Rank: Newbie  Groups: Registered
Posts: 1
|
We are currently using the officeclip extranet users to define who has user access to a custom built ASP.NET application. While I can get the authentication of the extranet user using the API's, I would also like a "forgot password" type functionality included on the custom built login page. The idea is simply to email the password to the registered email address.
While i can verify the userId based on the email address using the getUserIDFromEmail method in the officeclip.dbLayer.Account namespace and also grab the user details such as the encrypted password, the decryptString Method (OCSecurity namespace) returns a blank when passing in the encrypted string from the Officeclip database. How do I go about emailing them an decrypted password?
thanks
Dan
|
|
|
|
|
|
Rank: Administration  Groups: Registered, Developer, Administrators Posts: 254 Location: Atlanta, GA
|
Dan wrote:We are currently using the officeclip extranet users to define who has user access to a custom built ASP.NET application. While I can get the authentication of the extranet user using the API's, I would also like a "forgot password" type functionality included on the custom built login page. The idea is simply to email the password to the registered email address.
While i can verify the userId based on the email address using the getUserIDFromEmail method in the officeclip.dbLayer.Account namespace and also grab the user details such as the encrypted password, the decryptString Method (OCSecurity namespace) returns a blank when passing in the encrypted string from the Officeclip database. How do I go about emailing them an decrypted password?
This is because OfficeClip uses one-way encryption for creating the password. In other words a password created in OfficeClip cannot be decrypted (for security reasons). The trick is to encrypt the incoming password using the same algorithm and then compare both the encrypted values. Here is a code snippet. Code:
public bool ComparePassword(string email_address, string password, int organizationId)
{
// Encrypt the password that user has entered
string encryptedPassword = OfficeClip.Utils.OCSecurity.EncryptPassword(password);
// Now get the password from the OfficeClip database
int userId = (new OfficeClip.DBLayer.Account.UserDB()).GetUserIdFromEmail(email_address, true); // the last argument denotes extranet users
OfficeClip.BusinessLayer.Account.UserInfo uInfo = (new OfficeClip.DBLayer.Account.UserInfoDB()).GetUserInfo(userId, organizationId);
return (encryptedPassword == uInfo.Password) ? true : false;
}
In order to send a new password to the user using the forgot password link, you will need to follow this sequence:
- Create a random password
- Encrypt the password using the call shown above
- Update the OfficeClip user record to save the encrypted password (use OfficeClip.DBLayer.Account.MainDB.ResetPassword(userId, EncryptedPassword)), this will also set the ResetPassword flag in the user table that you can use to force the user to reset their password.
- Email user the unencrypted password (created in step 1)
Within OfficeClip, there is an algorithm to do just that. Let me know if you need more information. Edited by user Wednesday, May 20, 2009 5:39:03 PM(UTC)
| Reason: fixed typos |
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The OfficeClip Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
