SiteUser.Password and hashed passwords in DB - cannot login

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
3/28/2012 12:06:39 PM
webmonkey
Gravatar
Total Posts 15
View Posts

SiteUser.Password and hashed passwords in DB - cannot login

I set hashing for passwords.
Next, I am adding a user in code like this:

SiteUser user = new SiteUser(siteSettings);
user.LoginName = "superuser";
user.Password = "user1234";
user.Save();

After that I am trying to login using  superuser and user1234 and cannot login.

What I am doing wrong?

Thanks.

 

3/28/2012 12:16:14 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: SiteUser.Password and hashed passwords in DB - cannot login

You are creating the user with a plain text password, you'll need to do something more like this:

using System.Web.Security;

mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;
user.Password = m.EncodePassword(siteSettings, user, "user1234");

Hope that helps,

Joe

3/28/2012 12:31:10 PM
webmonkey
Gravatar
Total Posts 15
View Posts

Re: SiteUser.Password and hashed passwords in DB - cannot login

Thanks for answer, but what is done when this line is executed:

user.Password = "user1234";

What will be stored in the DB?

3/28/2012 12:41:30 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: SiteUser.Password and hashed passwords in DB - cannot login

That line is setting the property on the user to a clear text password, nothing is saved in the db until you save it.

It will be saved exactly as it is set, it must be hashed or encrypted before saving it if using hashed or encrypted. By using the method I showed you it will always be encoded properly according to the password format, ie if using clear text it is not encoded by the method I showed you but if using hashed it will be hashed or if encrypted it will be encrypted. using the method I showed you is the only correct way to do it. Note that when using hashed or encrypted the password salt is also generated and set as a property on the user by the EncodePassword method that is why the user must be passed into the method.

3/28/2012 1:27:36 PM
webmonkey
Gravatar
Total Posts 15
View Posts

Re: SiteUser.Password and hashed passwords in DB - cannot login

Thank you!

Just have no idea what I would do without your help, resetting passwords for 4000+ users - Surprised

You must sign in to post in the forums. This thread is closed to new posts.