c# - ASP.NET Membership change password not working -


i have code changing user's password when click password reset button (with code log elmah can try figure out going wrong).

this in asp.net mvc 2, using standard aspnet membership provider, simple view this:

new password:     ______ confirm password: ______ [reset] [cancel]

the route view /account/reset/guid, guid user's id in aspnet membership database.

the key portion of code calls user.changepassword(). can see logs message when successful. problem users, success message logged, can not log in new password. other users logs success message , can log in.

if (user.changepassword(pwd, confirmpassword)) {     errorsignal.fromcurrentcontext().raise(         new exception("resetpassword - changed successfully!"));     return json(new {          msg = "you have reset password successfully." },          jsonrequestbehavior.allowget);  }

the full code listing is:

[httppost] public jsonresult resetpassword(string id, string newpassword, string confirmpassword) {     errorsignal.fromcurrentcontext().raise(new exception("resetpassword started " + id));      viewdata["passwordlength"] = membership.minrequiredpasswordlength;      if (string.isnullorwhitespace(newpassword))     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - new password blank."));         modelstate.addmodelerror("_form", "please enter new password.");         return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget);     }      if (newpassword.length < membership.minrequiredpasswordlength)     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - new password less minimum length."));         modelstate.addmodelerror("_form",              string.format("the password must @ least {0} characters long.",              membership.minrequiredpasswordlength));         return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget);     }      if (string.isnullorwhitespace(confirmpassword))     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - confirm password blank."));         modelstate.addmodelerror("_form",              "please enter same new password in confirm password textbox.");         return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget);     }      if (confirmpassword.length < membership.minrequiredpasswordlength)     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - confirm password less minimum length."));         modelstate.addmodelerror("_form",              string.format("the password must @ least {0} characters long.",              membership.minrequiredpasswordlength));         return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget);     }      if (confirmpassword != newpassword)     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - new password did not match confirm password."));         modelstate.addmodelerror("_form", "please enter same password again.");         return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget);     }      bool ismatch = validationhelper.isguid(id);     if (string.isnullorwhitespace(id) || !ismatch)     {         errorsignal.fromcurrentcontext().raise(             new exception("resetpassword - id not guid."));         modelstate.addmodelerror("_form", "an invalid id value passed in through url");     }     else     {         //id exists , kosher, see if user approved         //get id sent in querystring         guid userid = new guid(id);          try         {             //get information user             membershipuser user = membership.getuser(userid);             if (user == null)             {                 //could not find user                 errorsignal.fromcurrentcontext().raise(                     new exception("resetpassword - not find user id " + id));                 modelstate.addmodelerror("_form",                      "the user account can not found in system.");             }             else             {                 errorsignal.fromcurrentcontext().raise(                     new exception("resetpassword - user " + user.username));                 string pwd = user.resetpassword();                  if (user.changepassword(pwd, confirmpassword))                 {                     errorsignal.fromcurrentcontext().raise(                         new exception("resetpassword - changed successfully!"));                     return json(new {                          msg = "you have reset password successfully." },                          jsonrequestbehavior.allowget);                 }                 errorsignal.fromcurrentcontext().raise(                     new exception("resetpassword                      - failed change password, unknown reason"));             }         }         catch (exception ex)         {             errorsignal.fromcurrentcontext().raise(                 new exception("resetpassword: " + ex));             return json(new { error = ex.message + " -> "                  + ex.innerexception.message }, jsonrequestbehavior.allowget);         }     }      return json(new { errors = modelstate.errors() }, jsonrequestbehavior.allowget); }

edit: adding bounty try solved. 1 of annoying problems on issue list, , have no idea how proceed.

if user needs reset password, there chance account has been locked out many invalid attempts. if case, password being reset successfully, user cannot log in until lockout condition cleared.

try checking membershipuser.islockedout:

users commonly locked out , cannot validated validateuser method when maxinvalidpasswordattempts reached within passwordattemptwindow.

to set property false , let user try log in again, can use unlockuser method.

edit

did check isapproved? authentication fail false user.

also, assuming default membership provider, mean sqlmembershipprovider, can run following query against database , make sure looks correct?

select isapproved, islockedout, failedpasswordattemptcount aspnet_membership applicationid = @yourapplicationid , userid = @userid

try executing query before attempting sign in verify isapproved , islockedout ok. note value failedpasswordattemptcount.

try signing in, , run query again. if signin fails, has value failedpasswordattemptcount been incremented?

you @ passwordformat in aspnet_membership table , make sure correct value depending on format using (0 clear, 1 hashed, , 2 encrypted).


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more