locked
Using MembershipUser as class variable RRS feed

  • Question

  • User-1598327559 posted

    I'm attempting to create a custom wizard as a "forgotten password" type wizard using asp.net and C# Codebehind for a school project.  I've already went through the process of setting my password format to encrypted, machinekey etc... If I take all my controls out of the wizard and place all my code in one mod it executes just fine.  However, I can't seem to figure out how to split the code into appropriate mods for the wizard.

    The below code successfully updates my security quesition on the second page of the wiard.  However, when you click "Submit" and activate FinishButton_Click I get a "Object reference not set to an instance of an object." caused by Line 40: string answer = user.GetPassword(RecoveryAnswer.Text).ToString(); It doesn't matter if the answer is correct or not.

    The only thing I can think of is that somehow I'm not declaring my class variable user correctly and somehow its being destroyed in the process of switching wizard pages but not sure how to fix it.  Any help would be appreciated.

    ASP.NET controls:

    <asp:Wizard ID="PasswordRecoveryWizard" runat="server" DisplaySideBar="False" Width="280px" 
        OnFinishButtonClick="FinishButton_Click" 
        OnNextButtonClick="NextButton_Click">
        <FinishNavigationTemplate>
          <asp:Button ID="FinishButton" runat="server" CommandName="MoveComplete" 
            Text="Submit" />
        </FinishNavigationTemplate>
        <StepNavigationTemplate>
          <asp:Button ID="StepNextButton" runat="server" CommandName="MoveNext" 
            Text="Next" />
        </StepNavigationTemplate>
        <WizardSteps>
          <asp:WizardStep ID="Username" runat="server" StepType="Start">
            <asp:Label ID="NoUser" runat="server" Visible="false" Text="Username does not exist!" /><br />
            Enter your username: <asp:TextBox ID="RecoveryUsername" runat="server" />
          </asp:WizardStep>
          <asp:WizardStep ID="SecurityQuestion" runat="server" StepType="Finish"  >
            User:<asp:Label ID="ResetUser" runat="server" />
            <br />
            Security Question:<asp:Label ID="RecoveryQuestion" runat="server" />
            <br />
            <asp:Label ID="lblRecoveryAnswer" runat="server" Text="Answer" />
            <asp:TextBox ID="RecoveryAnswer" runat="server" />
          </asp:WizardStep>
          <asp:WizardStep ID="ShowPassword" runat="server" StepType="Complete">
            <asp:Label ID="lblShowPassword" runat="server" Text="Your password is: " />
          </asp:WizardStep>
        </WizardSteps>
      </asp:Wizard>


    Applicable C# code

    namespace HermanC_CS322_Project.Account
    {
      public partial class Login : System.Web.UI.Page
      {
    private MembershipUser user; protected void NextButton_Click(object sender, WizardNavigationEventArgs e) { user = Membership.GetUser(RecoveryUsername.Text);//returns null if user doesn't exist Wizard w = (Wizard)sender; if(e.CurrentStepIndex == w.WizardSteps.IndexOf(Username)) { if (user != null) {//Displays users security question lblRecoveryAnswer.Text = Membership.GetUser(user.UserName).PasswordQuestion; } else {//Tell the user the name doesn't exist and prevent going to the next step errMsg.Text = "User does not exist!"; e.Cancel = true; } } } protected void FinishButton_Click(object sender, WizardNavigationEventArgs e) { string answer = user.GetPassword(RecoveryAnswer.Text).ToString(); //Compare users inputted answer to stored answer if (answer != null) { lblShowPassword.Text = answer; } else { errMsg.Text = "Invalid Answer!"; e.Cancel = true; } }
    }
    }

    Also, I realize that encrypting userpasswords isn't as secure as the default hashing... and in real life you wouldn't ever send a user password unencrypted to display on screen.  However, I'm trying to mimic passwordrecovery in a project that will never go live.

    Wednesday, September 18, 2013 6:29 PM

Answers

  • User-1598327559 posted

    After attempting to reinvent the wheel I figured out a much easier way to accomplish this same task.  You can practically fake out the passwordrecovery control... no need to build validation or anything else!

    asp control:
    <asp:PasswordRecovery ID="PasswordRecovery" runat="server" OnSendingMail="PasswordRecovery_SendingMail" />
    
    Code-behind:
    protected void PasswordRecovery_SendingMail(object sender, MailMessageEventArgs e)
        {
          //Cancel sending the e-mail with password
          e.Cancel = true;
    
          //Retrive the password
          MembershipUser user = Membership.GetUser(PasswordRecovery.UserName.ToString());
          string displayPassword = user.GetPassword(PasswordRecovery.Answer).ToString();
         
          //Display it on the current page
          PasswordRecovery.SuccessText = "You did it " + PasswordRecovery.UserName + 
          " your password is: " + displayPassword;
        }
    
    web.config settings:
    <configuration>
      <system.net>
        <mailSettings>
          <smtp deliveryMethod="Network" from="somefakeEmail@whereever.com" />
        </mailSettings>
      </system.net>
    </configuration>



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 18, 2013 7:59 PM

All replies

  • User-1598327559 posted

    After attempting to reinvent the wheel I figured out a much easier way to accomplish this same task.  You can practically fake out the passwordrecovery control... no need to build validation or anything else!

    asp control:
    <asp:PasswordRecovery ID="PasswordRecovery" runat="server" OnSendingMail="PasswordRecovery_SendingMail" />
    
    Code-behind:
    protected void PasswordRecovery_SendingMail(object sender, MailMessageEventArgs e)
        {
          //Cancel sending the e-mail with password
          e.Cancel = true;
    
          //Retrive the password
          MembershipUser user = Membership.GetUser(PasswordRecovery.UserName.ToString());
          string displayPassword = user.GetPassword(PasswordRecovery.Answer).ToString();
         
          //Display it on the current page
          PasswordRecovery.SuccessText = "You did it " + PasswordRecovery.UserName + 
          " your password is: " + displayPassword;
        }
    
    web.config settings:
    <configuration>
      <system.net>
        <mailSettings>
          <smtp deliveryMethod="Network" from="somefakeEmail@whereever.com" />
        </mailSettings>
      </system.net>
    </configuration>



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 18, 2013 7:59 PM
  • User-1818759697 posted

    Hi,

    First of all, it's very glad that you figure the issue out by yourself and it would be appreciate that you could share it with us. Besides, for more information about the MembershipUser, you could refer to the following links:

    http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.aspx

    http://msdn.microsoft.com/en-us/library/ms366730(v=vs.100).aspx

    http://stackoverflow.com/questions/8090350/implementing-custom-membership-user-and-custom-membership-provider

    Regards

    Thursday, September 19, 2013 11:22 PM