Home » discuss » Public forums » Developing for iMIS

creating password for a user

Posted April 30th, 2011 by hanina
|

I am trying to create page, so the a user can register online and do a payment,

in the below code, the user is created, but the user id is set in name_security table, but the password still empty.

what am i missing?

 

IiMISUser user;
             CContact contact;

            try
            {
              
                if (Session["LoginUser"] != null)
                {
                    user = (CContactUser)Session["LoginUser"];
                    contact = new CContact(user, ((CContactUser)user).ContactId);
                }
                else
                {
                    user = CStaffUser.Login(ConfigurationManager.AppSettings["LoginKey"], ConfigurationManager.AppSettings["LoginPW"]);
                    user.ThrowExceptionOnError = true;
                    contact = new CContact(user);
                    contact.CustomerTypeCode = "MEMB";
                }

                contact.FirstName = "John";
                contact.MiddleName = "c";
                contact.LastName = "Smith";
                contact.Designation = "?";
                contact.InstituteName = "SMi";
                contact.Title = "Mr";
                contact.EmailAddress = "john@smt.com";
                contact.WorkPhone = "04213542321";
                contact.HomePhone = "09";
                contact.InstituteName = "klaysoft";
                contact.DefaultAddress.Address1 = "fg dfg";
                contact.DefaultAddress.Address2 = "g g";
                contact.DefaultAddress.Address3 = "f g";
                contact.DefaultAddress.City = "fgfgs";
                contact.DefaultAddress.StateProvince = "fsgfg";
                contact.DefaultAddress.PostalCode = "3025";
                contact.SetContactId("john11");.
                if (contact.Validate())
                {
                    contact.Save();
                }
                else
                {
                    throw new Exception(contact.Errors.PrimaryErrorMessage);
                }

                contact.CreateUserSecurity("john", "xdsds443");
                contact.UserSecurity.ChangePassword("xdsds443","dsdsdsdsdsd");

                if (contact.Validate())
                {
                    contact.Save();
                }
                else
                {
                    throw new Exception(contact.Errors.PrimaryErrorMessage);
                }

         
            }
                catch(Exception d)
            {
                }
        }

 

 

thanks

 

‹ WCM questions / IssuesCredit Card Number -CPAYMENT ›
login or register to post comments | printer friendly version

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

How passwords work

On May 5th, 2011 Paul Bradshaw says:

If you're just looking at Name_Security.PASSWORD or Users.Password, yes, those will remain blank.  In versions 15.1.x and up, those fields are unused.  iMIS moved to a "Unified Login" and it's using an ASI plugin to the aspnet security provider subsystem to provide login security across desktop and the web.

I'm assuming that after your code ran, you got no errors or exceptions, and that you are able to LOG ON as the new user with the specified password, even though those fields you looked at are blank.  

The password is actually stored hashed in aspnet_* tables that are linked via the UserMain record for the contact, which is linked to the Name and Name_Security table by the ID.

If you really want to see the password in the table itself, you have to follow a rather convoluted chain of references:

  • Name_Security.ID = UserMain.ContactMaster --> 
  • UserMain.ProviderKey = aspnet_Membership.UserId -->  
  • aspnet_Membership.Password = the hashed password you're looking for

 

login or register to post comments

where is the password?

On May 9th, 2011 hanina says:

thanks for that explanation paul,  it is really helpful

but is the password created automatically?

if yes, how  can we change it ? direct access to Database?

thanks

login or register to post comments

The password should be

On May 9th, 2011 Paul Bradshaw says:

The password should be created automatically when you make the CreateUserSecurity() call, and the password should be changed when you make the ChangePassword() call, and save it.

Note, you may need to have the individual log out and log back in again to see the change.

Developers of any sort should never have to manually try and set passwords or hash them or access the aspnet tables.  The API should be sufficient.

 

login or register to post comments