how to change member password

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Mila Pandurska 75 posts 354 karma points

Oct 28, 2019 @ 09:37

1

How to change member password

Hi,

How I can change the password for a logged in in Front end site member in Umbraco 8? In IMemberService I see only SavePassword() method but it dones't take into account the oldPassword.

Regards Mila

Copy Link
Rihab 104 posts 388 karma points

Oct 31, 2019 @ 12:27

0

Same issue.

Copy Link

Steve Megson 151 posts 1024 karma points MVP c-trib

Oct 31, 2019 @ 12:54

There's a ChangePassword method on MembershipHelperwhich should do the job. Something like this:

var passwordModel = new ChangingPasswordModel { OldPassword = "foo", NewPassword = "bar" };
var result = Umbraco.MembershipHelper.ChangePassword(username, passwordModel, Constants.Conventions.Member.UmbracoMemberProviderName);

Copy Link

Mila Pandurska 75 posts 354 karma points

Oct 31, 2019 @ 13:06

Hi,

I managed to change password with the following code:

var provider = MembershipProviderExtensions.GetMembersMembershipProvider();
                    if (provider.IsUmbracoMembershipProvider())
                    {
                        bool result = provider.ChangePassword(username, model.OldPassword, model.NewPassword);
                        if (result)
                        {
                            ViewBag.Success = true;
                            return CurrentUmbracoPage();
                        }
                    }

The problem that I have now is that event though the oldPassword is wrong it updates my password with the new one.

I am a bit confused what providers, services, methods I should use in Umbraco 8 in order to handle this. What is the recommended way?

Mila

Copy Link

Mila Pandurska 75 posts 354 karma points

Nov 04, 2019 @ 09:23

I search the Umbraco 8 source code and find this in UmbracoMembershipProvider.

protected override bool PerformChangePassword(string username, string oldPassword, string newPassword)
    {
        //NOTE: due to backwards compatibility reasons (and UX reasons), this provider doesn't care about the old password and
        // allows simply setting the password manually so we don't really care about the old password.
        // This is allowed based on the overridden AllowManuallyChangingPassword option.

        // in order to support updating passwords from the umbraco core, we can't validate the old password
        var m = MemberService.GetByUsername(username);
        if (m == null) return false;

        string salt;
        var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt);

        m.RawPasswordValue = FormatPasswordForStorage(encodedPassword, salt);
        m.LastPasswordChangeDate = DateTime.Now;

        MemberService.Save(m);

        return true;
    }

Here the old password is not checked. I need to validate the oldPassword. How I can do that?

Mila

Copy Link

Damien Holley 180 posts 541 karma points

Sep 06, 2020 @ 09:45

0

+1 to this.

Copy Link
Damien Holley 180 posts 541 karma points

Sep 06, 2020 @ 09:49

0

Possibly use Members.ChangePassword([username], [changingpasswordmodel], [MembersMembershipProvider])

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?