Re: Can I reset a password or remove a username?
- From: "AAaron123" <aaaron123@xxxxxxxxxxxxxx>
- Date: Thu, 8 Jan 2009 13:30:17 -0500
I looked at those sites an think I'm in the wrong ballpark.
What I want to do is to add a capability so that when I'm logged into my
site (that is on an remote hosting ISP computer) I'll be able to change
another user's password.
Is the AD method I sited below the way to go?
I've used Membership.DeleteUser and am hoping that changing password is as
straightforward.
I found MembershipUser ChangePassword but this seems to require me to know
the old password.
Guess I'm not having much luck finding the correct approach.
Thanks
"Gregory A. Beamer" <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx> wrote in message
news:4BAC84BE-2FF1-485E-9E32-D1085498463F@xxxxxxxxxxxxxxxx
I was thinking forms authentication. That is the code I have, which will
not help you here. I may have some AD code somewhere, but I annot guarantee
it, as it has been awhile since I did Intranet apps.
The main gotcha when going against active directory is you have to be
using an account with enough permissions to change the information. Many
opt to elevate the security priveleges of the website, which is a mistake.
To really use AD fully, you have to get into System.DirectoryServices, so
Google searches should be in this direction and not with the AD bits in
ASP.NET. An example of using AD to set and change passwords is here:
http://tinyurl.com/28frz4
Another option is here, if you want to use the search method:
http://forums.asp.net/t/1361779.aspx
I would hide the actual functionality behind a service front end, rather
than code this directly in the website. This will shield you from any
hacks. Even if the app is stricly internal, you would be surprised how
much damage can be done by curious users.
Hope this helps!
--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA
Blog:
http://feeds.feedburner.com/GregoryBeamer
********************************************
| Think Outside the Box! |
********************************************
"AAaron123" <aaaron123@xxxxxxxxxxxxxx> wrote in message
news:ewO0dCYcJHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for this info.
I did find ActiveDirectoryMembershipProvider ResetPassword method and
started to code against it. There seems to be some gotchas mentioned in
the docs that I don't quite understand so I'd really appreciate seeing
your code.
For example, it appears I must know the password answer to reset the
password using this method. he user may not remember this.
Public Overrides Function ResetPassword ( _
username As String, _
passwordAnswer As String _
) As String
As to Goggle: I did spend quite some unproductive time looking there. The
number of hits was very high and unhelpful. Maybe now that I know more I
can use better keywords.
Bottom line is: I like very much to see what an experienced ASP.Net
developer (you) produced.
Thanks again
"Gregory A. Beamer" <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx> wrote in message
news:BE10458B-D667-4325-9DB2-514AEBDAF5C3@xxxxxxxxxxxxxxxx
If you are using ASP.NET membership, you can exercise full cotrol over
the objects. You can even give the user full control to fix his problem,
although I would not recommend it if he forgot everything, as that is a
security hole wide enough for a novice hacker.
If you, as an admin, need to do this, Code against the Membership
objects. I will have to peruse my code base (now on DVD) and find a
sample, as I have already created a fairly simple admin page to reset a
user's password. Hopefully I can get to this in the next few days. Until
then, I would do a Google for ASP.NET Membership and start examining the
objects. It is where you will find the way to solve the problem.
One gotcha (may not apply to you, but this is a public forum). If you
try to create a common admin tool, be careful about how you instantiate
the user's object, as you can lock up their account for the duration of
your session (20 minutes after you log off).
--
Gregory A. Beamer
MVP: MCP: +I, SE, SD, DBA
Blog:
http://feeds.feedburner.com/GregoryBeamer
********************************************
| Think Outside the Box! |
********************************************
"AAaron123" <aaaron123@xxxxxxxxxxxxxx> wrote in message
news:%23$KsyiOcJHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
If a user gave an incorrect the email address or forgot the answer he
gave to the specified question, I like to be able to reset the
password.
If that is not possible, I'd like to be able to remove the Username so
he can re-register and use the same name.
I know about System.Web.Security.Roles and am hoping there is something
like that for password or user but can't find it.
Thanks
.
- References:
- Can I reset a password or remove a username?
- From: AAaron123
- Re: Can I reset a password or remove a username?
- From: Gregory A. Beamer
- Re: Can I reset a password or remove a username?
- From: AAaron123
- Re: Can I reset a password or remove a username?
- From: Gregory A. Beamer
- Can I reset a password or remove a username?
- Prev by Date: Re: Web Method Returning XmlDocument/IXPathNavigable and FxCop
- Next by Date: Gridview Update/Cancel Inside UpdatePanel
- Previous by thread: Re: Can I reset a password or remove a username?
- Next by thread: Re: Can I reset a password or remove a username?
- Index(es):
Relevant Pages
|
