Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Nik 1522 posts 6752 karma points MVP 5x c-trib
    Oct 24, 2017 @ 13:50
    Nik
    0

    Changing useLegacyEncoding from True to False

    Hi All,

    I'm looking for some advise on what is the best way to update a site that is currently using useLegacyEncoding set to True and change it to useLegacyEncoding = False. (back office users)

    As I understand it, if I make that change all current passwords for back office users will become invalid. So my question is, how do I get back into the back office after making this change so I can set all the passwords again?

    Thanks,

    Nik

  • Ali 22 posts 114 karma points
    Oct 24, 2017 @ 13:58
    Ali
    1

    Hi i have upgraded from 6.1.6 to 7.7.3 and did following:

    I had this:

        <!--<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Kunde" passwordFormat="Hashed" MinRequiredNonalphanumericCharacters="0" MinRequiredPasswordLength="1" passwordStrengthRegularExpression=""/>
        <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" minRequiredNonalphanumericCharacters="0" MinRequiredPasswordLength="1" passwordStrengthRegularExpression=""/>
        -->
    

    That I changed to this:

        <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="1" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Kunde" passwordFormat="Hashed" allowManuallyChangingPassword="false"/>
        <add name="UsersMembershipProvider" useLegacyEncoding="true" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco"/>
    

    I had to add useLegacyEncoding="true" in second line in order to be able to log in backoffice.

    Br Ali

  • Nik 1522 posts 6752 karma points MVP 5x c-trib
    Oct 24, 2017 @ 15:02
    Nik
    0

    Hi Ali,

    That's not quite what I'm asking, but thanks. I'm looking to move from the legacy encoding to the more secure non-legacy. But I'm wondering if anyone has attempted this and managed it without locking themselves out of the back office. If they have, how did they get around it without going back to legacy encoding.

    Thanks,

    Nik

  • [email protected] 396 posts 2073 karma points MVP 6x c-trib
    Oct 25, 2017 @ 07:07
    jeffrey@umarketingsuite.com
    0

    Hi Nik,

    when you change the way passwords are hashed (by changing true to false) the old passwords cannot be revalidated again when logging on with the password, because the hashes just don't match.

    So upgrading will give you headaches for all existing users and there's no easy upgrade path. There are some options though:

    1) Change the setting and ask all your users to use the "Forgot password"-functionality to generate new passwords for everyone. Or you could do it only for yourself, and then giving everyone a new password via Umbraco and send the password to them.

    2) Wait a bit longer before you change this until it's possible in Umbraco to update the hashing algorithm without breaking existing logins. Currently the first step of this issue is implemented; http://issues.umbraco.org/issue/U4-8643. So the way the password is hashed is stored in the table. The only thing left to do is now to implement code to look if there's a difference in algorithm. Hopefully that will be implemented somewhere in 7.7.x.

    Hope this helps a bit,

    Jeffrey

Please Sign in or register to post replies

Write your reply to:

Draft