New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Prevent Users From Using Previous Passwords?Prevent Users From Using Previous Passwords?
Previous
 
Next
New Post
12/1/2008 3:55 PM
 

We have a requirement from a client to store the previous twelve (!) passwords and not allow users to reuse any of those twelve passwords. I believe this isn't possible given an OOTB DotNetNuke installation. Is there an easy way to extend the existing AspNetMembershipProvider to store and check against the last "x number" of passwords?

Thanks!

 
New Post
12/22/2008 2:22 PM
 

Here is what I would do:

1. Create a table called "PreviousUserPasswords" and make some fields - ID, userid, Password DateCreated,

2. Open Admin/Users/Password.ascx.vb and find "Private sub cmdUpdate_Click()" around line 269.

3. put some codes before '1. check new password and confirm are the same''

[Some codes - no actual code, just comments. sorry for me being lazy lol ]

'0. Check the new password against a table PreviousUserPassword.

'execute sql (e.g. where password = txtNewpassword.txt) to check to see if there is any same password the user created before.

'if there is a same password in the table, throw an error message.  If it's not same, update the user password and also add the new password to the PreviousUserPasswords. Overwrite the oldest password if there are 12 passwords or more associated with this particular user.

lol. 12 passwords... I wouldn't be able to login to the site 4ever if i forget my password. Just imagine,,, users keep tying their passwords but nothing works, that would create BIG frustration.  i mean,,, i myself don't have 10 unique passwords. Well, that's what your client asked you to do right? GOOD LUCK!

 
New Post
12/22/2008 11:14 PM
 

I have similar requirement. I think with slight modification  I can use your sugestion.

 
New Post
12/23/2008 5:28 PM
 

Another way without modifying the core would be to create your own custom membership provider and override the ChangePassword method, where you can add your custom logic and affect the UserPasswords table each time a password is changed. Then you'd override the ValidateUser method or the UserLogin method to check that the provided password is valid according to your criteria. You can have a quick look in how to implement this here:

http://briansamson.com/b/2006/dotnetnuke-4-custom-authentication-single-sign-on/

Once you have your own dll, make the according changes in the Providers sections of your web.config and you are ready to go. It envolves a bit more effort, but if you need to reverse the changes you'll only be one line away, and you wont have to worry (too much) when you need to upgrade your DNN installation.

Cheers,

 
Previous
 
Next
HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Prevent Users From Using Previous Passwords?Prevent Users From Using Previous Passwords?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.