Reset Password and Login

Posted by Community Admin on 03-Aug-2018 20:35

Reset Password and Login

Sitefinity - General Discussions

All Replies

Posted by Community Admin on 20-May-2011 00:00

I have a table of existing users from another project. But the passwords are hashed and I can't copy them to the SF tables (different hashing and no salt).

I have a strategy (I don't like it, but it should work) where I try to log in the user through the SF provider. If it fails, I check to see if the password matches the password in the old table (after hashing). I can then change the password in SF using the following code. Changing the password works, but logging in the user doesn't work. If I try logging in a second time, it works fine since the SF tables have been updated.

It's like the user's credentials are cached or something. I tried authenticating off the reset password before changing the password to no avail. I also tried calling UserManager.GetManager().SaveChanges();

User user = UserManager.GetManager().GetUser(username);
string resetPassword = user.ResetPassword();
user.ChangePassword(resetPassword, newPassword);
response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true);

Any ideas? Thanks.
Eric

Posted by Community Admin on 20-May-2011 00:00

Hi Eric,

If you know the antilogarithm used for hashing you can decrypt the password, otherwise there is no straight forward way to get the password. 
What is the value of the result you get both the times when you try to authenticate a user?

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 20-May-2011 00:00

It's a one-way hash, so I can't get the original password back.

After changing the password, AuthenticateUser returns "Unknown". But if I make the same call to AuthenticateUser in a subsequent request, AuthenticateUser returns "Success".

That's what makes me think there's some caching going on.

Posted by Community Admin on 23-May-2011 00:00

Upon further testing, there's a relevant line that I omitted that's causing the problem. Actually the previously listed code worked. This is what doesn't work...

User user; 
SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true, out user);
 
if (user == null)
    user = UserManager.GetManager().GetUser(username);
    string resetPassword = user.ResetPassword();
    user.ChangePassword(resetPassword, newPassword);
    response = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, newPassword, true);

If I skip the initial AuthenticateUser request, it works fine.

This thread is closed