Search code examples
asp.netsql-server-cepassword-recovery

Asp .Net Password Recovery new password does not work


I'm implementing a password recovery page on a site I'm developing using a sample. I set up the page so it emails the user with the new password, which is great. The password is hashed so I can not see what is in the database of course.

Well, the new password doesn't work. Haha. Been working on this one issue for over two hours and need to move onto another aspect of the project. Has anyone else had this issue?

<%@ Page Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeFile="RecoverPassword.aspx.cs" Inherits="RecoverPassword" Title="Untitled Page" %>

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" Runat="Server">
    <h2>Recover Your Password</h2>
    <p>
        <asp:PasswordRecovery ID="RecoverPwd" runat="server" 
            onsendingmail="RecoverPwd_SendingMail">
            <MailDefinition BodyFileName="~/EmailTemplates/PasswordRecovery.txt" 
                Subject="Your password has been reset...">
            </MailDefinition>
        </asp:PasswordRecovery>
    </p>
</asp:Content>

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class RecoverPassword : System.Web.UI.Page
{
    protected void RecoverPwd_SendingMail(object sender, MailMessageEventArgs e)
    {
        e.Message.CC.Add("[email protected]");
    }
}

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <add name="DefaultMembershipProvider" 
         type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=XXXXXXXXXX" 
         connectionStringName="DefaultConnection" 
         enablePasswordRetrieval="false" 
         enablePasswordReset="true" 
         requiresQuestionAndAnswer="false" 
         requiresUniqueEmail="true" 
         maxInvalidPasswordAttempts="5" 
         minRequiredPasswordLength="6" 
         minRequiredNonalphanumericCharacters="0" 
         passwordAttemptWindow="10" 
         applicationName="/"/>
  </providers>
</membership>

Solution

  • Make sure the format in the database is hashed (1), you can find this in aspnet_Membership and "PasswrodFormat".

    Also try including this attribute in your membership setting, passwordFormat="Hashed".