none
Password Recovery

    Question

  •  

    Hi,

     

    Password Recovery does not seem to be working 100% but I can't seem to narrow it down.  It almost seems that it will work if the answer is only 5 characters.  The front end starter site states: Your answer could not be verified. Please try again.

     

    Also, I am using the default page (RecoverPassword.aspx) from the Starter Site - with no code modifications.

     

    The event in the Event Viewer is as follows;

     

    An exception occurred in the UPM Membership Provider: System.Web.Security.MembershipPasswordException: Invalid password answer was supplied.
       at Microsoft.CommerceServer.Runtime.Profiles.UpmMembershipUser.ResetPassword(String passwordAnswer)
       at System.Web.Security.MembershipUser.ResetPassword(String passwordAnswer, Boolean useAnswer, Boolean throwOnError)
       at System.Web.UI.WebControls.PasswordRecovery.AttemptSendPasswordQuestionView()
       at System.Web.UI.WebControls.PasswordRecovery.AttemptSendPassword()
       at System.Web.UI.WebControls.PasswordRecovery.OnBubbleEvent(Object source, EventArgs e)
       at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
       at System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest()
       at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
       at System.Web.UI.Page.ProcessRequest(HttpContext context)
       at ASP.user_recoverpassword_aspx.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
       at System.Web.HttpApplication.ResumeSteps(Exception error)
       at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
       at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
       at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
       at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Wednesday, August 29, 2007 8:48 PM

Answers

  • Once I turned off encryption to that field, everthing started working (My encryption keys are set properly I believe since, all other functionality - logging in and checkout worked without issue).

     

    Though based on your response - I am now wondering if the lowercase issue was biting me during my troubleshooting.

    Friday, August 31, 2007 1:32 PM

All replies

  • Xcel,

     

    This could be caused by all sorts of things.

     

    Are your profile encryption keys properly set up?  (I think this throws a different exception, but just throwing out ideas)

     

    Is your web configuration file properly set up to allow password reset?  (Again, this throws a different exception, but still worth looking at).

     

    How are you setting password answer in the first place?  UpmMembershipProvider, or are you setting the profile property manually? 

     

    That last one has given me a headache before: UpmMembership provider automatically converts the password answer to lowercase, but you have to do this manually if you set the profile property directly, so even if the passwords were the same, one will hash against an all-lowercase string.  That's documented on somebody's blog, but that bug made it pretty far into the stabilization phase of my last project before we figured that out.

     

     

    Wednesday, August 29, 2007 9:33 PM
  • Once I turned off encryption to that field, everthing started working (My encryption keys are set properly I believe since, all other functionality - logging in and checkout worked without issue).

     

    Though based on your response - I am now wondering if the lowercase issue was biting me during my troubleshooting.

    Friday, August 31, 2007 1:32 PM