Customizing the ChangePassword control and removing the required CurrentPassword field

Friday, February 15, 2008

All posts have moved to Typps

See you there.

Alessandro

10 Comments

Nice, I think most people instantly change the randomly generated password to something more useful, so just giving them a link to do this reduces the number of steps necessary :) You could also put a link in the e-mail that cancels the token in case the user didn't request it himself!

Filip Duyck - Friday, February 15, 2008 9:00:31 PM

Filip, yes, the email for token invalidation is a very good idea indeed. Many thanks :D

alessandro - Friday, February 15, 2008 10:31:39 PM

Is there any way to prevent the password reset from logging in the user whose password we are resetting?

I really want to use this example in ad administrative section but logging out the admin is not desirable.

Otherwise this code works perfect as advertised.

Thanks

JAndrews - Monday, February 18, 2008 2:38:09 PM

JAndrews, Yes, you can do that. Basically the control is logging in the current user based on a certain condition.

It only logs the user in if the MembershipUser is approved, note that MembershipUser has an approved property or if the MembershipUser is not Locked out. So if both these conditions are true in your case, you can temporarily set approve to false on the membership user and update the membership, during the ChangingPassword event and re-enable it again immidiately in the ChantedPassword Event.

This is a workaround ofcourse, and since this is an admin feature, the extra hits to your db for these two operations might not seem like a big deal, so all in all i find this workaround feasible.

Good luck,
Alessandro

alessandro - Monday, February 18, 2008 3:05:30 PM

Do you use the PasswordRecovery control to manage the reset? If so, how do you retrieve the new (temporary) password so that you can tokenize it? I've look all over and cannot find it.

Thanks

Don Wilcox - Saturday, May 10, 2008 1:39:17 AM

I've tried the code for problem ,
it's work on "CurrentPassword" and "CurrentPasswordRequired",
but not for "CurrentPasswordLabel" (.FindControl can't find it)

I'm work it on VS2008, any idea?

thanks.

Alvin - Friday, August 1, 2008 9:29:30 AM

bakwaassssssssssssssssssssssssssss

jamsy - Monday, August 4, 2008 4:43:11 AM

An other solution for the RequiredFieldValidator is to put Junk in that field and change it in the ChangingPassword !!

How can I make an other user (depending on role) to be able to change any users passwords, because when the change is confirmed, that user becomes the logged one.

CheGueVerra - Friday, August 8, 2008 10:25:21 PM

I'm getting closer just need to learn how to make a tokenized link

Danny117 - Monday, January 5, 2009 1:20:21 AM

Good one.. i think there are very few resources on this.

sukumarraju - Wednesday, February 9, 2011 5:33:02 PM

Comments have been disabled for this content.