password

Vote:
 
is it possible to resend a users password via email if they have forgotten it? Or is it better to reset it? If i try to access UserSid.Password I get the message "it lascks the get accessor" - Is there another object I should use? /John
#12234
Mar 25, 2008 18:34
Vote:
 
It is better to reset it and then email it to user. You need use UserSid.SetPassword function
#13893
Mar 25, 2008 18:43
Vote:
 
Thanks - as suspected. I got help to do it via the back door - but I wanted to know if it was possible through the front door :)
#13894
Mar 25, 2008 18:43
Vote:
 
As of EPiServer 4.41 passwords for extranet users are stored cryptographically hashed in the database. This means that the password cannot be retrieved in its original form; passwords can only be changed or compared with credentials entered by the user. Together with the hash value, a per user generated salt value is used to season passwords, in affect enhancing the protection by, for example, ensuring that users with identical passwords get different hash values. This feature is enabled by default on all new installations but not on upgrades. Even though the EPiServer API is fully backward compatible, there may be other reasons for not wanting to enable this: • You have custom functionality that for some reason reads the password directly from the database. This approach is not recommended by ElektroPost. • You have an upgraded EPiServer 3 site that is using extranet users with EPiSec. EPiSec is not compatible with hashed passwords. http://www.episerver.com/en/EPiServer_Knowledge_Center/Support/FAQ_EPiServer_4/1010/3276/
#13895
Mar 25, 2008 18:43
Vote:
 
Even I am facing a similar problem. I am not able to compare/validate the user typed password in the login screen against the extranet user's password using UserSid.Password property.
#13896
Mar 25, 2008 18:43