More in this section

Forums / Developing with Sitefinity / Custom change password widget and backend permissions

Custom change password widget and backend permissions

3 posts, 0 answered
  1. Daniel Tharp
    Daniel Tharp avatar
    21 posts
    Registered:
    24 May 2006
    09 Aug 2012
    Link to this post
    I created a simple change password widget requiring the user to enter in their old password, a new password and confirm password and I get the error that says "You are not authorized to 'Manage Users' ('Backend')."

    UserManager userManager = UserManager.GetManager("Default");
     
    User user = userManager.GetUser(userId);
     
    bool result = userManager.ChangePassword(userId, oldPassword, newPassword);
     
    if (result)
    {
         userManager.SaveChanges();
    }
     
    return result;

    I don't know where to go from here.
  2. Randy Hodge
    Randy Hodge avatar
    96 posts
    Registered:
    03 Nov 2014
    14 Aug 2012
    Link to this post
    Hi Daniel,

    By default anonymous users are not allowed to manage users. When you are not logged in, you are an anonymous user. You can grant needed rights for a given role (Anonymous) from Settings  >> Permissions section of Sitefinity's backend. Or grant the rights to users who would then have to be logged in to change their password.

    Or you can get around the security check for just this action in code:
    userManager.Provider.SuppressSecurityChecks = true;
    userManager.SaveChanges();
    userManager.Provider.SuppressSecurityChecks = false;

    Regards,
    Randy Hodge
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Chad
    Chad avatar
    9 posts
    Registered:
    23 Aug 2012
    14 Aug 2012
    Link to this post
    Thanks for the insight and I will try the code you provided. One thing I don't understand is that the user is logged in and still can't change their password. I tried going to the Settings >> Permissions area but I get a error when the page loads that says "This instance is not initialized." Any ideas on how I can fix this?
3 posts, 0 answered