Hashed passwords and PasswordRecovery control

瘦欲@ 提交于 2020-01-02 07:25:16

问题



1) firstUser was created when membership module had requiresQuestionAndAnswer set to false, while secondUser was created when requiresQuestionAndAnswer was set to true.

  • If we try to recover pwd via PasswordRecovery PR control and we set requiresQuestionAndAnswer to true, then PR doesn’t email password to firstUser, but it does to secondUser.

  • If we set requiresQuestionAndAnswer to false, then PR does email pwd to secondUser (it skips the question/answer stage). But why doesn’t PR also email pwd to firstUser?


2) I’ve read somewhere that if membership provider stores password in hashed form, then the PR will generate a new pwd and email it to the user. But instead I get an exception. Is there some property we must configure for PR to generate new pwd and email it?


thanx


UPDATE:

1) For some reason it works now. Namely, if we set requiresQuestionAndAnswer to false, then PR also sends email to firstUser


2) If passwords are stored in hashed form, then if:

a) enablePasswordRetrieval="true" and enablePasswordReset is set to either true or false --> PR generates exception
b) if enablePasswordRetrieval="false" and enablePasswordReset="false" --> PR generates exception
c) if enablePasswordRetrieval is set to false and enablePasswordReset is set to true, then PR automatically generates new pwd and emails it.


Similarly, if pwd is not hashed, but we have enablePasswordRetrieval="false", then enablePasswordReset must be set to true (so that PR generates a new pwd and emails it), else we get an exception


回答1:


if you want to generate your own password and you have q&a set to true, you need to make a second membership provider.

Here is a link: http://peterkellner.net/2007/02/15/resetpasswordaspnet/



来源:https://stackoverflow.com/questions/1534015/hashed-passwords-and-passwordrecovery-control

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!