Custom change password widget and backend permissions - Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 09-Aug-2012 00:00

I created a simple change password widget requiring the user to enter in their old password, a new password and confirm password and I get the error that says "You are not authorized to 'Manage Users' ('Backend')."

UserManager userManager = UserManager.GetManager("Default");

User user = userManager.GetUser(userId);

bool result = userManager.ChangePassword(userId, oldPassword, newPassword);

if (result)

userManager.SaveChanges();

return result;

I don't know where to go from here.

Posted by Community Admin on 14-Aug-2012 00:00

Hi Daniel,

By default anonymous users are not allowed to manage users. When you are not logged in, you are an anonymous user. You can grant needed rights for a given role (Anonymous) from Settings >> Permissions section of Sitefinity's backend. Or grant the rights to users who would then have to be logged in to change their password.

Or you can get around the security check for just this action in code:

userManager.Provider.SuppressSecurityChecks = true;

userManager.SaveChanges();

userManager.Provider.SuppressSecurityChecks = false;

Regards,
Randy Hodge
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 14-Aug-2012 00:00

Thanks for the insight and I will try the code you provided. One thing I don't understand is that the user is logged in and still can't change their password. I tried going to the Settings >> Permissions area but I get a error when the page loads that says "This instance is not initialized." Any ideas on how I can fix this?

This thread is closed