Hi,
I collect hashed password in my BD. I give the opportunity to the user to
reset his password with the PasswordRecover y control. But, when he receive it
, it is a series fo strange characters like that ")(i5oA8&YPZB>Y "
How can I modify my webConfig to send human readable new password.
Tks
4  2568 
Hi,
As you know Asp.Net 2.0 password recovery control asks username first;
then if the user name exists in membership database the user receives
a clean password. If you are using hashed passwords in your membership
database, retrieving an old password is impossible since passwords are
one-way hashed. However if you make the following changes in
web.config file;
Passwordformat= ”hashed”
Passwordreset=” true”
Passwordretriav al=”false”
reference : http://www.codeproject.com/KB/aspnet..._Recovery.aspx
best of luck
Munna
Hi Munna. I checked your link to code project and this is waht the guy said :
you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first the
old password will be reset, then a random password will be generated and sent
to user’s e-mail account. It will be a totally meaningless, hard to remember
password so users will have to go to their account page to change their new
password.
This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except to
create a new control!!!
"Ghistos" <Gh*****@discus sions.microsoft .comwrote in message
news:7A******** *************** ***********@mic rosoft.com...
Hi Munna. I checked your link to code project and this is waht the guy
said :
you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first the
old password will be reset, then a random password will be generated and
sent
to user's e-mail account. It will be a totally meaningless, hard to
remember
password so users will have to go to their account page to change their
new
password.
This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except to
create a new control!!!
The point is to encourage the users to change their password. Of course they
should not be comfortable with hard to remember passwords.
But on the other hand, yes, we should be telling the person to use the newly
generated strong password to login and then change that password --but-- if
they are using an application like a Password Minder they will be using a
strong password that password manager generated or they will just edit their
password in the password manager to use the newly generated strong password
sent to them. Either way, once the strong password has been returned to them
it is a waste of time to keep worrying about them.
"Jeff Dillon" <je********@hot mailremove.comw rote in message
news:e3******** ******@TK2MSFTN GP04.phx.gbl...
"Ghistos" <Gh*****@discus sions.microsoft .comwrote in message
news:7A******** *************** ***********@mic rosoft.com...
>Hi Munna. I checked your link to code project and this is waht the guy
said :
you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first
the
old password will be reset, then a random password will be generated and
sent
to user's e-mail account. It will be a totally meaningless, hard to
remember
password so users will have to go to their account page to change their
new
password.
This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except
to
create a new control!!!
The point is to encourage the users to change their password. Of course
they should not be comfortable with hard to remember passwords.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: paulmac106 |
last post by:
Hi,
I'm having 2 problems with this control.
I save the password in the db as clear text, when a user uses the
PasswordRecovery tool the value is then encrypted and sent to the user
encrypted.
Also, can I use the PasswordRecovery tool without the part where it
asks you the security question? I want the user just to enter their
|
by: ned.kraushaar |
last post by:
Currently, the email that gets sent to a user with a new password is
very cryptic:
Please return to the site and log in using the following information.
User Name: nedkraushaar
Password: @(])1L7s!.xUD5
I would like to add some additional text and found that one can use
custom text specified in a text file by using the <MailDefinition> tags
within the <asp:PasswordRecovery> tags such as below:
|
by: John Hall |
last post by:
We are using Visual Web Developer 2005 Express and the ASP.NET administration
tool to create users. After we implemented <asp:passwordrecovery ... /> new
passwords are emailed to the user instead of the original one. I guess if we
save them in clear text instead of hashed, we can be emailed the original
password. Question: How to have the ASP.NET administration tool and the
asp:createUserWizard control to use only clear text passwords so we...
|
by: =?Utf-8?B?V0I=?= |
last post by:
Hi,
Does anyone know how to programmatically get the new password from the
PasswordRecovery control?
I'm modifying the SendingMail event of my PasswordRecovery control so that I
can customize the message, but I don't know how I can get the new password to
include in this message.
Thanks,
|
by: =?Utf-8?B?am1obWFpbmU=?= |
last post by:
I'm trying to create a process that allows me to limit the non-alphanumeric
characters generated with the PasswordRecovery control. Specially I want to
suppress some characters for security reasons. With textboxes I'm doing this
with a RegularExpressionValidator control and have the following the
following attribute setup:
ValidationExpression="^{6,100}"
This limits the user input to alphanumeric characters as well of some
selected...
| | |
by: Ben |
last post by:
Hi,
when a password is sent to the user via email with the PasswordRecovery
control, is it sent in "clear" even if the password is hashed or encrypted?
Thanks
Ben
|
by: =?Utf-8?B?SHVzYW0=?= |
last post by:
Hi EveryBody:
I use the PasswordRecovery Class to recover the user password, as we know
there is
some setting that must be done to config the mail, I but the following code
into my web config file :
<system.net>
<mailSettings>
<smtp from ="husam_108@yahoo.com">
|
by: =?Utf-8?B?TW9yZ2Fu?= |
last post by:
I have a PasswordRecovery web control as part of my login functionality that
I have successfully tested in an application I'm building. I was asked to
migrate some historical user data into the aspnet_application_services tables
for this app, so I thought the best thing to do would be to just migrate all
the user data with the exception of the passwords, and add text to the
membership comment that read 'EncryptMe' or something like that. ...
|
by: paul.haines |
last post by:
Does anyone know how to change the current mode in the
PasswordRecovery control?
I have an instance on the "login.aspx" page and, after the user has
successfully had their password emailed to them I was hoping I could
re-set it back to the "enter username", (or "enter password answer" as
the name's already entered), so they can try again. (Or even just show
a button which, when pressed, causes the same thing).
Any suggestions for how...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
