Problem changing password

Discussion in 'ASP .Net Web Services' started by John, Aug 29, 2006.

  1. John

    John Guest

    Hi

    I am trying to set a new password using the following code;

    Dim u As MembershipUser = Membership.GetUser(UserName)
    Dim OldPassword As String

    OldPassword = u.GetPassword
    If u.ChangePassword(OldPassword, Password) Then
    ChangePassword = True
    end if

    The problem is that it gives me the following error on the line OldPassword
    = u.GetPassword;

    System.NotSupportedException: This Membership Provider has not been
    configured to support password retrieval.
    at System.Web.Security.SqlMembershipProvider.GetPassword(String username,
    String passwordAnswer)
    at System.Web.Security.MembershipUser.GetPassword()

    What is the problem and how can I fix it? Ideally I don't want to have to
    answer the security question.

    Thanks

    Regards
    John, Aug 29, 2006
    #1
    1. Advertising

  2. John

    Kevin Jones Guest

    The default membership provider (look for the configuration in
    <framework dir>/config/machine.config.comments) has
    enablePasswordRetrieval="false"

    It also has passwordFormat="hashed" and if you read the help for the
    MembershipProvider class it will tell you GetPassword should throw an
    exception if EnablePasswordRetrieval is true and password format is hashed.

    So if you want to retrieve the password in the way you are you will need
    to change the provider to enable retrieving thepassword *and* to turn of
    hashing (note that turning off hashing will reduce security of the password)

    Kevin Jones

    John wrote:
    > Hi
    >
    > I am trying to set a new password using the following code;
    >
    > Dim u As MembershipUser = Membership.GetUser(UserName)
    > Dim OldPassword As String
    >
    > OldPassword = u.GetPassword
    > If u.ChangePassword(OldPassword, Password) Then
    > ChangePassword = True
    > end if
    >
    > The problem is that it gives me the following error on the line OldPassword
    > = u.GetPassword;
    >
    > System.NotSupportedException: This Membership Provider has not been
    > configured to support password retrieval.
    > at System.Web.Security.SqlMembershipProvider.GetPassword(String username,
    > String passwordAnswer)
    > at System.Web.Security.MembershipUser.GetPassword()
    >
    > What is the problem and how can I fix it? Ideally I don't want to have to
    > answer the security question.
    >
    > Thanks
    >
    > Regards
    >
    >
    Kevin Jones, Aug 29, 2006
    #2
    1. Advertising

  3. John

    John Guest

    Hi

    I am using the AspNetSqlProvider but the site is hosted on a public hosting
    company. Any way to override enablePasswordRetrieval="false" in application
    configuration or any other way as I have no control over what host sets on
    their servers? If this is not possible, any way to set a new password
    without knowing the old one?

    Thanks

    Regards

    "Kevin Jones" <> wrote in message
    news:%...
    > The default membership provider (look for the configuration in <framework
    > dir>/config/machine.config.comments) has enablePasswordRetrieval="false"
    >
    > It also has passwordFormat="hashed" and if you read the help for the
    > MembershipProvider class it will tell you GetPassword should throw an
    > exception if EnablePasswordRetrieval is true and password format is
    > hashed.
    >
    > So if you want to retrieve the password in the way you are you will need
    > to change the provider to enable retrieving thepassword *and* to turn of
    > hashing (note that turning off hashing will reduce security of the
    > password)
    >
    > Kevin Jones
    >
    > John wrote:
    >> Hi
    >>
    >> I am trying to set a new password using the following code;
    >>
    >> Dim u As MembershipUser = Membership.GetUser(UserName)
    >> Dim OldPassword As String
    >>
    >> OldPassword = u.GetPassword
    >> If u.ChangePassword(OldPassword, Password) Then
    >> ChangePassword = True
    >> end if
    >>
    >> The problem is that it gives me the following error on the line
    >> OldPassword = u.GetPassword;
    >>
    >> System.NotSupportedException: This Membership Provider has not been
    >> configured to support password retrieval.
    >> at System.Web.Security.SqlMembershipProvider.GetPassword(String
    >> username, String passwordAnswer)
    >> at System.Web.Security.MembershipUser.GetPassword()
    >>
    >> What is the problem and how can I fix it? Ideally I don't want to have to
    >> answer the security question.
    >>
    >> Thanks
    >>
    >> Regards
    John, Aug 29, 2006
    #3
  4. John

    Kevin Jones Guest

    You can add the provider data to your own web.config file, something like

    <membership defaultProvider="AspNetSqlMembershipProvider"
    userIsOnlineTimeWindow="15" hashAlgorithmType="">
    <providers>
    <clear />
    <add connectionStringName="LocalSqlServer"
    enablePasswordRetrieval="true" enablePasswordReset="true"
    requiresQuestionAndAnswer="true" applicationName="/"
    requiresUniqueEmail="false" passwordFormat="Encrypted"
    maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="1"
    passwordAttemptWindow="10"
    passwordStrengthRegularExpression=""
    name="AspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
    </membership>

    See the MembershipProvider help for use of the PasswordFormat property
    and how it affects your processing,

    Kevin Jones

    John wrote:
    > Hi
    >
    > I am using the AspNetSqlProvider but the site is hosted on a public hosting
    > company. Any way to override enablePasswordRetrieval="false" in application
    > configuration or any other way as I have no control over what host sets on
    > their servers? If this is not possible, any way to set a new password
    > without knowing the old one?
    >
    > Thanks
    >
    > Regards
    >
    > "Kevin Jones" <> wrote in message
    > news:%...
    >> The default membership provider (look for the configuration in <framework
    >> dir>/config/machine.config.comments) has enablePasswordRetrieval="false"
    >>
    >> It also has passwordFormat="hashed" and if you read the help for the
    >> MembershipProvider class it will tell you GetPassword should throw an
    >> exception if EnablePasswordRetrieval is true and password format is
    >> hashed.
    >>
    >> So if you want to retrieve the password in the way you are you will need
    >> to change the provider to enable retrieving thepassword *and* to turn of
    >> hashing (note that turning off hashing will reduce security of the
    >> password)
    >>
    >> Kevin Jones
    >>
    >> John wrote:
    >>> Hi
    >>>
    >>> I am trying to set a new password using the following code;
    >>>
    >>> Dim u As MembershipUser = Membership.GetUser(UserName)
    >>> Dim OldPassword As String
    >>>
    >>> OldPassword = u.GetPassword
    >>> If u.ChangePassword(OldPassword, Password) Then
    >>> ChangePassword = True
    >>> end if
    >>>
    >>> The problem is that it gives me the following error on the line
    >>> OldPassword = u.GetPassword;
    >>>
    >>> System.NotSupportedException: This Membership Provider has not been
    >>> configured to support password retrieval.
    >>> at System.Web.Security.SqlMembershipProvider.GetPassword(String
    >>> username, String passwordAnswer)
    >>> at System.Web.Security.MembershipUser.GetPassword()
    >>>
    >>> What is the problem and how can I fix it? Ideally I don't want to have to
    >>> answer the security question.
    >>>
    >>> Thanks
    >>>
    >>> Regards

    >
    >
    Kevin Jones, Aug 29, 2006
    #4
  5. John

    John Guest

    Thanks. I have set enablePasswordRetrieval="true" and
    passwordFormat="Encrypted" in the web.config of my app. Now I am getting the
    following error on the line; Dim newUser As MembershipUser =
    Membership.CreateUser(Username, Password, Email)

    You must specify a non-autogenerated machine key to store passwords in the
    encrypted format. Either specify a different passwordFormat, or change the
    machineKey configuration to use a non-autogenerated decryption key.

    What is the problem?

    Thanks

    Regards

    "Kevin Jones" <> wrote in message
    news:...
    > You can add the provider data to your own web.config file, something like
    >
    > <membership defaultProvider="AspNetSqlMembershipProvider"
    > userIsOnlineTimeWindow="15" hashAlgorithmType="">
    > <providers>
    > <clear />
    > <add connectionStringName="LocalSqlServer"
    > enablePasswordRetrieval="true" enablePasswordReset="true"
    > requiresQuestionAndAnswer="true" applicationName="/"
    > requiresUniqueEmail="false" passwordFormat="Encrypted"
    > maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    > minRequiredNonalphanumericCharacters="1"
    > passwordAttemptWindow="10"
    > passwordStrengthRegularExpression=""
    > name="AspNetSqlMembershipProvider"
    > type="System.Web.Security.SqlMembershipProvider, System.Web,
    > Version=2.0.0.0, Culture=neutral,
    > PublicKeyToken=b03f5f7f11d50a3a" />
    > </providers>
    > </membership>
    >
    > See the MembershipProvider help for use of the PasswordFormat property and
    > how it affects your processing,
    >
    > Kevin Jones
    >
    > John wrote:
    >> Hi
    >>
    >> I am using the AspNetSqlProvider but the site is hosted on a public
    >> hosting company. Any way to override enablePasswordRetrieval="false" in
    >> application configuration or any other way as I have no control over what
    >> host sets on their servers? If this is not possible, any way to set a new
    >> password without knowing the old one?
    >>
    >> Thanks
    >>
    >> Regards
    >>
    >> "Kevin Jones" <> wrote in message
    >> news:%...
    >>> The default membership provider (look for the configuration in
    >>> <framework dir>/config/machine.config.comments) has
    >>> enablePasswordRetrieval="false"
    >>>
    >>> It also has passwordFormat="hashed" and if you read the help for the
    >>> MembershipProvider class it will tell you GetPassword should throw an
    >>> exception if EnablePasswordRetrieval is true and password format is
    >>> hashed.
    >>>
    >>> So if you want to retrieve the password in the way you are you will need
    >>> to change the provider to enable retrieving thepassword *and* to turn of
    >>> hashing (note that turning off hashing will reduce security of the
    >>> password)
    >>>
    >>> Kevin Jones
    >>>
    >>> John wrote:
    >>>> Hi
    >>>>
    >>>> I am trying to set a new password using the following code;
    >>>>
    >>>> Dim u As MembershipUser = Membership.GetUser(UserName)
    >>>> Dim OldPassword As String
    >>>>
    >>>> OldPassword = u.GetPassword
    >>>> If u.ChangePassword(OldPassword, Password) Then
    >>>> ChangePassword = True
    >>>> end if
    >>>>
    >>>> The problem is that it gives me the following error on the line
    >>>> OldPassword = u.GetPassword;
    >>>>
    >>>> System.NotSupportedException: This Membership Provider has not been
    >>>> configured to support password retrieval.
    >>>> at System.Web.Security.SqlMembershipProvider.GetPassword(String
    >>>> username, String passwordAnswer)
    >>>> at System.Web.Security.MembershipUser.GetPassword()
    >>>>
    >>>> What is the problem and how can I fix it? Ideally I don't want to have
    >>>> to answer the security question.
    >>>>
    >>>> Thanks
    >>>>
    >>>> Regards

    >>
    John, Aug 29, 2006
    #5
  6. re:
    > What is the problem?


    If you store encrypted passwords, you can't use autogenerated decryption keys.

    Change the machineKey configuration to use a non-autogenerated decryption key,
    if you want to use encrypted passwords.

    You can use this nifty, free, utility written by Peter Bromberg
    to generate your validation and decryption keys:

    http://www.eggheadcafe.com/articles/GenerateMachineKey/GenerateMachineKey.aspx

    Just write any word/phrase of your choosing and click the "generate" button.
    Then, copy the result into your web.config.




    Juan T. Llibre, asp.net MVP
    aspnetfaq.com : http://www.aspnetfaq.com/
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en espaƱol : http://asp.net.do/foros/
    ===================================
    "John" <> wrote in message news:O1$...
    > Thanks. I have set enablePasswordRetrieval="true" and passwordFormat="Encrypted" in the web.config
    > of my app. Now I am getting the following error on the line; Dim newUser As MembershipUser =
    > Membership.CreateUser(Username, Password, Email)
    >
    > You must specify a non-autogenerated machine key to store passwords in the encrypted format.
    > Either specify a different passwordFormat, or change the machineKey configuration to use a
    > non-autogenerated decryption key.
    >
    > What is the problem?
    >
    > Thanks
    >
    > Regards
    >
    > "Kevin Jones" <> wrote in message
    > news:...
    >> You can add the provider data to your own web.config file, something like
    >>
    >> <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15"
    >> hashAlgorithmType="">
    >> <providers>
    >> <clear />
    >> <add connectionStringName="LocalSqlServer"
    >> enablePasswordRetrieval="true" enablePasswordReset="true"
    >> requiresQuestionAndAnswer="true" applicationName="/"
    >> requiresUniqueEmail="false" passwordFormat="Encrypted"
    >> maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    >> minRequiredNonalphanumericCharacters="1"
    >> passwordAttemptWindow="10"
    >> passwordStrengthRegularExpression=""
    >> name="AspNetSqlMembershipProvider"
    >> type="System.Web.Security.SqlMembershipProvider, System.Web,
    >> Version=2.0.0.0, Culture=neutral,
    >> PublicKeyToken=b03f5f7f11d50a3a" />
    >> </providers>
    >> </membership>
    >>
    >> See the MembershipProvider help for use of the PasswordFormat property and how it affects your
    >> processing,
    >>
    >> Kevin Jones
    >>
    >> John wrote:
    >>> Hi
    >>>
    >>> I am using the AspNetSqlProvider but the site is hosted on a public hosting company. Any way to
    >>> override enablePasswordRetrieval="false" in application configuration or any other way as I have
    >>> no control over what host sets on their servers? If this is not possible, any way to set a new
    >>> password without knowing the old one?
    >>>
    >>> Thanks
    >>>
    >>> Regards
    >>>
    >>> "Kevin Jones" <> wrote in message
    >>> news:%...
    >>>> The default membership provider (look for the configuration in <framework
    >>>> dir>/config/machine.config.comments) has enablePasswordRetrieval="false"
    >>>>
    >>>> It also has passwordFormat="hashed" and if you read the help for the MembershipProvider class
    >>>> it will tell you GetPassword should throw an exception if EnablePasswordRetrieval is true and
    >>>> password format is hashed.
    >>>>
    >>>> So if you want to retrieve the password in the way you are you will need to change the provider
    >>>> to enable retrieving thepassword *and* to turn of hashing (note that turning off hashing will
    >>>> reduce security of the password)
    >>>>
    >>>> Kevin Jones
    >>>>
    >>>> John wrote:
    >>>>> Hi
    >>>>>
    >>>>> I am trying to set a new password using the following code;
    >>>>>
    >>>>> Dim u As MembershipUser = Membership.GetUser(UserName)
    >>>>> Dim OldPassword As String
    >>>>>
    >>>>> OldPassword = u.GetPassword
    >>>>> If u.ChangePassword(OldPassword, Password) Then
    >>>>> ChangePassword = True
    >>>>> end if
    >>>>>
    >>>>> The problem is that it gives me the following error on the line OldPassword = u.GetPassword;
    >>>>>
    >>>>> System.NotSupportedException: This Membership Provider has not been configured to support
    >>>>> password retrieval.
    >>>>> at System.Web.Security.SqlMembershipProvider.GetPassword(String username, String
    >>>>> passwordAnswer)
    >>>>> at System.Web.Security.MembershipUser.GetPassword()
    >>>>>
    >>>>> What is the problem and how can I fix it? Ideally I don't want to have to answer the security
    >>>>> question.
    >>>>>
    >>>>> Thanks
    >>>>>
    >>>>> Regards
    >>>

    >
    Juan T. Llibre, Aug 29, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. - Steve -
    Replies:
    3
    Views:
    2,350
    Bruno Sirianni
    Apr 2, 2004
  2. John

    Problem changing password

    John, Aug 29, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    12,521
    Juan T. Llibre
    Aug 29, 2006
  3. AAaron123
    Replies:
    2
    Views:
    2,154
    AAaron123
    Jan 16, 2009
  4. AAaron123
    Replies:
    1
    Views:
    1,335
    Oriane
    Jan 16, 2009
  5. John

    Problem changing password

    John, Aug 29, 2006, in forum: ASP .Net Security
    Replies:
    5
    Views:
    142
    Juan T. Llibre
    Aug 29, 2006
Loading...

Share This Page