is how I am trying with

    Dim clumsypwd As String =
    Membership.GetUser(CreateUserWizard1.UserName).GetPassword.ToString

    but it says MemberShip is not desigend to get the password!!!!

    Am I missing some thing here?

    As far as the remaining values

    Dim UserName = Membership.GetUser(CreateUserWizard1.UserName).ToString
    'ProviderUserKey.ToString
    Dim SecretQuestionAnswer As String =
    CreateUserWizard1.Answer
    Dim SecretQuestion As String = CreateUserWizard1.Question
    'Membership.GetUser(CreateUserWizard1.Question).ToString
    Dim PassWord As String = CreateUserWizard1.Password
    I am getting all of these values. But I am trying to retrevie the
    confusing password that the system generates when we click on "Forgot
    password link" on the login Control.

    I also can get the uniqueidentifier UserID using the below line

    UserID =
    Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToString

    but not sure why I can't get the password in the similar way.

    Thanks in advance,
    Thanks
    Learner, May 22, 2006
    #3
  4. why don't you read the password directly from the password textbox of the
    create user wizard control?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello Dominick,
    > I am sorry if I didn't pose my question right in my previous posting.
    > Yes I am using the same thing but how do I get the user password?
    > here is how I am trying with
    > Dim clumsypwd As String =
    > Membership.GetUser(CreateUserWizard1.UserName).GetPassword.ToString
    > but it says MemberShip is not desigend to get the password!!!!
    >
    > Am I missing some thing here?
    >
    > As far as the remaining values
    >
    > Dim UserName =
    > Membership.GetUser(CreateUserWizard1.UserName).ToString
    > 'ProviderUserKey.ToString
    > Dim SecretQuestionAnswer As String =
    > CreateUserWizard1.Answer
    > Dim SecretQuestion As String = CreateUserWizard1.Question
    > 'Membership.GetUser(CreateUserWizard1.Question).ToString
    > Dim PassWord As String = CreateUserWizard1.Password
    > I am getting all of these values. But I am trying to retrevie the
    > confusing password that the system generates when we click on "Forgot
    > password link" on the login Control.
    >
    > I also can get the uniqueidentifier UserID using the below line
    >
    > UserID =
    > Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToStrin
    > g
    > but not sure why I can't get the password in the similar way.
    >
    > Thanks in advance,
    > Thank
    Dominick Baier [DevelopMentor], May 22, 2006
    #4
  5. ah i see - you want a randomly generated passwort - right?

    you could manually call Membership.GeneratePassword and set the password
    for that user.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > why don't you read the password directly from the password textbox of
    > the create user wizard control?
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >> Hello Dominick,
    >> I am sorry if I didn't pose my question right in my previous posting.
    >> Yes I am using the same thing but how do I get the user password?
    >> here is how I am trying with
    >> Dim clumsypwd As String =
    >> Membership.GetUser(CreateUserWizard1.UserName).GetPassword.ToString
    >> but it says MemberShip is not desigend to get the password!!!!
    >> Am I missing some thing here?
    >>
    >> As far as the remaining values
    >>
    >> Dim UserName =
    >> Membership.GetUser(CreateUserWizard1.UserName).ToString
    >> 'ProviderUserKey.ToString
    >> Dim SecretQuestionAnswer As String =
    >> CreateUserWizard1.Answer
    >> Dim SecretQuestion As String = CreateUserWizard1.Question
    >> 'Membership.GetUser(CreateUserWizard1.Question).ToString
    >> Dim PassWord As String = CreateUserWizard1.Password
    >> I am getting all of these values. But I am trying to retrevie the
    >> confusing password that the system generates when we click on "Forgot
    >> password link" on the login Control.
    >> I also can get the uniqueidentifier UserID using the below line
    >>
    >> UserID =
    >> Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToStri
    >> n
    >> g
    >> but not sure why I can't get the password in the similar way.
    >> Thanks in advance,
    >> Thanks
    Dominick Baier [DevelopMentor], May 22, 2006
    #5
  6. Learner

    Learner Guest

    Dominick,

    This works fine Dim UserID as string =
    Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToString


    but I don't know why this

    Dim clumsypwd As String =
    Membership.GetUser(CreateUserWizard1.UserName).GetPassword.ToString
    doesn't work?


    I am writing all this code under CreateUserWizard_UserCreated i.e
    after user has been created. If this isn't possible I am wondering how
    the "Forgot Password?" link on the LoginControl generates the password
    for the user so that he can change it to a meaningful password?

    For now I got it working like this

    Dim PassWord As String = CreateUserWizard1.Password
    Dim clumsypwd As String = Membership.GeneratePassword(8, 8)


    Membership.GetUser(CreateUserWizard1.UserName).ChangePassword(PassWord,
    clumsypwd)

    and this kind of solves what I am looking for. Could you help me how do
    I lock the user after certain login trails?

    Thanks
    -L
    Learner, May 23, 2006
    #6
  7. the login control does that automatically - there is no LockUser method or
    similar - if you want to do that you have to manunally set the flag in the
    db.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Dominick,
    >
    > This works fine Dim UserID as string =
    > Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToStrin
    > g
    > but I don't know why this
    >
    > Dim clumsypwd As String =
    > Membership.GetUser(CreateUserWizard1.UserName).GetPassword.ToString
    > doesn't work?
    >
    > I am writing all this code under CreateUserWizard_UserCreated i.e
    > after user has been created. If this isn't possible I am wondering how
    > the "Forgot Password?" link on the LoginControl generates the password
    > for the user so that he can change it to a meaningful password?
    >
    > For now I got it working like this
    >
    > Dim PassWord As String = CreateUserWizard1.Password
    > Dim clumsypwd As String = Membership.GeneratePassword(8,
    > 8)
    > Membership.GetUser(CreateUserWizard1.UserName).ChangePassword(PassWord
    > , clumsypwd)
    >
    > and this kind of solves what I am looking for. Could you help me how
    > do I lock the user after certain login trails?
    >
    > Thanks -L
    >
    Dominick Baier [DevelopMentor], May 23, 2006
    #7
  8. Learner

    Learner Guest

    Dominick,
    Here is what I am trying to do. The below portion is the membership
    configuration setup in web.config file in my application.
    the value maxInvalidPasswordAttempts="2" works good. I mean it doesn't
    allow the users though they have entered correct password the third
    time as we have provided its value 2.

    But I am just wondering is there a way that said "User has been locked
    out Please contact Adin @ 222-222-2222. Sorry for the incovenince"
    kind of message?
    Thanks
    -L

    <!--<system.web>
    <membership>
    <providers>
    <remove name="AspNetSqlMembershipProvider"/>
    <add name="AspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider, ..."
    connectionStringName="LocalSqlServer"
    enablePasswordRetrieval="false"
    enablePasswordReset="true"
    requiresQuestionAndAnswer="true"
    applicationName="/"
    requiresUniqueEmail="false"
    passwordFormat="Hashed"
    maxInvalidPasswordAttempts="2"
    minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="1"
    passwordAttemptWindow="10"
    passwordStrengthRegularExpression=""/>
    </providers>
    </membership>
    </system.web>-->
    Learner, May 23, 2006
    #8
  9. you can do that manually by checking the IsLockedOut property - nothing built
    in AFAIK

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Dominick,
    > Here is what I am trying to do. The below portion is the membership
    > configuration setup in web.config file in my application.
    > the value maxInvalidPasswordAttempts="2" works good. I mean it doesn't
    > allow the users though they have entered correct password the third
    > time as we have provided its value 2.
    >
    > But I am just wondering is there a way that said "User has been locked
    > out Please contact Adin @ 222-222-2222. Sorry for the incovenince"
    > kind of message?
    > Thanks
    > -L
    > <!--<system.web>
    > <membership>
    > <providers>
    > <remove name="AspNetSqlMembershipProvider"/>
    > <add name="AspNetSqlMembershipProvider"
    > type="System.Web.Security.SqlMembershipProvider, ..."
    > connectionStringName="LocalSqlServer"
    > enablePasswordRetrieval="false"
    > enablePasswordReset="true"
    > requiresQuestionAndAnswer="true"
    > applicationName="/"
    > requiresUniqueEmail="false"
    > passwordFormat="Hashed"
    > maxInvalidPasswordAttempts="2"
    > minRequiredPasswordLength="7"
    > minRequiredNonalphanumericCharacters="1"
    > passwordAttemptWindow="10"
    > passwordStrengthRegularExpression=""/>
    > </providers>
    > </membership>
    > </system.web>-->
    Dominick Baier [DevelopMentor], May 23, 2006
    #9
  10. Learner

    Learner Guest

    Dominick,
    Thanks I will try that out then.
    -L
    Learner, May 23, 2006
    #10
  11. We have a similar problem.

    We are thinking of sending the user the UserID, Secret Question and Answer
    (not the password) and having the user request a new password (using
    password recovery) the first time he/she logs on.

    This is not a good solution because it will require a 4 step process:
    1) Send an email to the user with his/her UserID, Secret Question and Answer
    2) User requests a new password (using password recovery)
    3) Have the password recovery process send the user an email with the new
    password
    4) User logs in and changes the preassigned password
    Roberto Kohler, May 30, 2006
    #11
  12. Learner

    Learner Guest

    Hello Robertto,
    Thanks for the reply but I am sorry I couldn't get back on this
    becuase I was only the guy working on different stuff so kind occupied.
    yeah this a sort of long process... running shor of ideas here. My
    idea is to send User ID, Password, Secret Question and Answer ( Secret
    question and Answer are for future use) and find a way to force the
    user to change his/her password after first log in. I haven't thought
    of how I could implement this but it just popped up in my mind. Please
    let me know how do I force the user to go to the change password screen
    after his first log in. I am not sure if there is a way to find out
    using Membership API.

    Thanks
    -L
    Roberto Kohler wrote:
    > We have a similar problem.
    >
    > We are thinking of sending the user the UserID, Secret Question and Answer
    > (not the password) and having the user request a new password (using
    > password recovery) the first time he/she logs on.
    >
    > This is not a good solution because it will require a 4 step process:
    > 1) Send an email to the user with his/her UserID, Secret Question and Answer
    > 2) User requests a new password (using password recovery)
    > 3) Have the password recovery process send the user an email with the new
    > password
    > 4) User logs in and changes the preassigned password
    Learner, Jun 2, 2006
    #12
  13. Learner

    Ron Guest

    Re: How do I retreive Password, Secret Question and its answer fro

    Hi Learner.

    In the Login.aspx page of the site.

    This in the login LoggedIn Event

    protected void SiteLogin_LoggedIn(object sender, EventArgs e)
    {
    // Check and see if this is the first the user
    // has logged into the system if true then force
    // the user to change there password.
    if (this.IsFirstLogin())
    {
    this.Response.Redirect("ChangePassword.aspx");
    return;
    }

    }

    private bool IsFirstLogin()
    {
    return
    _loginUser.CreationDate.Equals(_loginUser.LastPasswordChangedDate);
    }

    Hope this helps.




    "Learner" wrote:

    > Hello Robertto,
    > Thanks for the reply but I am sorry I couldn't get back on this
    > becuase I was only the guy working on different stuff so kind occupied.
    > yeah this a sort of long process... running shor of ideas here. My
    > idea is to send User ID, Password, Secret Question and Answer ( Secret
    > question and Answer are for future use) and find a way to force the
    > user to change his/her password after first log in. I haven't thought
    > of how I could implement this but it just popped up in my mind. Please
    > let me know how do I force the user to go to the change password screen
    > after his first log in. I am not sure if there is a way to find out
    > using Membership API.
    >
    > Thanks
    > -L
    > Roberto Kohler wrote:
    > > We have a similar problem.
    > >
    > > We are thinking of sending the user the UserID, Secret Question and Answer
    > > (not the password) and having the user request a new password (using
    > > password recovery) the first time he/she logs on.
    > >
    > > This is not a good solution because it will require a 4 step process:
    > > 1) Send an email to the user with his/her UserID, Secret Question and Answer
    > > 2) User requests a new password (using password recovery)
    > > 3) Have the password recovery process send the user an email with the new
    > > password
    > > 4) User logs in and changes the preassigned password

    >
    >
    Ron, Jul 20, 2006
    #13
  14. hi i lost my password so i reset it and since doing so i have not been
    able to get to my secret question to retreive my new password


    *** Sent via Developersdex http://www.developersdex.com ***
    darrell heggaton, Jul 31, 2006
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vincent Courcelle

    Changing secret question/answer

    Vincent Courcelle, May 17, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    552
    sloan
    May 17, 2006
  2. AAaron123
    Replies:
    2
    Views:
    2,090
    AAaron123
    Jan 16, 2009
  3. AAaron123
    Replies:
    1
    Views:
    1,311
    Oriane
    Jan 16, 2009
  4. darrell heggaton

    getting new password from secret question

    darrell heggaton, Jul 31, 2006, in forum: ASP .Net Security
    Replies:
    0
    Views:
    134
    darrell heggaton
    Jul 31, 2006
  5. thunk
    Replies:
    1
    Views:
    292
    thunk
    Mar 30, 2010
Loading...

Share This Page