Monday, June 18, 2012

SharePoint 2010 FBA : Forgot Password Page (asp.net Membergship)


Forgot Password SharePoint 2010 FBA or 
Password Recovery page


<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ForgotPassword.aspx.cs"
    Inherits="Extranet.ApplicationPages.ForgotPassword" MasterPageFile="~/_layouts/simple.master" %>

<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">
</asp:Content>
<asp:content contentplaceholderid="PlaceHolderIcon" runat="server">
   <img   title="pgclogo" border="0" alt="PGC Logo" src="/_layouts/images/logo.gif"  />
</asp:content>
<asp:content id="Main" contentplaceholderid="PlaceHolderMain" runat="server">

<div>

// Please update your MembershipProvidename here
     <asp:PasswordRecovery ID="PasswordRecovery12" BorderPadding="4" Runat="server" MembershipProvider="SQLMembershipProvider" >

      </asp:PasswordRecovery>
      
</div>


</asp:content>
<asp:Content ID="PageTitle" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
    Forgot Password
</asp:Content>
<asp:content id="PageTitleInTitleArea" contentplaceholderid="PlaceHolderPageTitleInTitleArea"
    runat="server">
Forgot Password
</asp:content>


namespace Extranet.ApplicationPages
{
    public partial class ForgotPassword : UnsecuredLayoutsPageBase
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }

       //protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
        //{
        //    e.Message.IsBodyHtml = false;
        //    e.Message.Subject = "New password on Web site.";
        //}


        //it allows access this page to anonymous users by overriding AllowAnonymousAccess method
        protected override bool AllowAnonymousAccess
        {
            get
            {
                return true;
            }
        }
    }
}


web.config change

<system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="update your address">
        <network
        defaultCredentials="true"
        host="yourhostname"
        port="25"
        />
      </smtp>
    </mailSettings>
  </system.net>

Membership connectionstring

 <add connectionStringName="SQLConnectionString" passwordAttemptWindow="5" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" description="Stores and Retrieves membership data from SQL Server" name="SQLMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" />



6 comments:

  1. Hi
    im getting error when i specify enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" as belkow
    An unexpected error has occurred.
    Could you please help me
    Im developing it against activedirectorymemebrship...

    ReplyDelete
  2. Please follow below posts for sharepoint 2010 fba with active directory
    http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx
    http://www.sharepointboost.com/blog/sharepoint-2010-form-based-authentication-using-active-directory/
    http://www.techgrowingpains.com/2010/01/setup-sharepoint-forms-based-authentication-fba-with-active-directory/

    ReplyDelete
    Replies
    1. thanks for your reply but I have already configured active directory membership on FBA ,I have create custom login page, but i want to Forgot password link and the changes you mentioned in above post I have applied it in web.config,but I found below info.
      You can only set the EnablePasswordReset property true when the following membership element settings have been made.

      requiresQuestionAndAnswer must be true.
      The Active Directory schema must be modified to contain attributes for storing the password question and answer, as well as the three tracking fields for password-answer change attempts.
      attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributeMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockoutTime must be mapped to attributes in the Active Directory schema.
      If the above criteria are not met, a ProviderException is thrown at initialization. I have error means I have lack of this parameter values. So here my question arise , by modifying Active Directory schema, from a security point of view is it problematic?We guess Sharepoint App Pool account need to have either domain admin or at least password reset permissions for all users to use intranet solution, and this is something represents a potially large security hole that could be used to exploit access to active directory.

      Is there any other option to handle this situation ??

      I might be wrong in somewhere...

      Any help would be appreciated...

      Thanks :)

      Delete
  3. I have create a 'Forgot Password' link button with code
    SPUtility.Redirect("~/layouts/FBALogin/ForgotPassword.aspx", SPRedirectFlags.Default, this.Context, components);
    to redirect to ForgotPassword.aspx
    The ForgotPassword.aspx is based on your code. But I'm not able to redirect to that page. Please help

    ReplyDelete
  4. below post, you can see how i am redirecting to forgot password page

    http://suryapulipati.blogspot.com/2012/06/sharepoint-2010-fba-forms-login-page.html

    let me know still it is throwing any error.

    ReplyDelete

Followers