Umbraco Membership Provider Password Reset and PasswordAnswer
Hi,
I am using the Umbraco Membership Provide in my Umbraco MVC project. One of the features for my users is the ability to reset the password in case a member has forgotten his. If a user wants to reset his password, the user first has to answer a password question. It's a quite familair pattern as far as I know.
In order to do that I have the following line in my web.config:
The properties mentioned in the config file (e.g. umbracoLastLoginPropertyTypeAlias, umbracoPasswordRetrievalAnswerPropertyTypeAlias, etc.) are added to the member type. So now when a user is registered all the properties are filled. BUT...also the password retrieval answer is there. In plain text. Why is this one not stored according to the chosen password format. I mean the password answer is almost as good as a password.
Is there a way to have this stored in a salted or hashed way as well, but still being able to use the ResetPassword feature of the Membership Provider?
If you really want to do what you acquired, then you have to write your custom membership provider that inherits from the UmbracoMembershipProvider. Then you have to overwrite the passwort reset features (methods) as well as the update user profile properties methods to store the password answer in a hashed way.
Umbraco Membership Provider Password Reset and PasswordAnswer
Hi,
I am using the Umbraco Membership Provide in my Umbraco MVC project. One of the features for my users is the ability to reset the password in case a member has forgotten his. If a user wants to reset his password, the user first has to answer a password question. It's a quite familair pattern as far as I know.
In order to do that I have the following line in my web.config:
The properties mentioned in the config file (e.g. umbracoLastLoginPropertyTypeAlias, umbracoPasswordRetrievalAnswerPropertyTypeAlias, etc.) are added to the member type. So now when a user is registered all the properties are filled. BUT...also the password retrieval answer is there. In plain text. Why is this one not stored according to the chosen password format. I mean the password answer is almost as good as a password.
Is there a way to have this stored in a salted or hashed way as well, but still being able to use the ResetPassword feature of the Membership Provider?
Hi Mounhim
If you really want to do what you acquired, then you have to write your custom membership provider that inherits from the UmbracoMembershipProvider. Then you have to overwrite the passwort reset features (methods) as well as the update user profile properties methods to store the password answer in a hashed way.
Regards
is working on a reply...