Menu
Here's the situation :
I have an ASP.NET PasswordRecovery (http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.passwordrecovery.aspx) control used on my login page.
When I click on the "Recover link", it ask me for my username, I enter it, click the "Send my password" button, it notifies me that an email has been sent and then I can click on the "back" link to go back to the login control and proceed.
My problem is : If I click again on the "Recover link", the control is stuck in it's last state, which is the successful state or the failed state. If stuck in the successful state, the user won't be able to enter any username. Only the last successful message will be displayed, without being able to repeat the same procedure as before.
I would like to reset the PasswordRecovery control to it's initial state, so the user could do another password recovery operation without having to refresh the current page (hit F5).
I played a bit with the viewstate + destroy/recreate the control but without any success.
Anybody had this issue before?
Thanks in advance!
471
In either case, the nefarious user can visit the RecoverPassword.aspx page and enter the user's username. The system will then email the recovered password without prompting for the security answer. Bypass the abstraction layer created by the Membership framework and work directly with the SQL Server database.
Enter code and reset password Paste or type the code you received and select Next. Type your new password and select Next. If you successfully reset your password, now is a good time to set a reminder to verify your security contact info, or make changes to it. See Security best practices for more info.
The PasswordRecovery control renders an interface that prompts the user for their username and, if needed, the answer to their security question. It then emails the user their password.
However, disabling password recovery prevents unauthorized users from viewing the configuration or inserting different passwords. In this case, to restore the system to an operating state, load a new image and a backup configuration file, if available.
I validated that there is no clean way to do this (via ILSpy), see the example below for the slightly dirty way. Basically we use reflection to get the CurrentView property, which is an internal property, then we set the current view of the PasswordReset control to one of the three possible states: Username (0), Question (1), or Success (2).
Designer
<form id="form1" runat="server">
<div>
<asp:PasswordRecovery ID="pwr" runat="server"></asp:PasswordRecovery>
</div>
<span>Set Recover State: </span>
<asp:RadioButtonList ID="rblChangeState" runat="server" AutoPostBack="True"
onselectedindexchanged="rblChangeState_SelectedIndexChanged">
<asp:ListItem Text="Username" Value="0" />
<asp:ListItem Text="Question" Value="1" />
<asp:ListItem Text="Success" Value="2" />
</asp:RadioButtonList>
</form>
Code Behind
protected void rblChangeState_SelectedIndexChanged(object sender, EventArgs e)
{
Type t = pwr.GetType();
PropertyInfo viewSetter = t.GetProperty("CurrentView", BindingFlags.Default | BindingFlags.NonPublic | BindingFlags.Instance);
viewSetter.SetValue(pwr, Convert.ToInt32(rblChangeState.SelectedValue), null);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
