Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 7 of 7

Thread: Authentication using super admin account

  1. #1
    brianw is offline Member
    Join Date
    Aug 2008
    Posts
    66

    Default Authentication using super admin account

    Interesting bit we discovered - if your super admin account's password has expired - the WSI token is rejected when authenticating until you log in thru the admin and reset the password.

    Question it raises is - can we set the PasswordChanged date on that admin to 30 years ahead (or some such) and have it never expire or is there something else that triggers that reset?

    Or is there some other way to authenticate that doesn't expire such as is done with a conn string in sql? Having a constantly expiring password at an application level would be very cumbersome, difficult to manage and potentially a huge issue if resources who knew the password left, etc.

  2. #2
    cmillens is offline Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Default

    If you have a source license, you can do what you please. But, from what I've seen of the default code base (at least in the 7.x line) that wouldn't do the job.

    Easiest might be to (what we used to do as well) is to just run a nightly agent that changes things as desired for the desired user accounts.

    Remember that password expiration is REQUIRED to meet the various certification the source code goes through. Changing that behavior will most likely invalidate those certifications for your particular installation.

  3. #3
    ASPDNSF Staff - Jon's Avatar
    ASPDNSF Staff - Jon is offline Senior Member
    Join Date
    Sep 2004
    Posts
    11,419

    Default

    The "AdminPwdChangeDays" AppConfig can be set to the number of days old an admin password can be before a password change is required.
    Jon Wolthuis

  4. #4
    mohanrh is offline Member
    Join Date
    Jul 2009
    Posts
    78

    Default Peculiar problem.

    I have gone through the installation procedures for WSI as per the manual. When I test using the WSI Importtester program, the application works fine without WSE3 token authentication. However I get this error when I check the WSE3 Token Auth
    "Authentication Failure. Probably an invalid Password specified? When using WSE3, you must enter here the master hashed password from the AspDotNetStorefront database (do not use the clear text password)"

    I am using the hashed password for the super admin user from the database. I even rest the password just to make sure that the password is current.

    Any help is greatly appreciated.

  5. #5
    ASPAlfred is offline Senior Member
    Join Date
    Nov 2007
    Posts
    2,244

    Default

    In cases like this, when you actually copy the hashed password from the customer's table, there were some special characters that weren't copied properly or there were some extra spaces ... I'd recommend to copy the password first in the notepad before pasting it on the password field. If this doesn't work still, just unchecked the WS3 Token Authentication box.

  6. #6
    sohan is offline Member
    Join Date
    Jun 2009
    Posts
    33

    Default

    Hi! AspDotNetStorefront Staff - Alfred

    I already have username and password on my existing database and it is plain text and I need to populate those information in AspDotNetStorefront.. what is the hash function I need to used in my insert query..So that customer can use their existing username and password.

  7. #7
    jimsawyers is offline Junior Member
    Join Date
    Jul 2008
    Posts
    26

    Default

    Quote Originally Posted by AspDotNetStorefront Staff - Alfred View Post
    In cases like this, when you actually copy the hashed password from the customer's table, there were some special characters that weren't copied properly or there were some extra spaces ... I'd recommend to copy the password first in the notepad before pasting it on the password field. If this doesn't work still, just unchecked the WS3 Token Authentication box.

    Can you tell more about unchecking the WS3 token? How do you do it, are there any security concerns doing this?