Home > ASP.Net > Customizing the ChangePassword control and removing the required CurrentPassword field

Customizing the ChangePassword control and removing the required CurrentPassword field


It’s very rare that what is already provided in asp.net under the Login controls fits my requirements out of the box without some tweaking. Not that any of these controls offer anything specialized, but certainly they are a big time saver if we can re-utilize their functionality.

First some background as to why i personally want to customize the ChangePassword control to suit my needs :

Password recovery is what i was after today, however i have hashed passwords, and recovery is impossible. If the user lost their password, then there is no way for me to know what their password is and send it back in clear text.

The ideal solution is to reset the password, however the autogenerated password is quite ugly and quite hard to remember. What I’ve decided to do is send the email during password recovery, but as part of the email, instead of telling the user their old password(which i can’t) , I’m instead going to ask them to click on a tokenized link that will guarantee to me that they are indeed the ones that requested the password, send them to the page where they can provide a new password, in the background i’d be autogenerating a password first ofcourse, then updating the password with their new password because the MembershipUser.ChangePassword(oldPassword, newPassword) method requires Old password as one of it’s two parameters.
This password change step, i’d like to be done using the ChangePassword control, however to my big surprise CurrentPassword Field is a required field that i cannot remove. This is also a field that I do not want asked for during the password change request(since my user has forgotten their password and are now going to provide their new pasword).

There is ofcourse no property or method in this control that removes the CurrentPassword field requirement, below is a screenshot of the ChangePassword control in designview, as you can note, the highlighted field is the CurrentPassword field i do not want.

As you can read from the posts there, the issue seems to be two things which were also my same issues :
1) Remove the current password label/TextBox
2) Pass the new resetpassword to CurrentPassword Property which by the way is a getter only and not settable (SAD SAD)

Both of these things are not supported in this control. So let’s quickly fix requirement 1 and there are a couple of ways to fix this : 
a) You have to define a custom  <ChangePasswordTemplate>. This can be easily done by taking your ChangePassword control into DesignView in Visual studio, right click on the control and select “Convert to template”. You can then switch to HtmlView and set the visibility of CurrentPasswordLabel, CurrentPassword and CurrentPasswordRequired controls.
b) If you prefer to do this in code, then you can find the Label and TextBox for CurrentPassword and set its visiblity to false. Since a is a nobrainer, i’m including a sample code of method (b) :


Label l = (Label)changePassword1.ChangePasswordTemplateContainer.
    FindControl("CurrentPasswordLabel");
if (l != null)
    l.Visible = false;

TextBox tb = (TextBox)changePassword1.ChangePasswordTemplateContainer.
FindControl("CurrentPassword");
if (tb != null)
    tb.Visible = false;

RequiredFieldValidator rfv = (RequiredFieldValidator)changePassword1.
ChangePasswordTemplateContainer.FindControl("CurrentPasswordRequired");
if (rfv != null)
    rfv.Visible = false;

Now that we have the fields we want disabled, let’s head onto fix issue 2 :
We can’t pass the Autogenerated password to the CurrentPassword Property because its a getter only, however this getter returns the value from our CurrentPassword TextBox, and this job is done immidiately after ChangingPassword event fires. This is good news for us, so we can resolve issue 2 like this :

void changePassword1_ChangingPassword(object sender,
    LoginCancelEventArgs e)
{
    changePassword1.UserName = user.UserName;
        TextBox currentPassword = (TextBox)changePassword1.
         ChangePasswordTemplateContainer.FindControl("CurrentPassword");
        if (currentPassword != null)
            currentPassword.Text = user.ResetPassword();
}

Hope it helps
Good Luck

Advertisements
Categories: ASP.Net Tags: ,
  1. Tom
    April 6, 2013 at 4:16 pm

    Thank you very much, it works!

    • yasserzaid
      April 9, 2013 at 9:24 am

      @Tom: You are welcome 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: