I am using an SQLMemberShipProvider.
When I enter my username and password the following code is executed membershipProvider.ValidateUser(myUserName, myPassword) and returns true indicating that the user is valid.
I reset the password with the following code:
var username = membershipProvider.GetUser(myUserName, false);
username.ChangePassword(username.ResetPassword(), newPassword);
Now when I enter my username and the new changed password, the following executes again membershipProvider.ValidateUser(myUserName, newPassword), but this time the validation fails.
I don't understand this, as I am using the same provider for both calls of ValidateUser. The password seemed to have changed as the original password is no longer valid as well.
The password format is hashed, IsLocked is false and IsApproved is true.
Code looks good. This is occuring most porbably because resetPassword is not set to true in your web.config:
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="MyApplication" />
</providers>
</membership>
Ensure that enablePasswordReset="true" is set.
Related
I want to decrypt password in C# I am using the below code.
public class NetFourMembershipProvider : SqlMembershipProvider
{
public string GetClearTextPassword(string encryptedPwd)
{
try
{
byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);
byte[] bytes = this.DecryptPassword(encodedPassword);
if (bytes == null)
{
return null;
}
return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10);
}
catch (Exception)
{
throw;
}
}
}
And my web config file is
<configuration>
<system.web>
<machineKey validationKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" decryptionKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" decryption="3DES" validation="SHA1" />
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SiteSqlServer" enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
applicationName="DotNetNuke"
description="Stores and retrieves ......." />
</providers>
</membership>
<compilation debug="true" targetFramework="4.0" />
</system.web>
At this line byte[] bytes=this.DecryptPassword(encodedPassword); I am getting the below error message.
You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.
How can I convert passwords.
Please help me.
Note:- The validationkey is 40 characters and decryptionKey is a 48 charectors long data.
Thanks in Advance
Rather trying to decrypt the password. Store the encrypted password in database...and when you want to validate password use encrypted password entered by user and compare it to encrypted password stored in DB.
Generally alogorithms like SHA or MD5 is used to perform hashing on entered password..Actually, Hashing and Encryption is two different thing.In this case, Hashing is used.
i have a web service call a method to authenticate user
the method is :
public bool getUser(string User, string Pass)
{
return( Membership.ValidateUser(TvId, TvPass));
}
but Membership.ValidateUser need to get connection to db, and I'm using Entity framework , any help?
We have two different connection strings defined, one for EF and one for the Membership provider, even though they're both the same DB.
So in the Web.config we have:
<configuration>
<connectionStrings>
<!-- Used by the EF DbContext -->
<add name="EFConnection" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=localhost;Initial Catalog=MyDB;Persist Security Info=False;Trusted_Connection=yes;MultipleActiveResultSets=true;"" providerName="System.Data.EntityClient" />
<!-- Used for membership, see the Web.config entries below -->
<add name="ApplicationServices" connectionString="data source=localhost;initial catalog=MyDB;Persist Security Info=False;Trusted_Connection=yes;MultipleActiveResultSets=true;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<membership>
<providers>
<!-- Uses the ApplicationServices connection string defined above to set the connection information for the membership provider -->
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="ePubDirect" />
</providers>
</membership>
</system.web>
</configuration>
There's a load of other stuff in the Web.config too of course, and your connection strings will likely be very different than my local dev environment, but this is the type of wiring you need for your Membership to just work.
Instead of System.Web.Security.SqlMembershipProvider you may need something more like:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Or whatever membership provider you're using. Your detailed settings are likely to be different to these too.
It doesn't mean you r using entity framework or Ado.net classes to make the connection with the database. membership provider will work with entity framework as well. you need to define the membership connection string in the Web.config file
I am using the ASP.NET membership in my application.
When customers register I need to get the password of the user, is there any algorithm so that I can get the decrypted password.
eg:
1) we will be having set of tables that will be created on asp.net_membership where in that we store userName, password, password key, strength and security question.
<membership>`enter code here`
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, `enter code here `Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MMMS35.API"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="Moose"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="1"
passwordStrengthRegularExpression="" />
</providers>
</membership>
When customers register I need to get the password of the user, is there any algorithm so that I can get the decrypted password.
If you want to get the password entered by the user when he is registering, you can probably do so. For example, if you use the ASP.NET CreateUserWizard control, you can access the CreateUserWizard.Password property. Nevertheless, it's not very clear what you'd want to do with it.
If you want to get the user's password after he's registered, which is probably not a good idea from a security perspective as noted in the comments to your question, you need to configure your MembershipProvider with:
enablePasswordRetrieval="true"
passwordFormat="Clear" or "Encrypted"
I've created an MVC 4 app and for the first time I am trying to use membership.
I have a sql database where I have created the membership tables and using "ASP.NET Configuration" I have selected my providers, added roles and a user.
When I try to login using the login page, I get the error;
To call this method, the "Membership.Provider" property must be an
instance of "ExtendedMembershipProvider".
I am not using azure nor am i using NuGet.
My config file looks like;
<membership defaultProvider="SqlMembershipProvider">
<providers>
<add connectionStringName="ApplicationServices" name="SqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SqlRoleProvider">
<providers>
<add connectionStringName="ApplicationServices" name="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
That's all that was added for me.
My account controller has the following attribute but removing it makes no difference.
[InitializeSimpleMembership]
and it fails on this line;
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
What do I need to do to be able to log users in?
You set SqlMembershipProvider in config but trying to use SimpleMembershipProvider
Pick one and cofigure your app accordingly.
If you set up db against SimpleMembersip (most frequently one table with UserId, Username and other fields), then change your config as follows and make sure InitializeSimpleMembershipFilter looks for userId, username fields as they are set up in your table:
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
<roleManager defaultProvider=“SimpleRoleProvider“>
<providers>
<add name=“SimpleRoleProvider“ type=“WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData“/>
</providers>
</roleManager>
Otherwise, to set up SqlMembershipProvider you may refer to the bottom of this page: http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx
I am going crazy, when I go into the Web Site Administration Tool to create some new users, it always tells me that my password is not 7 characters long.
Error msg:
Password length minimum: 7. Non-alphanumeric characters required: 1.
Here is my web.config, seems like it is not even looked at.
<membership userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="AspNetSqlProvider" connectionStringName="LocalSqlServer"
type="System.Web.Security.SqlMembershipProvider"
applicationName="OCIS"
minRequiredPasswordLength="3"/>
</providers>
</membership>
I even went as far to modify the machine.config and after rebooting, still the same result.
Very frustrating.
You guys have any ideas why my web.config files seems to be ignored?
Thank you,
Steve
The AspNetSqlProvider is not the default provider name that is defined in the MembershipSection. Thus, you have to set the default provider name as follows.
<membership defaultProvider="AspNetSqlProvider">
<providers>
<add name="AspNetSqlProvider" ... />
</providers>
</membership>
You probably should never have need to modify machine.config but I understand your frustration.
First, try implementing all properties of the provider in your local config to your specs and see what happens..
<membership>
<providers>
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, ..."
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
</providers>
</membership>