Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I am using the Umbraco Membership Provide in my Umbraco MVC project. One of the features for my users is the ability to reset the password in case a member has forgotten his. If a user wants to reset his password, the user first has to answer a password question. It's a quite familair pattern as far as I know.
In order to do that I have the following line in my web.config:
<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" defaultMemberTypeAlias="customer" passwordFormat="Hashed" umbracoApprovePropertyTypeAlias="approved" umbracoLockPropertyTypeAlias="lockedOut" umbracoCommentPropertyTypeAlias="comments" umbracoLastLoginPropertyTypeAlias="lastLogonDate" umbracoPasswordRetrievalQuestionPropertyTypeAlias="passwordRetrievalQuestion" umbracoPasswordRetrievalAnswerPropertyTypeAlias="passwordRetrievalAnswer" />
The properties mentioned in the config file (e.g. umbracoLastLoginPropertyTypeAlias, umbracoPasswordRetrievalAnswerPropertyTypeAlias, etc.) are added to the member type. So now when a user is registered all the properties are filled. BUT...also the password retrieval answer is there. In plain text. Why is this one not stored according to the chosen password format. I mean the password answer is almost as good as a password.
Is there a way to have this stored in a salted or hashed way as well, but still being able to use the ResetPassword feature of the Membership Provider?
If you really want to do what you acquired, then you have to write your custom membership provider that inherits from the UmbracoMembershipProvider. Then you have to overwrite the passwort reset features (methods) as well as the update user profile properties methods to store the password answer in a hashed way.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted