Reset Password and Login
I have a table of existing users from another project. But the passwords are hashed and I can't copy them to the SF tables (different hashing and no salt).
I have a strategy (I don't like it, but it should work) where I try to log in the user through the SF provider. If it fails, I check to see if the password matches the password in the old table (after hashing). I can then change the password in SF using the following code. Changing the password works, but logging in the user doesn't work. If I try logging in a second time, it works fine since the SF tables have been updated.
It's like the user's credentials are cached or something. I tried authenticating off the reset password before changing the password to no avail. I also tried calling UserManager.GetManager().SaveChanges();
User user = UserManager.GetManager().GetUser(username);
string
resetPassword = user.ResetPassword();
user.ChangePassword(resetPassword, newPassword);
response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword,
true
);
Hi Eric,
If you know the antilogarithm used for hashing you can decrypt the password, otherwise there is no straight forward way to get the password.
What is the value of the result you get both the times when you try to authenticate a user?
Greetings,
Ivan Dimitrov
the Telerik team
It's a one-way hash, so I can't get the original password back.
After changing the password, AuthenticateUser returns "Unknown". But if I make the same call to AuthenticateUser in a subsequent request, AuthenticateUser returns "Success".
That's what makes me think there's some caching going on.
Upon further testing, there's a relevant line that I omitted that's causing the problem. Actually the previously listed code worked. This is what doesn't work...
User user;
SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword,
true, out user
);
if
(user ==
null
)
user = UserManager.GetManager().GetUser(username);
string
resetPassword = user.ResetPassword();
user.ChangePassword(resetPassword, newPassword);
response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword,
true
);