Users should not be allowed to reuse passwords

Apr 7, 2014 at 3:03 PM
How can i able to change fba tool for , Users should not be allowed to reuse passwords.
Coordinator
Apr 7, 2014 at 3:22 PM
You'd have to customize the membership provider database to store a history of the hashed passwords, and then modify the change password web part to query and validate against this when the user goes to change his password.
Apr 17, 2014 at 11:08 AM
Thank You...

Is there is any way to decode the old password which is hashed...
I need to compare the new password with old ....

I am modiifying the change password web part, please may i know whether i am changing at right location....

void _ctlChangePassword_changedPassword(object sender, EventArgs e)

Can you please help?
Coordinator
Apr 17, 2014 at 1:27 PM
You cannot decode a hashed password. What you can do is hash the new password and then compare the hashed password with the existing hashed password. That's how login works.

_ctlChangePassword_changedPassword is a method that's called when the password has been successfully changed.

To do this, I don't think you should modify the FBA Pack - instead you should create a custom membership provider and override the ChangePassword method:

http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

The membership provider is what does all of the backend work for FBA (listing users, authenticating, changing passwords...)
May 6, 2014 at 5:36 PM
Edited May 6, 2014 at 5:37 PM
I created the custom membership provider and override the change password method. But when i changed the sql provider to custom provider in the machine .config, error occurs "A membership provider does not configured correctly, check web.config settings for web application".
Other than Machine.config, do we need any changes to done on FBA tool. I tested the asp.net webpart with custom provider for changing password, it works good.

I have extended sqlmembershipprovider not membershipprovider, does that creates the problem ?


<add name="CustomProvider"
 type="fba.aspnet.provider.customprovider, customprovider"
  connectionstringname="FBADB"
.....etc

Please suggest......
Coordinator
May 6, 2014 at 6:57 PM
Other than the Machine.config, it also needs to be changed in the SecurityTokenService. However the Machine.config settings are all that will be used once you're logged in. Your custom provider will need to be registered in the GAC as well. If you're still having problems, i'd suggest attaching the debugger in the FBA Pack source code to better inspect what's causing the error.