Umbraco appears (happy to be corrected if I'm wrong) to have a bug in it's Membership provider where hashed passwords are somehow corrupted (possibly hashed twice??) by the ResetPassword function. Therefore the password which is returned is incorrect.
It works perfectly with clear passwords, so it feels like it's a ploblem with the hashing method.
I finally came up with a solution of my own. Thanks to two posts (this and this) who pointed me in the right direction. With the hash bug still being around I don't think it's possible to do it in another way.
On the OnSendingMail event I'm setting the password directly on the Member object, which seems to be the only way to make it right.
The OnVerifyingUser is there because I wan't my users to enter there email instad of their username. It's easier to remember.
The text strings are in swedish, if you need translation I could help you ;)
<asp:PasswordRecovery runat="server" id="PasswordRecovery1" OnSendingMail="PasswordRecovery1_SendingMail" OnVerifyingUser="PasswordRecovery1_VerifyingUser"> <usernametemplate> <div style='width:300px;'> <div> Ange din e-postadress för kontot. Ett nytt lösenord kommer att skickas till dig som du sedan kan ändra till något som du lättare kommer ihåg. </div> <div class="fields" style='margin-top:20px;'> E-post: <asp:textbox runat="server" id="UserName" CssClass="loginLightBox_username"></asp:textbox> <asp:requiredfieldvalidator runat="server" controltovalidate="UserName" errormessage="E-post" id="UserNameRequired">*</asp:requiredfieldvalidator> </div> <div class="fields" style='color:red;'> <asp:literal runat="server" id="FailureText" EnableViewState="False"></asp:literal> </div> <div class="fields" style='margin-top:20px;'> <asp:button runat="server" commandname="Submit" text="Submit" id="Button"></asp:button> </div> </div> </usernametemplate> <SuccessTemplate> <div style='margin-bottom:20px;'>Ett nytt lösenord har skickats till dig!</div> <asp:HyperLink id="btnLogin" runat="server" Text="Logga in" /> </SuccessTemplate> </asp:PasswordRecovery>
Password Reset with hasshed password
Hello!
I have a lot of trouble to implement a successfull password reset when using hashed passwords. Clear text is not an option for me.
Has anyone a working solution? Would be greatly appreciated
Have you checked if the provider has implemented it correctly?
Umbraco appears (happy to be corrected if I'm wrong) to have a bug in it's Membership provider where hashed passwords are somehow corrupted (possibly hashed twice??) by the ResetPassword function. Therefore the password which is returned is incorrect.
It works perfectly with clear passwords, so it feels like it's a ploblem with the hashing method.
Tim
Here is a codeplex work item which I think describes the problem.
Tim
I have submitted a patch for this (ID:4475) - hopefully it'll get incorporated in the next release.
Tim
I've also found this post on a workaround that you can use now.
http://our.umbraco.org/forum/developers/extending-umbraco/2641-Password-Reset-saving-incorrect-password
Tim
I finally came up with a solution of my own. Thanks to two posts (this and this) who pointed me in the right direction. With the hash bug still being around I don't think it's possible to do it in another way.
On the OnSendingMail event I'm setting the password directly on the Member object, which seems to be the only way to make it right.
The OnVerifyingUser is there because I wan't my users to enter there email instad of their username. It's easier to remember.
The text strings are in swedish, if you need translation I could help you ;)
I saw your post after I posted mine, so there seems to be at least three solutions to the problem then.
I tried your code, Kenneth but got this answer:
Membership provider does not support password retrieval or reset.
Is this because I use hasched passwords?
Arrgh!
Ignore post..
enablePasswordReset=true in web.config..
is working on a reply...