.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Use Membership but bypass / disable password usage for users

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

View Complete Post

More Related Resource Links

Migrating existing cleat text users password to hashed password Membership Provider

Hello all ,I had been trying to solve this but there is a hidden key i wish someone point me to.I had a simple membership database with users in first the Membership  Provider configured for clear passwordto retrieve the original password .Now a new requirement say that the password must be hashed and reset .I configure the Membership password to hash , and Implemented the Reset Password Module.My problem is as follow.If the user is new registered user with the new configuration the password and the security answer is hashed.also when I go and reset the password it continue to be hashed.Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password  and security answer will be hashed  . what happen is old user continue in clear text even if the configuration is hashed.so If I had new users everything is fine.old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text .If I delete this user and create it , Membership Provider understand that everything will be hashed.I need to know how it know this , I need to migrate users not to delete and recreate users .If there is a solution for that kindly expl

Disable links based on membership



I've somehow managed to successfully get Membership working on a test site I'm playing with (learning!). I've reached a point where I can redirect users to another page if they do not have the required level of membership - using the allow feature in a web.config within a folder.

What I would like to do now is create a main menu of links (a back office menu visible after the use has logged in), and disable a link if they do not have access to view that page. Is this complex? I'd be grateful for any sample code to get me started.

Many thanks

How to remove a saved password from a users computer


Hi, I have an asp.net website that requires users to login using their Active Directory credentials. All users of the website have AD accounts. Some of the users are at remote locations and share a common computer login (I know this is not recommended but it is what it is, I have no say in that). Every so often a user will log into my website and click the Remember Passwod box which causes the next person that comes along to not be prompted to log in. All users are on IE 7.  I have tried having them go into tools and deleting the cookies, saved passwords, etc but when they go to my website they are still not being prompted to log in. I have recently migrated to IIS 7 and I understand there is a way to have the user enter the site through a custom form but I have not gotten that far yet. How can I make sure the users password is removed from IE? Thanks for any help.  

Change password for FBA users in claims setup not working as expected

Hi, I am trying to add a standard asp:changepassword control for external users. In the previous 2007 sharepoint environment this control was working "out of the box". I am pretty sure what is wrong as well,- but not sure how to fix it. A workaround that makes me able to change password is as follows: in the asp - control, I have added the option DisplayUserName="true" Then in the actual web-page, i can see that my username is: 0#.f|acaspnetsqlmembershipprovider|xxxxxx and not xxxxxx as i would excpect, as i use xxxxxx to log in. Editing the username to just xxxxxx makes the changing of password work, but this solution is not really nice to deploy to the normal end-users.. Any suggestion on how to make the username right? I've tried to set the username using the option UserName="<%=SPContext.Current.Web.CurrentUser.LoginName%>", but it does not seem to evaluate..  

Preventing users from changing password

How to i keep users from changing password for a mssql account? We have a shared login which is readonly to the database.  But every now and then, someone decides to change the password.

membership users

Hello All, I have an question, i want to use membership users and roles, but I need additional information from the users to save in the database. What would be the most easy way to accomplisch this (also with in mind the use from standard gridviews and so on). Would it be easy to specify a other table and have a relationship between the default and the new table or is it commodity to extend the asp.net memerships table(s) with additional info ? Thanks,   Peter    

Incorrect number of users reported in SharePoint Usage Logs

* See last post - issue appears related to KB 969231 *   It seems SharePoint 2007 usage logging with anonymous access worked in IIS6 but not IIS7. Is there a way to fix it?   Background: The SharePoint Usage logging was working fine (approximately 20,000 hits per day) until the upgrade to a new IIS7 environment. The configuration in both environments is very similar (both Anonymous Access and Windows Authentication are enabled) however the new environment is only showing 600 hits per day.   This forum response from Cornelius J. van Dyk [MVP] suggests that Usage analysis/logging with Anonymous Access doesn't work, however it does work in our old IIS6 environment (a dash "-" is just shown in the usage logs which suggests an anonymous user): http://www.eggheadcafe.com/software/aspnet/29823445/sharepoint-doubt-is-there-any-way-to-find-out-how-many-users-have-logged-in-to-the-sharepoint-site.aspx   So I've concluded it's differences in IIS6/IIS7 authentication. Reading articles on the differences (e.g.  single auth pipline instead of two-stage) doesn't highlight any obvious reasons why this wouldn't work.   Any help would be greatly appreciated.   Thanks,   Peter

Where are sessions stored? can users disable sessions on their browser?


It was just a thought that came to my mind and I didn't have an answer for it, are sessions stored on the client side or server side? can a user disable sessions? What if the shopping cart is built using sessions, the user won't be able to use it?

I know cookies are stored on the client side and many users disable cookies so I don't use them, but how about the sessions?

How to disable MenuItems for selected users


Hi all,

Can anybody help me how to disable MenuItems for selected users.

I am using Telerik RadMenu. I have different users, now i want to block some users access. I want to disable the MenuItems whenever user login to his account.

I will give you much more data if needed. I want to know from where should i start at first.

Thank you.

Password Encryption with Custom Membership Provider


 I am using a custom membership provider with a custom ValidateUser method.  The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer).  I created a custom stored procedure for ValidateUser to call.  I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below.  My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership table?  Is there a method I need to call to encode/decode to do the password check?  Thank you very much for your help!

Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):

public static string EncodePasswordNow(string originalPassword)

        Byte[] originalBytes;
        Byte[] encodedBytes;
        MD5 md5;        //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)       

How to Disable Add all authenticated users link in Add user page of Sharepoint



I want to disable the link "Add all authenticated users " appearing on "Add user" page. Is there a way to disable or remove this link from the "add user" page.

I referred a blog http://sfguyalex.blogspot.com/2008/08/all-authenticated-users-please-stand-up.html where it mentions to remove the link by editing page in 12 hive AclInv.aspx.

Before doing that, is there any way thru configuration I stop users by clicking on this link?




How to clone sql membership provider password encryption procedure


Hi there,

I am using sqlmembership provider for my VisualBasic web application security.

I don't want to use the default reset password control and behavior.

What I am trying to do is, after the user provides a correct answer to the security question, send him an email with a link similar to this:


Where ID is the user ID in the aspnetdb database

When the user visits the link I offer him two text boxes for the new password and its verification. Submit button validates both textboxes have the same text and if so, generates a random salt, concatenates the new password with the salt and hashes the concatenated string.

I replace in the membership table the salt and password values for the user id received in the query string.

I must be doing something wrong, because, after storing the new password and salt, the user cannot login and failed login attempts are reported.

My code for generating the salt string is

01. Private Function CreateSalt() As

Problem With space When updating password of active directory users from asp.net


Hello Friend's

From long time i am facing problem with Reseting password of users of active directory from asp.net.

The coding is work fine when there are no space in username but it's cause a problem when there are space in username.


usernametochange = "Ketan Patel";
                       ds.Filter = "(&(objectClass=user)(sAMAccountName=(" + usernametochange + ")))";
                       ds.PageSize = 100;

                       SearchResult account = ds.FindOne();
                       DirectoryEntry user = account.GetDirectoryEntry();
                       object[] oPassword = new object[] { "krtya#123" };

                           object ret = user.Invoke("SetPassword", oPassword);

if you have any idea about it please help me.

Thank you.....

Use Non-default Membership Provider to authenticate users



I have a sharepoint 2007 FBA site and in the web.config of this site I have 2 membership providers defined with the default provider as the first provider. However my FBA login form is authenticating only the default provider. How to make the login form authenticate the non-default provider also.

Thanks for any help.


Cannot force users to change password... argh.


I'm working on a web page to allow users to activate AD accounts on demand. I have everything working except for one thing: I cannot set the 'user must change password on next logon' flag. I've tried using the user.invoke("put", "pwdlastset" , "0") statement, but it doesn't appear to be having any effect...

does anyone have any idea how to do this?





Shawn Keslar

Professional Technologist

WVU Office of Information Tecnology

Morgantown,WV 26506 

Settting password expiry to login/users without domain policy dependency


Hi Friends,

I would require your help,in setting password expiry for login/users.But this shouldnt have any dependency with Windows Domain users expiry policy.For example our domain user expiry policy 45 days but we want sql server login/users password expiry to be 180days.For any clarifications




SEcuring a set up file with user name and password from another users.


Hai ,Everybody,

the requirement is securing the setup file from other users.

the server having all the users details having UserName and password.

when ever the installation starts the setup has to ask the username and passwore.

at this time the setup will connect with the server and cvheck the details

if the provided is correct only the installer will continues other wise it will exists.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend