ASP:ChangePassword control and changing another user's password

[Savvoulidis Iordanis]

In my application, the "Manager" membership user, is the one that creates all
the other users. They don't have the ability to register themselves. Only
through the Manager. So if so a user's password, must be altered later, the
Manager opens the users list page, selects the user and a ChangePassword
control is displayed, having the DisplayUserName property set to true (the
user name textbox is displayed). So, the Manager types the name of the user
to change his password, and supplies all the other password data and clicks
on the "Change Password" button. So far so good.

But, as the help file also mentions :
"After the password for the given user name is changed, the user is logged
on to the account associated with the changed password, even if the user was
not logged on to that account previously.",

this has the sideffect of, having the Manager log out of the application and
logged in again as the user whose password was changed, also trying to stay
on the same page (which is a page to be displayed only for Manager user!!!),
so I get an authorization error. It couldn't be worse!

Is there any way to avoid this, and leave the Manager as is, to continue his
work?

TIA
Iordanis

 

[Gregory A. Beamer]

=?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=

Is there any way to avoid this, and leave the Manager as is, to
continue his work?

Yes. You can use the Membership bits directly and call the methods on
them rather than using the drag and drop controls. A bit more work, but
you will be happier with it.

I have an example at home on a CD, if I can find it. We set up so an
administrator could search for a user by name, email, etc and then
change the password without logging in as the user. In fact, I had it so
it could be done on a completely different site <bg>, as we had multiple
sites using the same Membership bits (custom wrapping the built in
bits), but different databases.

The only thing I am not sure of is whether the customization was
necessary to change a user's information.

If I get a chance, I will resurrect it and post a bit of code.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************

 

[Savvoulidis Iordanis]

Thanks! Can't wait...

 

[Registered User]

In my application, the "Manager" membership user, is the one that creates all
the other users. They don't have the ability to register themselves. Only
through the Manager. So if so a user's password, must be altered later, the
Manager opens the users list page, selects the user and a ChangePassword
control is displayed, having the DisplayUserName property set to true (the
user name textbox is displayed). So, the Manager types the name of the user
to change his password, and supplies all the other password data and clicks
on the "Change Password" button. So far so good.

But, as the help file also mentions :
"After the password for the given user name is changed, the user is logged
on to the account associated with the changed password, even if the user was
not logged on to that account previously.",

this has the sideffect of, having the Manager log out of the application and
logged in again as the user whose password was changed, also trying to stay
on the same page (which is a page to be displayed only for Manager user!!!),
so I get an authorization error. It couldn't be worse!

Is there any way to avoid this, and leave the Manager as is, to continue his
work?

As you have determined the ChangePassword control is intended to be
used by the account holder. To avoid the problem don't use that
control for this purpose.

What sort of interface is used by the manager to register users? This
management interface needs to be able to perform CRUD operations on
user membership records. This is best done by programmatically using a
MembershipProvider directly. Depending upon your situation a custom
MembershipProvider may be more suitable.

Either way a UI will need to be created to manage MembershipUser
instances.

regards
A.G.

 

[Savvoulidis Iordanis]

By the way, how can I hide the cancel button in the ChangePassword control?
Before creating a ChangePassword.aspx page, I used to open the control in a
popup, so the Cancel button was not needed. I clicked outside the popup
window to close it.

What I use is :

CType(ChangePassword1.FindControl("CancelPushButton"), button).Visible = False

where "CancelPushButton" is the templated cancel button name, but it didn't
work (either in template mode or not)

 

[Savvoulidis Iordanis]

Using the following simple code, I' ve managed to do what I want, without
reinventing the wheel and still use the control!! I just used the
ChangingPassword event, in which I manually do what I want to do, and then
cancel it and return to the SuccessUrl set. But anyway if this approach has
any hidden disadvantage, I'd like to here what anyone has to say. Code
follows :

Protected Sub ChangePassword1_ChangingPassword(ByVal sender As Object, ByVal
e As System.Web.UI.WebControls.LoginCancelEventArgs) Handles
ChangePassword1.ChangingPassword
Dim u As MembershipUser
Dim ls_random_pass As String

Try
u = Membership.GetUser(ChangePassword1.UserName)

If u IsNot Nothing Then

ls_random_pass = u.ResetPassword()
u.ChangePassword(ls_random_pass, ChangePassword1.NewPassword)
End If

e.Cancel = True
' πήγαινε στη σελίδα των χÏηστών
Response.Redirect(IIf(Not
String.IsNullOrEmpty(ChangePassword1.SuccessPageUrl),
ChangePassword1.SuccessPageUrl, ChangePassword1.ContinueDestinationPageUrl))

Catch ex As Exception
' display a message somewhere
End Try

End Sub

PS. How can I disable the UserName control in the ChangePassword control?
That's because I want to set it only through code.

 

[Gregory A. Beamer]

=?Utf-8?B?U2F2dm91bGlkaXMgSW9yZGFuaXM=?=

Thanks! Can't wait...

I will likely blog it and link here, as this issue comes up again and again
in forums.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************