password

Vote:
 
is it possible to resend a users password via email if they have forgotten it? Or is it better to reset it? If i try to access UserSid.Password I get the message "it lascks the get accessor" - Is there another object I should use? /John
#12234
Mar 09, 2005 10:36
Vote:
 
It is better to reset it and then email it to user. You need use UserSid.SetPassword function
#13893
Mar 09, 2005 16:11
Vote:
 
Thanks - as suspected. I got help to do it via the back door - but I wanted to know if it was possible through the front door :)
#13894
Mar 09, 2005 17:06
Vote:
 
As of EPiServer 4.41 passwords for extranet users are stored cryptographically hashed in the database. This means that the password cannot be retrieved in its original form; passwords can only be changed or compared with credentials entered by the user. Together with the hash value, a per user generated salt value is used to season passwords, in affect enhancing the protection by, for example, ensuring that users with identical passwords get different hash values. This feature is enabled by default on all new installations but not on upgrades. Even though the EPiServer API is fully backward compatible, there may be other reasons for not wanting to enable this: • You have custom functionality that for some reason reads the password directly from the database. This approach is not recommended by ElektroPost. • You have an upgraded EPiServer 3 site that is using extranet users with EPiSec. EPiSec is not compatible with hashed passwords. http://www.episerver.com/en/EPiServer_Knowledge_Center/Support/FAQ_EPiServer_4/1010/3276/
#13895
Mar 09, 2005 18:59
Vote:
 
Even I am facing a similar problem. I am not able to compare/validate the user typed password in the login screen against the extranet user's password using UserSid.Password property.
#13896
Aug 03, 2006 18:01
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.