Password retrival?

Topics: Controls, Themes
Mar 7, 2009 at 4:10 PM
Does BE membership support it?
Coordinator
Mar 7, 2009 at 6:15 PM
Which membership provider are you using?  With the default provider, XmlMembershipProvider, and the default settings, the passwords are hashed which means they are not unencryptable -- and thus, non-retrievable.

In the web.config file, you'll see passwordFormat="Hashed" as an attribute of the XmlMembershipProvider.

You can manually reset someone's password in the users.xml file by clearing out the Password value so it is:

<Password></Password>

Then the person can log in using the default "admin" password (but this file is cached, so an app restart is necessary for manual changes to be detected).  Once logged in, they can change their password to something else.  There's actually a ResetPassword() method and GetPassword() method available for Membership and even a built-in PasswordRecovery control, but BE's XmlMembershipProvider hasn't implemented any code for this.

Other possible values for "passwordFormat" are "Clear" or "Encrypted" ... but at a quick glance, it doesn't appear BE's XmlMembershipProvider handles the "Encrypted" possibility.  If you switched to "Clear", you should be able to retrieve the password.  But you would want to have some way to verify who the person is, or possibly send the password by email to the email address already on file for that user.
Mar 7, 2009 at 9:16 PM
Thanks for the reply, I am using the VistaDB Express membership at this time.

I was interested in using the PasswordRecovery Control. didn't think it was supported yet.

Do you know if there is an Access Membership Provider for BE floating around. I find Access very easy to work with, although I know it is not recommended for the Internet.
Coordinator
Mar 7, 2009 at 9:46 PM
Edited Mar 7, 2009 at 9:49 PM
I haven't seen an Access membership provider (there could be one though).  However the VistaDB database and SQL Server database both use the same DbMembershipProvider included with BE.  The DbMembershipProvider is intentionally designed generically so it can interface with different types of database backends ... provided they support standard SQL syntax.

Because of this, you might even be able to use the same DbMembershipProvider to connect to an Access database.  Off the top of my head, I think all that is involved is changing the connection string in your web.config file so it points to an Access database, creating the tables in the Access db (be_Users, be_Roles, be_UserRoles), and populating the tables with some initial data.  The backend migration tool might even help.

But, like you said, Access is not an ideal backend for internet based sites (or probably any multi-user usage).

Even with your current VistaDB, if you changed the passwords you're storing from 'Hashed' to 'Clear', you could modify the DbMembershipProvider so it will retrieve passwords, or you could run your own DB query from a password retrieval page to retrieve a password.