Re: Can I reset a password or remove a username?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I was thinking forms authentication. That is the code I have, which will not help you here. I may have some AD code somewhere, but I annot guarantee it, as it has been awhile since I did Intranet apps.

The main gotcha when going against active directory is you have to be using an account with enough permissions to change the information. Many opt to elevate the security priveleges of the website, which is a mistake.

To really use AD fully, you have to get into System.DirectoryServices, so Google searches should be in this direction and not with the AD bits in ASP.NET. An example of using AD to set and change passwords is here:
http://tinyurl.com/28frz4

Another option is here, if you want to use the search method:
http://forums.asp.net/t/1361779.aspx

I would hide the actual functionality behind a service front end, rather than code this directly in the website. This will shield you from any hacks. Even if the app is stricly internal, you would be surprised how much damage can be done by curious users.

Hope this helps!

--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA

Blog:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think Outside the Box! |
********************************************
"AAaron123" <aaaron123@xxxxxxxxxxxxxx> wrote in message news:ewO0dCYcJHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for this info.

I did find ActiveDirectoryMembershipProvider ResetPassword method and started to code against it. There seems to be some gotchas mentioned in the docs that I don't quite understand so I'd really appreciate seeing your code.

For example, it appears I must know the password answer to reset the password using this method. he user may not remember this.

Public Overrides Function ResetPassword ( _
username As String, _
passwordAnswer As String _
) As String

As to Goggle: I did spend quite some unproductive time looking there. The number of hits was very high and unhelpful. Maybe now that I know more I can use better keywords.

Bottom line is: I like very much to see what an experienced ASP.Net developer (you) produced.

Thanks again

"Gregory A. Beamer" <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx> wrote in message news:BE10458B-D667-4325-9DB2-514AEBDAF5C3@xxxxxxxxxxxxxxxx
If you are using ASP.NET membership, you can exercise full cotrol over the objects. You can even give the user full control to fix his problem, although I would not recommend it if he forgot everything, as that is a security hole wide enough for a novice hacker.

If you, as an admin, need to do this, Code against the Membership objects. I will have to peruse my code base (now on DVD) and find a sample, as I have already created a fairly simple admin page to reset a user's password. Hopefully I can get to this in the next few days. Until then, I would do a Google for ASP.NET Membership and start examining the objects. It is where you will find the way to solve the problem.

One gotcha (may not apply to you, but this is a public forum). If you try to create a common admin tool, be careful about how you instantiate the user's object, as you can lock up their account for the duration of your session (20 minutes after you log off).

--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA

Blog:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think Outside the Box! |
********************************************
"AAaron123" <aaaron123@xxxxxxxxxxxxxx> wrote in message news:%23$KsyiOcJHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
If a user gave an incorrect the email address or forgot the answer he gave to the specified question, I like to be able to reset the password.

If that is not possible, I'd like to be able to remove the Username so he can re-register and use the same name.

I know about System.Web.Security.Roles and am hoping there is something like that for password or user but can't find it.




Thanks






.

Relevant Pages

  • Re: Can I reset a password or remove a username?
    ... it appears I must know the password answer to reset the ... passwordAnswer As String _ ... If you, as an admin, need to do this, Code against the Membership ... One gotcha. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Can I reset a password or remove a username?
    ... it appears I must know the password answer to reset the ... passwordAnswer As String _ ... If you, as an admin, need to do this, Code against the Membership objects. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: [Full-disclosure] WordPress <= 2.8.3 Remote admin reset password
    ... And the admin passwd would be reseted. ... WordPress is a state-of-the-art publishing platform with a focus on ... The way Wordpress handle a password reset looks like this: ... An attacker could exploit this vulnerability to compromise the admin ...
    (Full-Disclosure)
  • Re: Sign on/off problem
    ... Answers to A. its not on a network but I can add it to ... You can put the disk into an external USB disk case, ... Question 2 Can I use Safemode with command promt to reset the Admin. ...
    (microsoft.public.windowsxp.general)
  • Re: Sign on/off problem
    ... Tryed a password reset program but it didn't blank admin. ... You can put the disk into an external USB disk case, then scan it while the case is connected to some other PC. ... > Question 1 why is it loging on then loging off. ...
    (microsoft.public.windowsxp.general)