I need help using the PasswordRecovery control in .net 2.0. My situation is the application has changed from storing the passwordformat in Hashed to Clear.
The problem is the newly created users have a clear password stored and there are still users with hashed passwords. When I use the passwordRecovery control as below for users who still have a hashed password, the 'PasswordFormat' field is NOT altered to 'clear' for those previous users with hashed passwords.
<asp:PasswordRecovery MailDefinition-BodyFileName="/mailTemplates/changePassword.htm" MailDefinition-From="test@test.com" MailDefinition-Subject="Test" CssClass="noLines" ID="PasswordRecovery1" UserNameTitleText="" UserNameInstructionText="Enter User name and a new passord will be generated and mailed to the user" runat="server" SuccessText="Your password has been sent to your registered email address." SubmitButtonStyle-CssClass="button"
onsendingmail="PasswordRecovery1_SendingMail" MembershipProvider="AspNetSqlMembershipProviderF0005600">
</asp:PasswordRecovery>
<membership>
<providers>
<remove name="AspNetSqlMembershipProviderF0005600"/>
<add name="AspNetSqlMembershipProviderF0005600" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Clear" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
Best Answer
You cannot have multiple password storage scheme in MembershipProvider. You must reset the passwords to all users having hasehd password and send them a newly auto-generated password in their email with the username.
Either you must take all users' password to hasehd or to clear.