469,582 Members | 2,477 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,582 developers. It's quick & easy.

Problem changing password

Hi

I am trying to set a new password using the following code;

Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String

OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if

The problem is that it gives me the following error on the line OldPassword
= u.GetPassword;

System.NotSupportedException: This Membership Provider has not been
configured to support password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String username,
String passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()

What is the problem and how can I fix it? Ideally I don't want to have to
answer the security question.

Thanks

Regards
Aug 29 '06 #1
5 3102
The default membership provider (look for the configuration in
<framework dir>/config/machine.config.comments) has
enablePasswordRetrieval="false"

It also has passwordFormat="hashed" and if you read the help for the
MembershipProvider class it will tell you GetPassword should throw an
exception if EnablePasswordRetrieval is true and password format is hashed.

So if you want to retrieve the password in the way you are you will need
to change the provider to enable retrieving thepassword *and* to turn of
hashing (note that turning off hashing will reduce security of the password)

Kevin Jones

John wrote:
Hi

I am trying to set a new password using the following code;

Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String

OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if

The problem is that it gives me the following error on the line OldPassword
= u.GetPassword;

System.NotSupportedException: This Membership Provider has not been
configured to support password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String username,
String passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()

What is the problem and how can I fix it? Ideally I don't want to have to
answer the security question.

Thanks

Regards

Aug 29 '06 #2
Hi

I am using the AspNetSqlProvider but the site is hosted on a public hosting
company. Any way to override enablePasswordRetrieval="false" in application
configuration or any other way as I have no control over what host sets on
their servers? If this is not possible, any way to set a new password
without knowing the old one?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:%2***************@TK2MSFTNGP03.phx.gbl...
The default membership provider (look for the configuration in <framework
dir>/config/machine.config.comments) has enablePasswordRetrieval="false"

It also has passwordFormat="hashed" and if you read the help for the
MembershipProvider class it will tell you GetPassword should throw an
exception if EnablePasswordRetrieval is true and password format is
hashed.

So if you want to retrieve the password in the way you are you will need
to change the provider to enable retrieving thepassword *and* to turn of
hashing (note that turning off hashing will reduce security of the
password)

Kevin Jones

John wrote:
>Hi

I am trying to set a new password using the following code;

Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String

OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if

The problem is that it gives me the following error on the line
OldPassword = u.GetPassword;

System.NotSupportedException: This Membership Provider has not been
configured to support password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String
username, String passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()

What is the problem and how can I fix it? Ideally I don't want to have to
answer the security question.

Thanks

Regards

Aug 29 '06 #3
You can add the provider data to your own web.config file, something like

<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear />
<add connectionStringName="LocalSqlServer"
enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="/"
requiresUniqueEmail="false" passwordFormat="Encrypted"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>

See the MembershipProvider help for use of the PasswordFormat property
and how it affects your processing,

Kevin Jones

John wrote:
Hi

I am using the AspNetSqlProvider but the site is hosted on a public hosting
company. Any way to override enablePasswordRetrieval="false" in application
configuration or any other way as I have no control over what host sets on
their servers? If this is not possible, any way to set a new password
without knowing the old one?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:%2***************@TK2MSFTNGP03.phx.gbl...
>The default membership provider (look for the configuration in <framework
dir>/config/machine.config.comments) has enablePasswordRetrieval="false"

It also has passwordFormat="hashed" and if you read the help for the
MembershipProvider class it will tell you GetPassword should throw an
exception if EnablePasswordRetrieval is true and password format is
hashed.

So if you want to retrieve the password in the way you are you will need
to change the provider to enable retrieving thepassword *and* to turn of
hashing (note that turning off hashing will reduce security of the
password)

Kevin Jones

John wrote:
>>Hi

I am trying to set a new password using the following code;

Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String

OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if

The problem is that it gives me the following error on the line
OldPassword = u.GetPassword;

System.NotSupportedException: This Membership Provider has not been
configured to support password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String
username, String passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()

What is the problem and how can I fix it? Ideally I don't want to have to
answer the security question.

Thanks

Regards

Aug 29 '06 #4
Thanks. I have set enablePasswordRetrieval="true" and
passwordFormat="Encrypted" in the web.config of my app. Now I am getting the
following error on the line; Dim newUser As MembershipUser =
Membership.CreateUser(Username, Password, Email)

You must specify a non-autogenerated machine key to store passwords in the
encrypted format. Either specify a different passwordFormat, or change the
machineKey configuration to use a non-autogenerated decryption key.

What is the problem?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:eX**************@TK2MSFTNGP03.phx.gbl...
You can add the provider data to your own web.config file, something like

<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear />
<add connectionStringName="LocalSqlServer"
enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="/"
requiresUniqueEmail="false" passwordFormat="Encrypted"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>

See the MembershipProvider help for use of the PasswordFormat property and
how it affects your processing,

Kevin Jones

John wrote:
>Hi

I am using the AspNetSqlProvider but the site is hosted on a public
hosting company. Any way to override enablePasswordRetrieval="false" in
application configuration or any other way as I have no control over what
host sets on their servers? If this is not possible, any way to set a new
password without knowing the old one?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:%2***************@TK2MSFTNGP03.phx.gbl...
>>The default membership provider (look for the configuration in
<framework dir>/config/machine.config.comments) has
enablePasswordRetrieval="false"

It also has passwordFormat="hashed" and if you read the help for the
MembershipProvider class it will tell you GetPassword should throw an
exception if EnablePasswordRetrieval is true and password format is
hashed.

So if you want to retrieve the password in the way you are you will need
to change the provider to enable retrieving thepassword *and* to turn of
hashing (note that turning off hashing will reduce security of the
password)

Kevin Jones

John wrote:
Hi

I am trying to set a new password using the following code;

Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String

OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if

The problem is that it gives me the following error on the line
OldPassword = u.GetPassword;

System.NotSupportedException: This Membership Provider has not been
configured to support password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String
username, String passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()

What is the problem and how can I fix it? Ideally I don't want to have
to answer the security question.

Thanks

Regards
Aug 29 '06 #5
re:
What is the problem?
If you store encrypted passwords, you can't use autogenerated decryption keys.

Change the machineKey configuration to use a non-autogenerated decryption key,
if you want to use encrypted passwords.

You can use this nifty, free, utility written by Peter Bromberg
to generate your validation and decryption keys:

http://www.eggheadcafe.com/articles/...achineKey.aspx

Just write any word/phrase of your choosing and click the "generate" button.
Then, copy the result into your web.config.


Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"John" <Jo**@nospam.infovis.co.ukwrote in message news:O1**************@TK2MSFTNGP06.phx.gbl...
Thanks. I have set enablePasswordRetrieval="true" and passwordFormat="Encrypted" in the web.config
of my app. Now I am getting the following error on the line; Dim newUser As MembershipUser =
Membership.CreateUser(Username, Password, Email)

You must specify a non-autogenerated machine key to store passwords in the encrypted format.
Either specify a different passwordFormat, or change the machineKey configuration to use a
non-autogenerated decryption key.

What is the problem?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:eX**************@TK2MSFTNGP03.phx.gbl...
>You can add the provider data to your own web.config file, something like

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15"
hashAlgorithmType="">
<providers>
<clear />
<add connectionStringName="LocalSqlServer"
enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="/"
requiresUniqueEmail="false" passwordFormat="Encrypted"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>

See the MembershipProvider help for use of the PasswordFormat property and how it affects your
processing,

Kevin Jones

John wrote:
>>Hi

I am using the AspNetSqlProvider but the site is hosted on a public hosting company. Any way to
override enablePasswordRetrieval="false" in application configuration or any other way as I have
no control over what host sets on their servers? If this is not possible, any way to set a new
password without knowing the old one?

Thanks

Regards

"Kevin Jones" <kj**********@develop.comwrote in message
news:%2***************@TK2MSFTNGP03.phx.gbl...
The default membership provider (look for the configuration in <framework
dir>/config/machine.config.comments) has enablePasswordRetrieval="false"

It also has passwordFormat="hashed" and if you read the help for the MembershipProvider class
it will tell you GetPassword should throw an exception if EnablePasswordRetrieval is true and
password format is hashed.

So if you want to retrieve the password in the way you are you will need to change the provider
to enable retrieving thepassword *and* to turn of hashing (note that turning off hashing will
reduce security of the password)

Kevin Jones

John wrote:
Hi
>
I am trying to set a new password using the following code;
>
Dim u As MembershipUser = Membership.GetUser(UserName)
Dim OldPassword As String
>
OldPassword = u.GetPassword
If u.ChangePassword(OldPassword, Password) Then
ChangePassword = True
end if
>
The problem is that it gives me the following error on the line OldPassword = u.GetPassword;
>
System.NotSupportedException: This Membership Provider has not been configured to support
password retrieval.
at System.Web.Security.SqlMembershipProvider.GetPassw ord(String username, String
passwordAnswer)
at System.Web.Security.MembershipUser.GetPassword()
>
What is the problem and how can I fix it? Ideally I don't want to have to answer the security
question.
>
Thanks
>
Regards

Aug 29 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by John Morgan | last post: by
1 post views Thread by patrickshroads | last post: by
4 posts views Thread by Arsalan Ahmad | last post: by
2 posts views Thread by Dhika Cikul | last post: by
1 post views Thread by =?Utf-8?B?SHVzYW0=?= | last post: by
reply views Thread by Michael Burgess | last post: by
4 posts views Thread by John Kotuby | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.