Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 20 of 20

Thread: Issues resetting password

  1. #1
    svetlanad is offline Junior Member
    Join Date
    Aug 2008
    Posts
    10

    Default Issues resetting password

    Currently we are using Storefront version 9.0.1.2 and are experiencing the following problem. When customers forget the password and they request a new one, then going back to the login page they are asked to enter the temporary password and confirm their new password. Upon hitting the Submit button nothing really happens as the user is asked once again to enter their current (temporary) password and confirm the new password. So they are being redirected over and over again to the same page and the password never gets reset. We have discovered that clearing the temporary ASP.Net files and doing iisreset clears the issue for some time but then at some point (for no apparent reason) it just comes back.
    Any advice on this issue will be very much appreciated as obviously customers are having troubles logging to the website. Thank you in advance!

  2. #2
    svetlanad is offline Junior Member
    Join Date
    Aug 2008
    Posts
    10

    Default

    Has anybody experienced that issue? Could you please let me know if this is a bug and if there is an available fix for it? I would appreciate any information as this is very urgent.

    Thank you!

  3. #3
    cjbarth is offline Senior Member
    Join Date
    Oct 2008
    Posts
    392

    Default

    I have this issue. It is quite painful and I can't find a solution. The only thing that I found seems to be reasonably consistent is that it happens when the user is an Admin or Super Admin. If the user is a regular user trying to change from a temporary password then it doesn't happen as often, but still happens.

    I haven't reported it yet because I usually wait until I find the offending code before I report bugs. However, if you hear of an answer to this one please let me know.
    ML9.3.1.1
    SQL 2012 Express
    VS 2010
    Azure VM

  4. #4
    ssgumby is offline Senior Member
    Join Date
    Feb 2009
    Posts
    683

    Default

    Quote Originally Posted by cjbarth View Post
    I have this issue. It is quite painful and I can't find a solution. The only thing that I found seems to be reasonably consistent is that it happens when the user is an Admin or Super Admin. If the user is a regular user trying to change from a temporary password then it doesn't happen as often, but still happens.

    I haven't reported it yet because I usually wait until I find the offending code before I report bugs. However, if you hear of an answer to this one please let me know.
    We have constant issue with password resets both in V8.x and V9.x. Ive just given up on a real solution.

  5. #5
    AspDotNetStorefront Staff - Scott's Avatar
    AspDotNetStorefront Staff - Scott is offline Administrator
    Join Date
    Mar 2007
    Location
    Ashland, OR
    Posts
    2,390

    Default

    That's a known issue in early 9.x versions that'll only happen if the random new password that is generated contains an asterisk (*). It's something to do with a .NET problem with hashed passwords that contained that character I believe, I don't have all the details.

    It's fixed in the latest release (9.1.0.1), and you can also easily work around it in older versions by just putting a little check in the signin.aspx.cs logic where we reset the password. If the new password contains a *, generate another one, otherwise go ahead and send the customer the new password.

  6. #6
    svetlanad is offline Junior Member
    Join Date
    Aug 2008
    Posts
    10

    Default

    Thank you all for replying! I just tested to make sure but it really does not matter in my case if the password contains '*' or not. The temp password I got was 'svNWtOB6' but the behavior was still the same and I got stuck on the reset screen. Currently we cannot upgrade to the latest version of the Store but since this is fixed in the latest version then can you please provide the code sample/fix that can be applied in the version we use? That is a significant problem if users cannot login to the website and essentially access the Store and complete a purchase! Any help will be greatly appreciated as on multiple occasions we have had very angry customers.

    Thank you!

  7. #7
    slicklocrian is offline Member
    Join Date
    Jan 2009
    Posts
    46

    Default soooooo, what about AspDotNetStorefront ML 8.0.1.2/8.0.1.2

    soooooo, what about AspDotNetStorefront ML 8.0.1.2/8.0.1.2? Is there going to be a fix or am I pissing off customers who might buy something off my site since they can't reset their password?

  8. #8
    suedeapple is offline Member
    Join Date
    Aug 2010
    Posts
    30

    Default

    We had this same problem

    Installing SP1 seemed to solve the issue.

  9. #9
    deanfp is offline Senior Member
    Join Date
    May 2009
    Location
    Sweden
    Posts
    556

    Default

    We too have this problem and this is the way I get around it

    1.Reset the password to a temporary one for the customer
    2. Go into the SQL table dbo.Customer
    3.On the row of the customer having the problem change the value of

    Locked Until to NULL
    PwdChangeRequired to 0

    That should work

  10. #10
    baba is offline Senior Member
    Join Date
    Dec 2008
    Posts
    123

    Default

    We too had this same issue. If you look into the code of signin.aspx page where it sends the email, if the randomly generated password contains & symbol, then for some reason the replace it with *

    This is how the email is send.
    p.ClearPassword.Replace("&", "*")

    SO if you get a password with * then there is 50% chance that it is correct or you should try with an & instead of *.

    You can very well fix this with the code.
    So when generating a random password in the singin.aspx page, i used the code below, to avoid having "&" in the generated password.
    for (int i = 0; i < 1; i++ )
    {
    p = new RandomPassword();
    if (p.ClearPassword.Contains("&"))
    i = -1;
    else
    i = 1;
    }

    Thanks
    Suresh Kumar Narayanasamy

    Quote Originally Posted by deanfp View Post
    We too have this problem and this is the way I get around it

    1.Reset the password to a temporary one for the customer
    2. Go into the SQL table dbo.Customer
    3.On the row of the customer having the problem change the value of

    Locked Until to NULL
    PwdChangeRequired to 0

    That should work
    Last edited by baba; 07-22-2011 at 02:41 PM. Reason: attaching the code.
    Take Care

    B-A-B-A

  11. #11
    eswar.net is offline Junior Member
    Join Date
    Oct 2011
    Posts
    1

    Default this may fix the issue

    Quote Originally Posted by svetlanad View Post
    Currently we are using Storefront version 9.0.1.2 and are experiencing the following problem. When customers forget the password and they request a new one, then going back to the login page they are asked to enter the temporary password and confirm their new password. Upon hitting the Submit button nothing really happens as the user is asked once again to enter their current (temporary) password and confirm the new password. So they are being redirected over and over again to the same page and the password never gets reset. We have discovered that clearing the temporary ASP.Net files and doing iisreset clears the issue for some time but then at some point (for no apparent reason) it just comes back.
    Any advice on this issue will be very much appreciated as obviously customers are having troubles logging to the website. Thank you in advance!
    I got this problem too. After a detailed debug i found that the Memebership.ValidatePassword ( or the delegate under it) is not clearing the previous instances of Membeship_ValidatePassword function. when ever a user tries the reset password thing, all the previous tried combinations on the site were still alive and validated by the Membership.ValidatePassword. if any of them resulted invalid then the current result also invalid so user cannot go further even he has given valid values.

    so i tried to clear/remove the instance of Membership_ValidatePassword function once validation is done.

    1. add the following line of code at the end of Memership_ValidatePassword function in signin.ascx.vb
    RemoveHandler Membership.ValidatingPassword, AddressOf Membership_ValidatingPassword
    2. restart the website/IIS (restarting website worked in my case)

    let me know if this fixed the issue.

  12. #12
    chrismartz is offline Senior Member
    Join Date
    Apr 2010
    Posts
    339

    Default

    I am using 9.0.1.3 and am seeing this issue. Any ideas for a fix?

  13. #13
    cjbarth is offline Senior Member
    Join Date
    Oct 2008
    Posts
    392

    Default

    Did the fix earlier in the thread not fix the issue?
    ML9.3.1.1
    SQL 2012 Express
    VS 2010
    Azure VM

  14. #14
    chrismartz is offline Senior Member
    Join Date
    Apr 2010
    Posts
    339

    Default

    The one about p.ClearPassword.Replace("&", "*") isn't usable because that is not in signin.ascx.cs. I am not sure how to implement the second suggestion (membership) because i'm not sure how to convert that to c#.

  15. #15
    cjbarth is offline Senior Member
    Join Date
    Oct 2008
    Posts
    392

    Default

    Quote Originally Posted by AspDotNetStorefront Staff - Scott View Post
    It's fixed in the latest release (9.1.0.1), and you can also easily work around it in older versions by just putting a little check in the signin.aspx.cs logic where we reset the password. If the new password contains a *, generate another one, otherwise go ahead and send the customer the new password.
    Did you try adding this logic in?
    ML9.3.1.1
    SQL 2012 Express
    VS 2010
    Azure VM

  16. #16
    chrismartz is offline Senior Member
    Join Date
    Apr 2010
    Posts
    339

    Default

    I have applied the * fix to our site but I can't tell if it's working or not due to previous passwords that have been generated with a *. Just touching web.config lets the user change their password. Is that still because of the * though.

    I think this happens when one person has a * in their password. Then all users are locked out. Is this right?

  17. #17
    chrismartz is offline Senior Member
    Join Date
    Apr 2010
    Posts
    339

    Default

    Quote Originally Posted by eswar.net View Post
    I got this problem too. After a detailed debug i found that the Memebership.ValidatePassword ( or the delegate under it) is not clearing the previous instances of Membeship_ValidatePassword function. when ever a user tries the reset password thing, all the previous tried combinations on the site were still alive and validated by the Membership.ValidatePassword. if any of them resulted invalid then the current result also invalid so user cannot go further even he has given valid values.

    so i tried to clear/remove the instance of Membership_ValidatePassword function once validation is done.

    1. add the following line of code at the end of Memership_ValidatePassword function in signin.ascx.vb
    RemoveHandler Membership.ValidatingPassword, AddressOf Membership_ValidatingPassword
    2. restart the website/IIS (restarting website worked in my case)

    let me know if this fixed the issue.
    I don't believe the * issue is fixing the issue. I have compared the database values on a user before and after "touching" the web.config file. How can I apply the fix quoted above to c# code to see if this fixes my issue?

  18. #18
    cjbarth is offline Senior Member
    Join Date
    Oct 2008
    Posts
    392

    Default

    Since you say you say you can't tell if the fix you applied is working, why not reset the password from the admin console, which will email the user the new password. That should 'unstuck' them. Or you can go to the database and type in the new password and erase the salt value (I believe there is a FAQ on this) which will then set the password to a plain-text value.
    ML9.3.1.1
    SQL 2012 Express
    VS 2010
    Azure VM

  19. #19
    chrismartz is offline Senior Member
    Join Date
    Apr 2010
    Posts
    339

    Default

    Most issues are from customers who I generate the password for through our reward card script. This script uses built in functions of aspdnsf.

    I am testing further, but it seems to be when an error occurs for the user when changing their password, it seems to lock them out from being able to change their password. I am waiting to hear that someone is locked out so I can try logging in with a user I created to make sure it isn't effecting everyone.

  20. #20
    cjbarth is offline Senior Member
    Join Date
    Oct 2008
    Posts
    392

    Default

    When you look at the customers table in the database when someone is locked out, do you see the LockedUntil date set?
    ML9.3.1.1
    SQL 2012 Express
    VS 2010
    Azure VM