Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP:ChangePassword control and changing another user's password

Reply
Thread Tools

ASP:ChangePassword control and changing another user's password

 
 
Savvoulidis Iordanis
Guest
Posts: n/a
 
      12-02-2009
In my application, the "Manager" membership user, is the one that creates all
the other users. They don't have the ability to register themselves. Only
through the Manager. So if so a user's password, must be altered later, the
Manager opens the users list page, selects the user and a ChangePassword
control is displayed, having the DisplayUserName property set to true (the
user name textbox is displayed). So, the Manager types the name of the user
to change his password, and supplies all the other password data and clicks
on the "Change Password" button. So far so good.

But, as the help file also mentions :
"After the password for the given user name is changed, the user is logged
on to the account associated with the changed password, even if the user was
not logged on to that account previously.",

this has the sideffect of, having the Manager log out of the application and
logged in again as the user whose password was changed, also trying to stay
on the same page (which is a page to be displayed only for Manager user!!!),
so I get an authorization error. It couldn't be worse!

Is there any way to avoid this, and leave the Manager as is, to continue his
work?

TIA
Iordanis

 
Reply With Quote
 
 
 
 
Gregory A. Beamer
Guest
Posts: n/a
 
      12-02-2009
=?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=
<(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Is there any way to avoid this, and leave the Manager as is, to
> continue his work?


Yes. You can use the Membership bits directly and call the methods on
them rather than using the drag and drop controls. A bit more work, but
you will be happier with it.

I have an example at home on a CD, if I can find it. We set up so an
administrator could search for a user by name, email, etc and then
change the password without logging in as the user. In fact, I had it so
it could be done on a completely different site <bg>, as we had multiple
sites using the same Membership bits (custom wrapping the built in
bits), but different databases.

The only thing I am not sure of is whether the customization was
necessary to change a user's information.

If I get a chance, I will resurrect it and post a bit of code.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
Reply With Quote
 
 
 
 
Savvoulidis Iordanis
Guest
Posts: n/a
 
      12-03-2009
Thanks! Can't wait...
 
Reply With Quote
 
Registered User
Guest
Posts: n/a
 
      12-03-2009
On Wed, 2 Dec 2009 13:12:01 -0800, Savvoulidis Iordanis
<(E-Mail Removed)> wrote:

>In my application, the "Manager" membership user, is the one that creates all
>the other users. They don't have the ability to register themselves. Only
>through the Manager. So if so a user's password, must be altered later, the
>Manager opens the users list page, selects the user and a ChangePassword
>control is displayed, having the DisplayUserName property set to true (the
>user name textbox is displayed). So, the Manager types the name of the user
>to change his password, and supplies all the other password data and clicks
>on the "Change Password" button. So far so good.
>
>But, as the help file also mentions :
>"After the password for the given user name is changed, the user is logged
>on to the account associated with the changed password, even if the user was
>not logged on to that account previously.",
>
>this has the sideffect of, having the Manager log out of the application and
>logged in again as the user whose password was changed, also trying to stay
>on the same page (which is a page to be displayed only for Manager user!!!),
>so I get an authorization error. It couldn't be worse!
>
>Is there any way to avoid this, and leave the Manager as is, to continue his
>work?
>

As you have determined the ChangePassword control is intended to be
used by the account holder. To avoid the problem don't use that
control for this purpose.

What sort of interface is used by the manager to register users? This
management interface needs to be able to perform CRUD operations on
user membership records. This is best done by programmatically using a
MembershipProvider directly. Depending upon your situation a custom
MembershipProvider may be more suitable.

Either way a UI will need to be created to manage MembershipUser
instances.

regards
A.G.
 
Reply With Quote
 
Savvoulidis Iordanis
Guest
Posts: n/a
 
      12-03-2009
By the way, how can I hide the cancel button in the ChangePassword control?
Before creating a ChangePassword.aspx page, I used to open the control in a
popup, so the Cancel button was not needed. I clicked outside the popup
window to close it.

What I use is :

CType(ChangePassword1.FindControl("CancelPushButto n"), button).Visible = False

where "CancelPushButton" is the templated cancel button name, but it didn't
work (either in template mode or not)
 
Reply With Quote
 
Savvoulidis Iordanis
Guest
Posts: n/a
 
      12-03-2009
Using the following simple code, I' ve managed to do what I want, without
reinventing the wheel and still use the control!! I just used the
ChangingPassword event, in which I manually do what I want to do, and then
cancel it and return to the SuccessUrl set. But anyway if this approach has
any hidden disadvantage, I'd like to here what anyone has to say. Code
follows :

Protected Sub ChangePassword1_ChangingPassword(ByVal sender As Object, ByVal
e As System.Web.UI.WebControls.LoginCancelEventArgs) Handles
ChangePassword1.ChangingPassword
Dim u As MembershipUser
Dim ls_random_pass As String

Try
u = Membership.GetUser(ChangePassword1.UserName)

If u IsNot Nothing Then

ls_random_pass = u.ResetPassword()
u.ChangePassword(ls_random_pass, ChangePassword1.NewPassword)
End If

e.Cancel = True
' πήγαινε στη σελίδα των χρηστών
Response.Redirect(IIf(Not
String.IsNullOrEmpty(ChangePassword1.SuccessPageUr l),
ChangePassword1.SuccessPageUrl, ChangePassword1.ContinueDestinationPageUrl))

Catch ex As Exception
' display a message somewhere
End Try

End Sub

PS. How can I disable the UserName control in the ChangePassword control?
That's because I want to set it only through code.
 
Reply With Quote
 
Gregory A. Beamer
Guest
Posts: n/a
 
      12-03-2009
=?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=
<(E-Mail Removed)> wrote in news:8F81F8EE-
http://www.velocityreviews.com/forums/(E-Mail Removed):

> Thanks! Can't wait...


I will likely blog it and link here, as this issue comes up again and again
in forums.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change a users password without knowing the old password nor the answer to the password question AAaron123 ASP .Net 1 01-16-2009 02:56 PM
Changing a users password without knowing the old password nor the answer to the password question AAaron123 ASP .Net 2 01-16-2009 02:08 PM
How to force a load of one control from another control on another form? et ASP .Net 1 06-29-2005 07:45 PM
How to force a load of one control from another control on another form? et ASP .Net Datagrid Control 0 06-29-2005 06:05 PM
Access a control inside an usercontrol from another control inside another usercontrol nail ASP .Net 0 09-15-2004 03:55 PM



Advertisments