Mountain View 1600, CA 94043
+1 650-253-0000
name@example.com
Web
Site
Search
Register
Login
DNN Home
Services
-
DotNetNuke Support
-
CRM Systems
DNN
-
DotNetNuke Modules
-
Module Downloads
-
Module Upgrade Policy
DNN Support
-
Module Update News
-
Knowledge Base
-
License Management
-
Invoice History
Module Downloads
Blog
Store
Contact Us
-
About Us
Search
Home
1
2
3
4
5
Home
Support
Advance Login M...
add more field checks during password reset
Previous
Next
3/22/2011 6:23 PM
Softsolvers Softsolvers
Joined: 3/17/2011
Posts: 12
add more field checks during password reset
(Malaysia)
hi, i need a requirement of asking some extra information for password reset of advanced login. the default one is either email or username. but i wanna add two more fields. any suggestions?
3/23/2011 12:37 AM
DNN Module Support
Joined: 8/28/2006
Posts: 2065
Re: add more field checks during password reset
(Australia)
we already have a few options:
User name
Password (pass only entry)
email
telephone
First name
Last Name
What others were you thinking of?
3/23/2011 12:36 PM
Mohandeep Singh
Joined: 3/17/2011
Posts: 45
Re: add more field checks during password reset
(Malaysia)
i am looking to check
password answer
that was defined during registration process.
do you have
tokens for password question and answer
in your registration module?
i have already enabled password question and answer in my site web.config. If i use the default dnn registration page i do see that but in
advanced login registration it does not show up
, and do you think i need to put a token there?
3/31/2011 2:48 PM
DNN Module Support
Joined: 8/28/2006
Posts: 2065
Re: add more field checks during password reset
(Australia)
We have added these features to the latest release for later today. 45.03.03 or later.
4/1/2011 8:23 PM
Mohandeep Singh
Joined: 3/17/2011
Posts: 45
Re: add more field checks during password reset
(Malaysia)
hi i have just upgraded to the newest version of advanced login. I still can't get the password question and answer token to show up in password recovery page. any ideas? i have added entry in web.config also
4/1/2011 8:26 PM
DNN Module Support
Joined: 8/28/2006
Posts: 2065
Re: add more field checks during password reset
(Australia)
Did you also add the to the template for the recovery page?
4/1/2011 8:33 PM
Mohandeep Singh
Joined: 3/17/2011
Posts: 45
Re: add more field checks during password reset
(Malaysia)
yes i did. below is my password recovery template
You can request your account information by providing your email address and the account information will be sent to the email address you provided during registration.
User Name:
[recovery_field|class=NornamTextBox|width=200px]
[recovery_question|class=advLogin_text|width=200px|tabindex=3]
[recovery_answer|class=advLogin_text|width=200px|tabindex=3]
[recovery_captcha|width=150|height=40|css=Normal|css-err=NormalRed]
[recovery_send_button|class=CommandButton] [recovery_cancel_button|class=CommandButton]
4/2/2011 4:27 PM
Mohandeep Singh
Joined: 3/17/2011
Posts: 45
Re: add more field checks during password reset
(Malaysia)
any update????
4/3/2011 12:01 AM
DNN Module Support
Joined: 8/28/2006
Posts: 2065
Re: add more field checks during password reset
(Australia)
We have taken your exact template and made it work just fine on a DNN 5.6.1 test site we use. So there is no problem there.
The change to the web.config is requiresQuestionAndAnswer='true' (changed from from 'false' to true)
We have also noticed that some version of DotNetNuke have had problems with this feature over time. So we would suggest using a late version of DNN.
Lastly... because you requested the feature, we enabled it. But I must say, the feature really "Blows Chunks" in my opinion. They have tapped into a one way encryption system written by Microsoft (naturally) that makes secure the dumb answer to a users question. Now an admin user or a host user can reset DNN user passwords, but they cannot reset the dumb answer to their Microsoft encrypted pass. Microsoft API enables a reset, but DotNetNuke has not built this feature.
This could lead to a situation where a user forgets the answer to their secret question, (perhaps how they typed it) and because neither you or they cannot reset the question answer thing, they will never be able to have that reset. That is dumb!
Even if all this is working correctly, I don't even understand how it in ANY way lends assistance to security. The assumption is that if someone has access to a users email system, then they have access to that users LIFE. So requesting that DNN sends a pass recovery to the users email address is a secure solution anyway. Call me dumb, but I fail to see how this only half way integrated solution from DNN, using yet another non standard Microsoft "half assed" attempt at security will actually help you or your users.
That little rant out of my system now... It does work the way DNN has implemented it with our module... for what it is worth.
Page 1 of 1
Previous
Next
Home
Support
Advance Login M...
add more field checks during password reset