logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
View
Go to last post Go to first unread
Dan  
#1 Posted : Wednesday, May 20, 2009 3:41:18 PM(UTC)
Rank: Newbie
Dan
Groups: Registered

Posts: 1
We are currently using the officeclip extranet users to define who has user access to a custom built ASP.NET application. While I can get the authentication of the extranet user using the API's, I would also like a "forgot password" type functionality included on the custom built login page. The idea is simply to email the password to the registered email address.

While i can verify the userId based on the email address using the getUserIDFromEmail method in the officeclip.dbLayer.Account namespace and also grab the user details such as the encrypted password, the decryptString Method (OCSecurity namespace) returns a blank when passing in the encrypted string from the Officeclip database. How do I go about emailing them an decrypted password?

thanks

Dan
skdutta  
#2 Posted : Wednesday, May 20, 2009 5:13:02 PM(UTC)
Rank: Administration
skdutta
Groups: Registered, Developer, Administrators

Posts: 257
Location: Atlanta, GA
Dan wrote:
We are currently using the officeclip extranet users to define who has user access to a custom built ASP.NET application. While I can get the authentication of the extranet user using the API's, I would also like a "forgot password" type functionality included on the custom built login page. The idea is simply to email the password to the registered email address.

While i can verify the userId based on the email address using the getUserIDFromEmail method in the officeclip.dbLayer.Account namespace and also grab the user details such as the encrypted password, the decryptString Method (OCSecurity namespace) returns a blank when passing in the encrypted string from the Officeclip database. How do I go about emailing them an decrypted password?


This is because OfficeClip uses one-way encryption for creating the password. In other words a password created in OfficeClip cannot be decrypted (for security reasons). The trick is to encrypt the incoming password using the same algorithm and then compare both the encrypted values. Here is a code snippet.

Code:

public bool ComparePassword(string email_address, string password, int organizationId)
{
    // Encrypt the password that user has entered
    string encryptedPassword = OfficeClip.Utils.OCSecurity.EncryptPassword(password);
    // Now get the password from the OfficeClip database
    int userId = (new OfficeClip.DBLayer.Account.UserDB()).GetUserIdFromEmail(email_address, true); // the last argument denotes extranet users
    OfficeClip.BusinessLayer.Account.UserInfo uInfo = (new OfficeClip.DBLayer.Account.UserInfoDB()).GetUserInfo(userId, organizationId);
    return (encryptedPassword == uInfo.Password) ? true : false;
}


In order to send a new password to the user using the forgot password link, you will need to follow this sequence:


  1. Create a random password
  2. Encrypt the password using the call shown above
  3. Update the OfficeClip user record to save the encrypted password (use OfficeClip.DBLayer.Account.MainDB.ResetPassword(userId, EncryptedPassword)), this will also set the ResetPassword flag in the user table that you can use to force the user to reset their password.
  4. Email user the unencrypted password (created in step 1)


Within OfficeClip, there is an algorithm to do just that. Let me know if you need more information.

Edited by user Wednesday, May 20, 2009 5:39:03 PM(UTC)  | Reason: fixed typos

SK Dutta,
Architect OfficeClip LLC,
Web-based Business Software,
Ph: +1-770-448-7375,
Web: https://www.officeclip.com

Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.