Custom change password widget and backend permissions
I created a simple change password widget requiring the user to enter in their old password, a new password and confirm password and I get the error that says "You are not authorized to 'Manage Users' ('Backend')."
UserManager userManager = UserManager.GetManager("Default");
User user = userManager.GetUser(userId);
bool result = userManager.ChangePassword(userId, oldPassword, newPassword);
if (result)
userManager.SaveChanges();
return result;
Hi Daniel,
By default anonymous users are not allowed to manage users. When you are not logged in, you are an anonymous user. You can grant needed rights for a given role (Anonymous) from Settings >> Permissions section of Sitefinity's backend. Or grant the rights to users who would then have to be logged in to change their password.
Or you can get around the security check for just this action in code:
userManager.Provider.SuppressSecurityChecks =
true
;
userManager.SaveChanges();
userManager.Provider.SuppressSecurityChecks =
false
;
Thanks for the insight and I will try the code you provided. One thing I don't understand is that the user is logged in and still can't change their password. I tried going to the Settings >> Permissions area but I get a error when the page loads that says "This instance is not initialized." Any ideas on how I can fix this?