Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mikhail 5 posts 97 karma points
    Oct 28, 2019 @ 11:37
    Mikhail
    1

    Change members password programmatically

    I'm new in Umbraco. I need to implement changing members password.

    I have the endpoint:

    public BaseResponse Put(UpdatePasswordModel model)
        {
            var response = new BaseResponse();
    
            if (!ModelState.IsValid)
            {
                response.Code = ErrorCode.WrongUsernameOrPassword;
                response.Message = "Wrong username or password!";
                return response;
            }
    
            var member = _memberService.GetByUsername(model.UserName);
    
            if (member == null)
            {
                response.Code = ErrorCode.MemberNotFound;
                response.Message = $"Member {model.UserName} not found";
    
                return response;
            }
    
            var passwordModel = new ChangingPasswordModel { NewPassword = model.NewPassword, OldPassword = model.OldPassword };
            _membershipHelper.ChangePassword(model.UserName, passwordModel, "UmbracoMembershipProvider");
    
            response.Code = ErrorCode.Success;
    
            return response;
        }
    

    UpdatePasswordModel contains UserName, OldPassword, NewPassword.

    Has ChangePassword metdod some validation for old and new passwords? What is the best way to change members password?

  • Alex Skrypnyk 5772 posts 21986 karma points MVP 4x admin c-trib
    Nov 07, 2019 @ 14:55
    Alex Skrypnyk
    0

    Hi Mikhail

    There is a param in Umbraco Security Settings that can specify a regular expression for a password - "passwordStrengthRegularExpression"

    https://our.umbraco.com/Documentation/Reference/Security/Security-settings/

    But I'm not sure that it will work if you change a password through the code.

    Thanks,

    Alex

  • Alex Skrypnyk 5772 posts 21986 karma points MVP 4x admin c-trib
    Nov 12, 2019 @ 21:45
    Alex Skrypnyk
    0

    Hi Mikhail

    Let us know if you found a solution.

    Thanks, Alex

  • Anton 3 posts 75 karma points
    Nov 26, 2019 @ 14:19
    Anton
    1

    You can checking correct username and password:

    if (System.Web.Security.Membership.ValidateUser(model.UserName, model.PasswordOld)) {

    _membershipHelper.ChangePassword(model.UserName, passwordModel, "UmbracoMembershipProvider");

    }

  • Mikhail 5 posts 97 karma points
    Nov 26, 2019 @ 14:20
    Mikhail
    101

    So the main problem was that the ChangePassword method did not validate the old password. We decided to use the next approach:

    var attempt = new Attempt<PasswordChangedModel>();
                if (Membership.ValidateUser(model.UserName, model.PasswordOld))
                {
                    attempt = membershipHelper.ChangePassword(model.UserName, passwordModel, membershipProviderName);
                }
    
    if (!attempt.Success)
                {
                    throw new ChangeMembersPasswordException("Failed to change password!!");
                }
    
Please Sign in or register to post replies

Write your reply to:

Draft