Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationUsing Hashed Passwords with DNN 5.5.0Using Hashed Passwords with DNN 5.5.0
Previous
 
Next
New Post
8/25/2010 1:40 PM
 
Rob Ralston

Joined: 12/18/2005
Posts: 96
Hello. Just thought I would document some testing I did today. I upgraded a very basic 4.9.5 test site to v5.5.0, which seems to have gone well.

One thing I have often wanted to implement, but just never worked correctly is hashed passwords. You could always do it, but the user had no way to reset their password and the question answer mechanism didn't work properly.

So I thought I would try this on v5.5.0, and it actually works. Set these attributes in web.config for "AspNetSqlMembershipProvider"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed"

Now a new user registration will include fields for a user defined Question & Answer
If a user forgets their pass phrase, they can now reset it (not retrive it) via the forgot password link. It will prompt them for the answer to their question.
The system generates a random password and emails it to the user.
The user can then login and change their pass prhase to something they can remember.

So this now seems to work like a charm. However (there's always an "however"), if you require a question/answer, which I personally feel is only sensible to avoid abuse, this prevents an administrator from creating any user accounts via the user manager. You can try, but it will stop you with a warning:
 "Your configuration requires the user to enter a Password reminder Question and Answer. This is incompatible with Administrators adding users, so has been disabled for this portal".

Even if you configure user settings to require a valid profile for logon, which for a newly created user, could potentially prompt the user to provide a question/answer when they log in, you cannot create accounts.

While in general, most portals will have the majority of users self-register, there are always exceptions. It seems like this is so close to being completely functional. An obvious work around is to simply register the user on their behalf, and create a dummy question/answer for them, and a crazy password so they will want to change it after their first login.

Bottom line, it is at least usable now. Not sure in which version of 5.x it was fixed to this point, but I am glad it has been.

Rob Ralston
Rob Ralston, SilverBullet Technologies LLC, www.silverbullettech.com
 
New Post
8/25/2010 2:13 PM
 
Rob Ralston

Joined: 12/18/2005
Posts: 96
I thought I should add that this is not something you would want to just change on an existing portal without a good plan in place. Existing encrypted passwords would not magically become hashed, and existing users would not have the required question/answer to reset their passwords. There are likely other caveats also for an existing portal.

Rob
Rob Ralston, SilverBullet Technologies LLC, www.silverbullettech.com
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationUsing Hashed Passwords with DNN 5.5.0Using Hashed Passwords with DNN 5.5.0


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out