I am seeking some help on a telerik sitefinity backend feature. I'm creating users from a custom radgrid programatically. The code that I'm using to create a sitefinity user is as follows:
public MembershipCreateStatus AddUser(UserModel model, Role role)
{
var userManager = UserManager.GetManager();
var profileManager = UserProfileManager.GetManager()
var roleManager = RoleManager.GetManager("AppRoles");
MembershipCreateStatus status;
userManager.Provider.SuppressSecurityChecks = true;
var user = userManager.CreateUser(model.UserName, model.Password, model.Email,
model.SecretQuestion, model.SecretAnswer, true, null, out status);
if(status == MembershipCreateStatus.Success)
{
roleManager.AddUserToRole(user, role);
roleManager.SaveChanges();
var profile = profileManager.CreateProfile(user, Guid.NewGuid(),
typeof(SitefinityProfile)) as SitefinityProfile;
if (profile != null)
{
profile.FirstName = model.FirstName;
profile.LastName = model.LastName;
//Set any Data Extended Properties below
}
profileManager.RecompileItemUrls(profile);
profileManager.SaveChanges();
userManager.SaveChanges();
}
return status
}
This will let me create a sitefinity user and I can see that the user is stored in the sf_users table. The problem that I'm having is I need a way to lookup and send a user their password if they forget the password. The password is hashed and saved in an encrypted format in the table in the database. I've looked for documentation on how to change the password format to clear text or something of the sort but I've been unsuccessful in finding anything useful yet.
If anyone knows how to accomplish this so that I can save the password as clear text in the database then that would be really great.
I don't know how SiteFinity works but it seems to use MembershipProvider. So the password format setting depends of the provider used and can be changed in the web.config file.
For example (http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx)
<system.web>
<membership defaultProvider="SqlProvider">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
passwordFormat="Clear" />
</providers>
</membership>
</system.web>
Anyway, storing password in clear way is not a good practice. Instead you should provide users an interface to reset their password. At least you should generate a new password and send them the new password (of course they must be able to change it). This way the password can be hashed before saving it in the database.
I am seeking some help on a telerik sitefinity backend feature. I'm creating users from a custom radgrid programatically. The code that I'm using to create a sitefinity user is as follows:
public MembershipCreateStatus AddUser(UserModel model, Role role)
{
var userManager = UserManager.GetManager();
var profileManager = UserProfileManager.GetManager()
var roleManager = RoleManager.GetManager("AppRoles");
MembershipCreateStatus status;
userManager.Provider.SuppressSecurityChecks = true;
var user = userManager.CreateUser(model.UserName, model.Password, model.Email,
model.SecretQuestion, model.SecretAnswer, true, null, out status);
if(status == MembershipCreateStatus.Success)
{
roleManager.AddUserToRole(user, role);
roleManager.SaveChanges();
var profile = profileManager.CreateProfile(user, Guid.NewGuid(),
typeof(SitefinityProfile)) as SitefinityProfile;
if (profile != null)
{
profile.FirstName = model.FirstName;
profile.LastName = model.LastName;
//Set any Data Extended Properties below
}
profileManager.RecompileItemUrls(profile);
profileManager.SaveChanges();
userManager.SaveChanges();
}
return status
}
This will let me create a sitefinity user and I can see that the user is stored in the sf_users table. The problem that I'm having is I need a way to lookup and send a user their password if they forget the password. The password is hashed and saved in an encrypted format in the table in the database. I've looked for documentation on how to change the password format to clear text or something of the sort but I've been unsuccessful in finding anything useful yet.
If anyone knows how to accomplish this so that I can save the password as clear text in the database then that would be really great.
I don't know how SiteFinity works but it seems to use MembershipProvider. So the password format setting depends of the provider used and can be changed in the web.config file.
For example (http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx)
<system.web>
<membership defaultProvider="SqlProvider">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
passwordFormat="Clear" />
</providers>
</membership>
</system.web>
Anyway, storing password in clear way is not a good practice. Instead you should provide users an interface to reset their password. At least you should generate a new password and send them the new password (of course they must be able to change it). This way the password can be hashed before saving it in the database.
0 commentaires:
Enregistrer un commentaire