locked
Use WebSecurity.PasswordReset without the mail service RRS feed

  • Question

  • User2129316869 posted

    This is the normal template for password reset from MS Starter Site Template:

    
    
    @{
        Layout = "~/_SiteLayout.cshtml";
        Page.Title = "Password Reset";
    
        var passwordResetToken = Request.Form["resetToken"] ?? Request.QueryString["resetToken"];
    
        bool tokenExpired = false;
        bool isSuccess = false;
    
        // Setup validation
        Validation.RequireField("newPassword", "The new password field is required.");
        Validation.Add("confirmPassword",
            Validator.EqualsTo("newPassword", "The new password and confirmation password do not match."));
        Validation.RequireField("passwordResetToken", "The password reset token field is required.");
        Validation.Add("newPassword",
            Validator.StringLength(
                maxLength: Int32.MaxValue,
                minLength: 6,
                errorMessage: "New password must be at least 6 characters"));
    
        if (IsPost && Validation.IsValid()) {
            AntiForgery.Validate();
            var newPassword = Request["newPassword"];
            var confirmPassword = Request["confirmPassword"];
    
            if (WebSecurity.ResetPassword(passwordResetToken, newPassword)) {
                isSuccess = true;
            } else {
                ModelState.AddError("passwordResetToken", "The password reset token is invalid.");
                tokenExpired = true;
            }
        }
    }
    

    Please how can I edit so as to use it without setting up SMTP. Thanks.

    Wednesday, July 9, 2014 5:59 AM

Answers

  • User895691971 posted

    That would be easy. Actually this page, (I think) is a part of the ForgotPassword.cshtml page where the user is sent to the page to reset the password and is told to contact the Admin, because Admin would set the SMTP credentials to sent the token required to change the password.

    But you can always change the way you implement that method to your Web Application. The actual code that would do the trick is, the following code snippet.

    WebSecurity.ChangePassword(username, oldPassword, newPassword);

    This method changes the password for the user account. That's all!

    What actually the ASP.NET Web Pages team might have done while creating the website, was to ensure the security of your application. Even if you just updated the page content and left the /Account/ Directory as it is. You'll still get alot of Security for your Application. For that they used the Token to be sent to the user at his Email account to make sure, only HE can be able to change the Password for his account. But if you don't want that, then...

    // the simple page data is as
    
    @{ 
       var username = Request["username"];
       var oldPass = Request["oldPass"];
       var newPass = Request["newPass"];
    
       // try it
       if(WebSecurity.ChangePassword(username, oldPass, newPass) {
         // note that, this method would provide you either true or false values. so,
         // using them like this is the best method to ensure password was/was not changed.
         Response.Write("Ok, password changed!");
       } else {
         Response.Write("Sorry, password was not changed, please recheck the values.");
       }
    }

    This would work and it would change the password for the user that you're trying to allow. It won't also use the Email Service either. 

    For more on this, please read the following link: http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.changepassword(v=vs.111).aspx

    It got a lot of information about the thing you're doing. More over have a look at the exception that you might encounter while you're on your working journey.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 9, 2014 10:14 AM
  • User895691971 posted

    A null reference error occurs when you pass a null variable. Make sure that you're having values filled up correctly in the variables that are passed to the method WebSecurity.ChangePassword. 

    I would go with this block

    if(email != null && password != null && confirmPassword != null) {
      // change password here...
    }

    This would check whether the value is null or not. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 10, 2014 4:52 AM

All replies

  • User895691971 posted

    That would be easy. Actually this page, (I think) is a part of the ForgotPassword.cshtml page where the user is sent to the page to reset the password and is told to contact the Admin, because Admin would set the SMTP credentials to sent the token required to change the password.

    But you can always change the way you implement that method to your Web Application. The actual code that would do the trick is, the following code snippet.

    WebSecurity.ChangePassword(username, oldPassword, newPassword);

    This method changes the password for the user account. That's all!

    What actually the ASP.NET Web Pages team might have done while creating the website, was to ensure the security of your application. Even if you just updated the page content and left the /Account/ Directory as it is. You'll still get alot of Security for your Application. For that they used the Token to be sent to the user at his Email account to make sure, only HE can be able to change the Password for his account. But if you don't want that, then...

    // the simple page data is as
    
    @{ 
       var username = Request["username"];
       var oldPass = Request["oldPass"];
       var newPass = Request["newPass"];
    
       // try it
       if(WebSecurity.ChangePassword(username, oldPass, newPass) {
         // note that, this method would provide you either true or false values. so,
         // using them like this is the best method to ensure password was/was not changed.
         Response.Write("Ok, password changed!");
       } else {
         Response.Write("Sorry, password was not changed, please recheck the values.");
       }
    }

    This would work and it would change the password for the user that you're trying to allow. It won't also use the Email Service either. 

    For more on this, please read the following link: http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.changepassword(v=vs.111).aspx

    It got a lot of information about the thing you're doing. More over have a look at the exception that you might encounter while you're on your working journey.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 9, 2014 10:14 AM
  • User2129316869 posted

    I have tried it:

    @{
        Layout = "~/_NoNavLayout.cshtml";
        Page.Title = "Register";
    
        // Initialize general page variables
        var email = "";
        var password = "";
        var confirmPassword = "";
         email = Request.Form["email"];
            password = Request.Form["password"];
            confirmPassword = Request.Form["confirmPassword"];
        // Setup validation
        Validation.RequireField("email", "You must specify an email address.");
        Validation.RequireField("password", "Password cannot be blank.");
        Validation.Add("confirmPassword",
            Validator.EqualsTo("password", "Password and confirmation password do not match."));
        Validation.Add("password",
            Validator.StringLength(
                maxLength: Int32.MaxValue,
                minLength: 6,
                errorMessage: "Password must be at least 6 characters"));
    
    
        if (IsPost) {
    
            if (Validation.IsValid()) {
    
                if(WebSecurity.ChangePassword(email, password, confirmPassword)) {
    
           ModelState.AddFormError("Ok, password changed!");
    
       } else {
           ModelState.AddFormError("Sorry, password was not changed, please recheck the values.");
    
       }
       } 
    
    
            }
    }

    but it returns a null reference exception:

    Wednesday, July 9, 2014 11:35 AM
  • User895691971 posted

    A null reference error occurs when you pass a null variable. Make sure that you're having values filled up correctly in the variables that are passed to the method WebSecurity.ChangePassword. 

    I would go with this block

    if(email != null && password != null && confirmPassword != null) {
      // change password here...
    }

    This would check whether the value is null or not. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 10, 2014 4:52 AM
  • User2129316869 posted

    I already did that before but still received the same error. I printed the values of the variables to the browser and they were not empty. The values were printed.

    Thanks

    Thursday, July 10, 2014 5:19 AM
  • User895691971 posted

    In that case can you please give the code? So that I can test it somewhere in my machine and come with a solution.

    Tuesday, July 15, 2014 2:12 PM