+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Sql membership provider and password reset not working

Sql membership provider and password reset not working

3 posts, 0 answered
  1. David
    David avatar
    29 posts
    Registered:
    28 Apr 2009
    05 Feb 2014
    Link to this post
    I am using sitefinity 6.3 with a sql membership provider and trying to enable password reset. I followed the instructions at http://www.sitefinity.com/blogs/slavo-ingilizovs-blog/2011/04/20/using_the_asp_net_sql_membership_provider_in_sitefinity to setup the membership provider. This is my provider line:
            <add name="AspNetAuth" connectionStringName="AspNetAuth" type="System.Web.Security.SqlMembershipProvider" applicationName="CUWebApp" maxInvalidPasswordAttempts="5" minRequiredNonalphanumericCharacters="1" minRequiredPasswordLength="7" passwordAttemptWindow="10" passwordFormat="Hashed" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" enablePasswordRetrieval="false" enablePasswordReset="true"/>

    This is my line in app settings
        <add key="AspNetAuth_RecoveryMailAddress" value="webmaster@somedomain.com"/>

    The provider works fine however when i use the forgot your password link on the login widget with claims authentication it doesnt do anything, just reposts and asks for the email again, no email is ever set and the password is not changed. I did a little debugging and the problem appears to be in this method of the LoginWidget




    private void SendRecoveryMailBtn_Click(object sender, System.EventArgs e)

            {

                UserManager manager = UserManager.GetManager(this.MembershipProvider);

                User userByEmail = manager.GetUserByEmail(this.MailText.Text);

                if (userByEmail == null)

                {

                    this.LostPasswordError.Text = Res.Get<ErrorMessages>().EmailNotFound;

                    this.LoginWidgetPanel.Visible = false;

                    this.LostPasswordPanel.Visible = true;

                    return;

                }

                if (string.IsNullOrEmpty(userByEmail.Password))

                {

                    this.LoginWidgetPanel.Visible = false;

                    this.LostPasswordPanel.Visible = true;

                    return;

                }

                this.PasswordResetSentPanel.Visible = true;

                this.LoginWidgetPanel.Visible = false;

                this.LostPasswordPanel.Visible = false;

                this.SendPasswordRecoveryEmail(userByEmail);

            }

    The line that says  "if (string.IsNullOrEmpty(userByEmail.Password))" is evaluating to false in my testing so the form never proceeds. If i use the build int membership provider it proceeds correctly and an email goes out with a link to reset my password. Is there something i can do to make this work correctly? At the moment i am looking at clearing the events on the SendRecoveryMailButton then calling SendPasswordRecoveryEmail using reflection since its private. Not sure if i will blow things up doing this but so far i haven't been able to find a better solution. I also looked into using the PasswordRecoveryForm however this seems to just immediately reset a users password without verifying their identity unless i enable security questions but the registration form and edit profile form dont support those fields so i would have to modify those. 

    Any advice on what direction to go with this would be very helpful. Thanks



  2. Svetoslav Manchev
    Svetoslav Manchev avatar
    735 posts
    Registered:
    29 Nov 2016
    07 Feb 2014
    Link to this post
    Hello David,

    You could check this knowledge base for the solution you need.

    I hope the information helps.

    Regards,
    Svetoslav Manchev
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
  3. David
    David avatar
    29 posts
    Registered:
    28 Apr 2009
    07 Feb 2014 in reply to Svetoslav Manchev
    Link to this post
    Unfortunately I already have that line in my web.config and it doesn't help.  I ended up creating a custom login control inherited from the LoginWidget. I unhooked the normal base event that fires when the SendRecoveryMailBtn is clicked since it's private and wired it to my own event where i could by pass the password property check.Then I called SendPasswordRecoveryEmail using reflection since it is also private. Its a bit of a hack but it works and I don't think it will be a heavily used functionality on my site. 
3 posts, 0 answered