1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Reset Password and Login

Reset Password and Login

4 posts, 0 answered
  1. Eric
    Eric avatar
    147 posts
    Registered:
    12 Nov 2007
    20 May 2011
    Link to this post
    I have a table of existing users from another project. But the passwords are hashed and I can't copy them to the SF tables (different hashing and no salt).

    I have a strategy (I don't like it, but it should work) where I try to log in the user through the SF provider. If it fails, I check to see if the password matches the password in the old table (after hashing). I can then change the password in SF using the following code. Changing the password works, but logging in the user doesn't work. If I try logging in a second time, it works fine since the SF tables have been updated.

    It's like the user's credentials are cached or something. I tried authenticating off the reset password before changing the password to no avail. I also tried calling UserManager.GetManager().SaveChanges();

    User user = UserManager.GetManager().GetUser(username);
    string resetPassword = user.ResetPassword();
    user.ChangePassword(resetPassword, newPassword);
    response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true);

    Any ideas? Thanks.
    Eric
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    16 Jun 2017
    20 May 2011
    Link to this post
    Hi Eric,

    If you know the antilogarithm used for hashing you can decrypt the password, otherwise there is no straight forward way to get the password. 
    What is the value of the result you get both the times when you try to authenticate a user?

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Eric
    Eric avatar
    147 posts
    Registered:
    12 Nov 2007
    20 May 2011
    Link to this post
    It's a one-way hash, so I can't get the original password back.

    After changing the password, AuthenticateUser returns "Unknown". But if I make the same call to AuthenticateUser in a subsequent request, AuthenticateUser returns "Success".

    That's what makes me think there's some caching going on.
  4. Eric
    Eric avatar
    147 posts
    Registered:
    12 Nov 2007
    23 May 2011
    Link to this post
    Upon further testing, there's a relevant line that I omitted that's causing the problem. Actually the previously listed code worked. This is what doesn't work...

    User user; 
    SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true, out user);
     
    if (user == null) {
        user = UserManager.GetManager().GetUser(username);
        string resetPassword = user.ResetPassword();
        user.ChangePassword(resetPassword, newPassword);
        response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true);
    }

    If I skip the initial AuthenticateUser request, it works fine.
4 posts, 0 answered