Hello,
I am having some problems with these functions which are to be part of the
forgotten password system for a website. I am sure it is something simple
but I can't see it. I would be grateful for any help anyone could offer.
The plan is: The users forgets their password so they enter their email
address together with responses to some security questions (currently just
zip/postcode). A random password is generated and, providing the security
questions validate, is hashed and stored to the password field in the DB
user table. The new password is emailed to the user.
Here is the problem: If I let the code do the work I can not log the user in
using the generated password. However, if I bypass GeneratePassword by
substituting it with a password that was previously generated, and emailed,
by the code - so the line becomes: Dim ForgotPassword as String =
"Giz8q1hm" - everything works and the password validates when I log in using
it.
Here is the code:
Private Shared ReadOnly _allowedChars As String =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ0123456789"
'''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''
' GenerateForgotPassword
'''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''
Public Shared Function GenerateForgotPassword(ByVal EmailAddress As String,
ByVal PostCode As String) As Boolean
Dim moduleSettings As Configuration.ModuleSettings =
Configuration.ModuleConfig.GetSettings()
' Generate a random password
Dim ForgotPassword As String = GeneratePassword(8)
Dim hashRandomPassword As Byte() =
SitePrincipal.EncryptPassword(ForgotPassword)
' Store password to user table
Dim User As New Data.User(moduleSettings.ConnectionString)
If User.GenerateForgotPassword(EmailAddress, PostCode, hashRandomPassword)
Then
' Email password to user
Dim strMailBody As String
strMailBody = "Test Generate Password : " & ForgotPassword
ApplicationTools.SendMail("ad************@ntlworld .com",
"em***@adamcarpenter.co.uk", "Test Generate Password", strMailBody)
Return True
End If
End Function
'''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''
' Generate Password
'''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''
Private Shared Function GeneratePassword(ByVal length As Integer) As String
' Get random bytes from RNGCryptoServiceProvider
Dim randomBytes(length) As Byte
Dim rng As New RNGCryptoServiceProvider()
rng.GetBytes(randomBytes)
' Convert bytes to characters from allowed characters
Dim chars(length) As Char
Dim allowedCharCount = _allowedChars.Length
Dim i As Integer
For i = 0 To length - 1
chars(i) = _allowedChars.Chars(randomBytes(i) Mod allowedCharCount)
Next
Return New String(chars)
End Function
Any ideas what could be wrong? Many thanks in advance.
Adam
