I am using asp.net mvc along with SQL server. An user of my application created a username like "abcd efgh", with space between the user name. it worked for some time and now it stopped working. I checked that user is entering the correct data. This happened even user did not have a space in it. I set up the membership database using Aspnet_regsql.exe.
Any help in trouble shooting this is appreciated.
Are you sure that you are not parsing/modifying the username or password before giving it to Membership?
Why don't you set a breakpoint in your Controller Action and see what username and password are at that point?
Related
In a self-hosted C1-CMS (formerly Composite C1), how can I reset or recover the password? Can the password be viewed or reset somewhere on the server?
(Composite C1 4.3, Build 4.3.5555.25838)
If you are using the default XML data store, the users and encrypted passwords are stored in: /App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
If you have another user with a password you know, you can replace the encrypted password string on the account you are trying to access, with the encrypted password from the account you know. Then login and change the password.
I received this answer from the official Orckestra support team (very helpful, although I am not a paying customer, thumbs up!):
You cannot recover the password, but if you have access to the files (or SQL Database, if you migrated data to SQL) you can reset the password:
This should work for sites running on XML data store (default):
Edit the file ~/App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
Locate the xml element for the user you want to reset the password for
Change the following two attributes to the shown values:
EncryptedPassword="hsfIeqkVA5yoMIwzYIx4fWny5GjwNwiM3wA5K+9qCug="
PasswordHashSalt="/zgEhlwBe6Vl0HHqMFPxafrtwqlRIGVS"
Save the file.
If your site is on SQL, locate the table Composite_Data_Types_IUser_Published and put the above shown values into the corresponding columns (EncryptedPassword and PasswordHashSalt).
You should now be able to log in using the password "123456" for the user you changed above. Once in the CMS Console, you can set a new password using the top Tools menu (top right user menu n V5 and later).
I recently had a scenario where neither of the suggested methods would work for me. I was able to remedy this by creating a c1 instance locally, creating a user with the same username and the desired password, and then overwriting the password salt and hash from the local site to the one you're locked out of.
I'm trying to transfer a cakephp3 application from my local linux server to a online webhoster.
I managed to migrate the database and put it online. The only way to connect to the internet for me is through a proxy right now. However this proxy blocks the website, so I'm using a webproxy (proxfree.net and hide.me) to access the website.
Whenever I try to login I get a 'invalid username or password'.
When I try to create a new user, it saves a record, but with an empty field for the pseudonym (username).
I wrote a test for the database connection
$db = ConnectionManager::get('default');
echo "To database ".($db->isConnected()?"connected":"disconnected")."\n";
It says it's connected to the database. I'm also able to print the usernames on the login-site, so the database-connection works definitely.
Login: marcusmoenius.bplaced.net/app/users/login
Add user: marcusmoenius.bplaced.net/app/users/add
Does anyone know, why I can't login? Is anyone else able to login? It worked on my local machine
example username and password:
username: Stella
password: Superman
OK, so it was no problem with the webspace, but with my understanding of the cakephp-functionality.
Apperantly the passwords-hashes don't match on the webhoster. So I needed to add new users with new-hashed passwords.
But the registration of new users didn't work, because I marked the pseudonym-field as not _accessible in the users-table. So when I invoked the patchEntity-method in the controller, it didn't apply the pseudonym-field and hence didn't put a valid record in the database.
I have in my web application a role called "Administrator". Users who have this role should be able to modify the information about the registered users.
I am thinking about displaying a table with the user details such as e-mail, username, and be able to change them but I don't know what should I do if a users comes to the office physically, goes to an admin and asks for a password change (yes they can do that). Should the admin just press a reset button over the row and tell the user to check his e-mail when he arrives home and proceed with the recovery? (reset link for example) Or should the administrator reset the user's password and give him his new password in that very moment? The second approach is preferable as I was asked to do that...
I know that the admin shouldn't be able to see the original password as it should be hashed and unknown.
What are your thoughts about this? How would you implement this functionality? Thanks for your help.
There is no one perfect answer for this question. The question of workflow will always be dependent on the specific use-cases of an application and will depend on the context it is built in.
That being said, you are right about one thing - it is horrible, and I do mean horrible, security breach to let an Admin or any other user view a clear text password for someone else. So that's definitely off the table.
In your case, it seems giving the admin the right to change someone's password is the way to go. If you're worried about how it looks, don't be. Google Apps allows domain administrators to change the password for any email account under that domain.
Finally, I would suggest a small additional safety measure. When an Admin changes another user's password, store the old encrypted password in a column, don't delete it. When the admin set's the new password, shoot out an email to the user saying "Your password was changed by the Administrator, if you did not request for this, please click here". When they click on the link in the email, simply overwrite the new password with their old one.
That way in case an Admin is changing passwords without the user requesting it, you have a recourse for the user and the logs will keep you informed of how many time an admin has had a password reset revoked by the user.
While developing my app, I suddenly can't login using Auth anymore, according to Cake, the password or username is not correct.
When I track the query, the password (hashed) that Cake is looking for is not the one that the user has. I matched the query password to the User table in MAMP.
What can be the reason of this sudden error? What can Cake make looking for another password that not exists in the user table.
all error logs are clear
I can register a user without any issue
I use everything the standard Cake way (Auth, register process etc)
Many thanks!
well, most likely, you changed the salt value in core.php or hash mehod, or both. That's the only 2 reasons the hash is different for the same password.
Is there any way that I can put a checkbox of Remeber password in my winform as I have no tables for username and password.I am checking for the username and password directly in the server...
Answer please if am clear with my question.
Most simplest way to do that would be to store the provided password in the Application or User Settings. You may want to use some kind of encryption so that it is not stored as plain text.
I think you need to use the Windows Credentials Manager API
When you start you WinForms application you will get Windows Credential Manager dialog. You will also have Remember Password option on it. When you enter your credentials they will be safely stored with Windows.
Check this link to see how to get this done - http://www.developerfusion.com/code/4693/using-the-credential-management-api/2/