Hashed passwords and PasswordRecovery control


1) firstUser was created when the member module had the requirementQuestionAndAnswer set to false, while SecondUser was created when the requireQuestionAndAnswer was set to true.

  • If we try to restore pwd using the PasswordRecovery PR control and we set requireQuestionAndAnswer to true, then PR will not send the password by email to firstUser, but secondUser will do it.

  • If we set requireQuestionAndAnswer to false, then PR will email pwd to secondUser (it will skip the question / answer stage). But why does PR also not send pwd to firstUser?


2) I read somewhere that if the membership provider stores the password in a hashed form, then PR will generate a new pwd and send it to the user. But instead, I get an exception. Is there any property we need to set up for PR to create a new pwd and send it by email?


thanks


UPDATE:

1) For some reason, it works now. Namely, if we set requireQuestionAndAnswer to false, then PR will also send an email to firstUser


2) If passwords are stored in a hashed form, then if:

a) enablePasswordRetrieval = "true" enablePasswordReset true, false → PR
b) enablePasswordRetrieval = "false" enablePasswordReset = "false" → PR
c) enablePasswordRetrieval false enablePasswordReset true, PR pwd .


, pwd , enablePasswordRetrieval = "false" , enablePasswordReset true ( PR pwd ),

+3

Source: https://habr.com/ru/post/1719558/


All Articles