reset password on login page before user authenticates

May 30, 2011 at 3:56 PM

I've installed the FBA Pack and have my FBA set up as per the instructions provided and all installed fine but I would like to user the reset password feature on my custom login page so that users that forget their passwords can reset it then login using the temporary password provided. I put the page I created with the reset password web part on the same folder as my custom login page (_layouts) but when ever I click the link to reset my password the login page just refreshs and the user is not redirected to my reset password page. Is there a way to use the reset password web part before the user authenticates? Do I need to put my page somewhere other than _layouts? Thanks in advance for any help you can give to solve this.

 

Coordinator
May 30, 2011 at 5:22 PM

I've actually done exactly what you describe, and I remember I had problems with the security on the application page, but for the life of me I can't remember what I did to correct it.  My only suggestion is to start with a blank, or "Hello World" application page, and make sure you can acces that correctly from the link, and then proceed to add in the Password Recovery web part.

Another alternative is to create a standard SharePoint page and give it anonymous access and add the web part to it.

Jun 2, 2011 at 9:09 PM

Thanks for your reply. I created an application page with some basic content in the _layouts folder following the instructions on this post - http://blog.concurrency.com/sharepoint/allow-anonymous-access-to-sharepoint-application-pages-in-the-_layouts-directory/ and was able to access the page anonymously from a link on my custom login page but as soon as I add the password recovery web part the same behaviour as before happens (clicking the link to application page does nothing but redirect me back to the login page). I noticed in another discussion thread on here (topic: Membership Request Page on May 9th) another user was having the same issues and you mentioned that anonymous access needs to be turned on for the web app then set for Lists and Libraries. Is this the only way to access the password recovery web part anonymously? What if business rules dictate I can't activate any anonymous settings due to the sensitive nature of the content on my SharePoint environment? Thanks again for all your help....looks like a great tool and hope I will be able to use it in my environment.  

Coordinator
Jun 3, 2011 at 4:30 PM

I looked some more into how I managed to get it working.  It turns out the problem is because the web parts inherit from Microsoft.SharePoint.WebPartPages.WebPart. I can't get even the simplest of web parts to display on an anonymous application page if they inherit from that (nor can I get any of the Microsoft web parts to display if they inherit from that as well).

Changing the web part to inherit from System.Web.UI.WebControls.WebParts.WebPart solves the problem.  I'll make the change in the next release. In the meantime the only way will be to use a standard SharePoint page and turn on anonymous access.  You can limit the anonymous access to that page only by putting it in it's own library and then only giving that library anonymous access. (Or you can grab the source and change the web part to inherit from System.Web.UI.WebControls.WebParts.WebPart)

Issue here: http://sharepoint2010fba.codeplex.com/workitem/309

 

 

Also, for other people trying to get anonymous application pages working, here's what I had to do:

Inherit from UnsecuredLayoutsPageBase

Override AllowAnonymousAccess and AllowNullWeb to return true

Set the master page to "~/_layouts/simple.master"

--- ASPX ---

<%@ Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
<%@ Import Namespace="Microsoft.SharePoint.ApplicationPages" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register TagPrefix="FBA" Namespace="Visigo.Sharepoint.FormsBasedAuthentication"
    Assembly="Visigo.Sharepoint.FormsBasedAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9dba9f460226d31d" %>
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ApplicationPage1.aspx.cs" Inherits="SharePointProject1.Layouts.SharePointProject1.ApplicationPage1" MasterPageFile="~/_layouts/simple.master" %>

<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">

</asp:Content>

<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<FBA:PasswordRecoveryWebPart runat="server"  />
</asp:Content>

<asp:Content ID="PageTitle" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
Application Page
</asp:Content>

<asp:Content ID="PageTitleInTitleArea" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" runat="server" >
My Application Page
</asp:Content>

--ASPX.cs--
using System;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;

namespace SharePointProject1.Layouts.SharePointProject1
{
    public partial class ApplicationPage1 : UnsecuredLayoutsPageBase
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }

        //override the allow anonymous property to true
        protected override bool AllowAnonymousAccess
        {
            get
            {
                return true;
            }
        }
        protected override bool AllowNullWeb
        {
            get
            {
                return true;
            }
        }
    }
}


Coordinator
Jun 6, 2011 at 2:36 AM

The web parts have been updated to work with anonymous application pages in release 1.0.3.

Aug 8, 2011 at 3:35 PM

I will reveal my ignorance here, and hope that, with your help, I can eliminate this lack of knowledge...

I've added the various web-parts you provide in a library of pages in my SP 2010 site. I have provided anonymous access to this library, and the pages (mostly) work fine (except that when accessing the Change Password web-part anonymously, only the title of the web part appears, but I'm not asking about that.)

Above, you mention web parts in application pages...

All the rest of our project is implemented in application pages (stored in a subfolder of the _layouts folder with our own .css and .master files in subfolders of that), except for a couple InfoPath forms. The pages I created which currently contain your webparts are (according to my understanding) site pages.

How does one insert a web part into an application page? This is how I really want to implement the web parts.

Also, related, I currently have my custom login page residing in the same subfolder within the _layouts folder as the rest of our .aspx pages, and have changed the path to the custom login page for the associated web app in Central Admin. This login.aspx page can be accessed anonymously without doing what you have described above, but none of the other application pages can be. Is this page made anonymous by SharePoint just because it is specified as the custom login page? And so I WILL have to do what you describe above for other application pages to be accessed anonymously?

I hope I've clearly communicated my situation.

Aug 8, 2011 at 4:59 PM

Well, not only did I reveal my ignorance, but also my poor reading ability :-)

I see in your example that you show how to embed a webpart in an application page - using

<%@ Register TagPrefix="FBA" Namespace="Visigo.Sharepoint.FormsBasedAuthentication"
    Assembly="Visigo.Sharepoint.FormsBasedAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9dba9f460226d31d" %>

and

<FBA:PasswordRecoveryWebPart runat="server"  />

I'll give that a try and see what I get.

Coordinator
Aug 9, 2011 at 2:25 AM

Yeah, if you copy all the code from my previous post it should work as an application page.  The main thing you need to get it to work is inherit from UnsecuredLayoutsPageBase (The login page already does) and set AllowAnonymousAccess and AllowNulllWeb.

As for the Change Password page - it grabs the user ID, so it does need to be logged in to function (which is why you're only seeing the title).

Good luck!

Dec 7, 2011 at 8:26 PM

I keep getting a 302 and a challenge to authenticate when trying to use the Password Recovery control in a SharePoint Application Page:  UnsecuredLayoutsPageBase

I can get to to page fine anonymously, it just seems like the postback to itself gets a 302 and then throws it over to the Authenticate.aspx.  This is what Fiddler is telling me.

I've copied exactly what you had above.  It works fine if I authenticate first and then navigate to this page, so I know functionally, all is well.  It's just that anonymous access on postback.

I have AllowAnonymousAccess and AllowNullWeb both set to true in the code behind.

Coordinator
Dec 7, 2011 at 8:35 PM

Are you using the code earlier in this post? What version of the FBA Pack are you using? I'm pretty sure I tested this in the latest version 1.2.0, so it should work with that version.  If you can't get it to work with 1.2.0 - try it with version 1.0.3 - it was tested and definitely works with that version.

Dec 7, 2011 at 8:45 PM

I downloaded and installed from this site about 3 weeks ago, so I'm sure I'm using your latest (1.2).  Yes, I'm using the code from your previous post.

Coordinator
Dec 7, 2011 at 8:48 PM

1.2 was only released about 3 weeks ago (Nov 21) - so i'd probably download and redeploy 1.2 over what you have. I believe I introduced a bug in 1.1, which caused it to not work anonymously (and you'd get the problems you described).

Dec 7, 2011 at 8:49 PM

Okay, I'll try that.  Do I need to undeploy/redeploy or will the deploy script included do the proper upgrades, etc?

Coordinator
Dec 7, 2011 at 8:50 PM

Just run the deploy script for the new version and it will undeploy the existing version and deploy the new version.

Dec 7, 2011 at 9:19 PM

I redeployed everything and same issue.  :(

Coordinator
Dec 7, 2011 at 9:22 PM

Try 1.0.3 - that definitely works with the code above - if not, i'd say there's something else going on in your environment.  Also, have you tried the 1.2.0 web parts on a standard anonymous access page? I know I tested that in 1.2.0.

Dec 8, 2011 at 1:54 AM

I tried 1.0.3.  Same issue.  it must be on my side.  I'll keep trying to figure it out.  Thanks for your help.

Dec 8, 2011 at 3:22 PM

So I'm trying it now within an anonymous sharepoint page and I'm getting this error in the logs.  I can send emails fine using the other FBA Pack web parts and this is a valid email address.

#160009: The e-mail address 'jordan.shane@gmail.com' is unknown. c4eff796-afed-4994-83c5-9a7f998609f7

Dec 8, 2011 at 3:27 PM

One more detail, I'm running SharePoint 2010 Foundation with SP1 for all of this, if that is relevant.

Coordinator
Dec 8, 2011 at 3:46 PM

SP1 should be fine. If this is the password recovery web part, then the error in the logs is because it can't find a user with that email address in the FBA database.  Check the user management page and make sure that the user exists.

Dec 8, 2011 at 3:56 PM

Yes, this is the Password Recovery Web Part.  Yep, the user definitely exists and emails works from everywhere except this.  I'm running 1.2.0.  Hmm....

http://screencast.com/t/VlzRFIogt

 

Maybe this is a XSLT access issue instead?

 

12/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         E-Mail                         8gsf High     #160009: The e-mail address 'jordan.shane@gmail.com' is unknown. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       8kh7 High     Cannot complete this action.  Please try again. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y3 High     Failed to open the file 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Resources\FBAPackPasswordRecoveryWebPart.en-US.resx'. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y4 High     #20015: Cannot open "": no such file or folder. c4eff796-afed-4994-83c5-9a7f998609f712/08/2011 11:18:59.23 w3wp.exe (0x132C)                       0x129C SharePoint Foundation         General                       b9y4 High     (#2: Cannot open "": no such file or folder.) c4eff796-afed-4994-83c5-9a7f998609f7

Coordinator
Dec 8, 2011 at 4:34 PM

You're right - with the full error message, it does look like the error message is coming back from the smtp server.  When you say the email works with the other web parts - does it work with this email address? I'm just wondering if relaying or something like that isn't configured properly on the smtp server (though if it were relaying i'd expect a 'cannot relay' message).  Maybe try removing this account and re-registering this email address with the membership request web part.

Jan 3, 2012 at 6:36 PM

I'm seeing the same error message as well.  I dug into it a bit further and found that it works as expected for email addresses in my domain (test@mydomain.com), but throws the above error for email addresses outside of my domian (test@gmail.com)  I have asked our Exchange Administrator to review the relay settings to ensure it is configured to properly relay external emails.  I will post our findings when he gets back to me.

Jan 3, 2012 at 6:39 PM

I didn't feel like it was the email server since it works everywhere else:  SharePoint Alerts, FBA New User Create feature, etc.  Only the forget password webpart was having issues.  I ended up just writing my own that did a postback and it worked fine.  I'm still not sure what the issue was.

Jan 3, 2012 at 6:43 PM

You ended up just writing your own... Web Part?  Instead of using the provided one?

Jan 3, 2012 at 6:44 PM

Yes, just a simple web part that did the same functionality.  Unfortunately it just didn't work for me.  Still not sure why.  The rest of the features worked great.

Coordinator
Jan 3, 2012 at 7:03 PM

John, are you only having this error on the password recovery web part as well? Or do you also get an error with the membership request web part?

Jan 3, 2012 at 7:06 PM

Yes, it only seems to occur on the password recovery web part.  Alerts, workflow, and other SharePoint emails are being sent to outside accounts.

Jan 5, 2012 at 9:58 PM

Hi,

I had been experiencing the same problems as those faced by Jordan & John. During investigation I discovered the issue to be happening at the point the system tries to use the SharePoint object model to send an email - the password reset had already happened which was confirmed by monitoring the SQL tables in the aspnet database to see if the (encrypted) passwords had changed.

The workaround for me was to simply enable anonymous access to the claims authentication provider for the web in Site Collection Administration. Unless any further anonymous access is granted this still ensures the safety of your SharePoint sites from anon users.

Perhaps a suggested enhancement in a future release if this is a common problem might be to allow emails to be sent via the standard .NET object model rather than use the SP.SendEmail [sic] method. I realise this would require further configuration for the end user but there may be times where this is required.

Many thanks to the developers of this solution though, it's very, very good.

Coordinator
Jan 5, 2012 at 10:18 PM

I think you hit the nail on the head Tobias. Thank you very much.

Usually when i'm testing, i'm either accessing as anonymous, or i'm logged in as a different user than the one that i'm recovering. (The web part really is meant to run as anonymous, because if you're logged in, obviously you don't need to recover your password).  I think if you're logged in and recover your own password, you'll essentially be logged out of SharePoint and no longer be able to send the email.  I'll update the code in the next release to elevate privileges before sending the email, which should fix this issue. I've raise the issue here:

http://sharepoint2010fba.codeplex.com/workitem/683

In the meantime, the work around is to run the web part anonymously.

Jan 5, 2012 at 10:33 PM
Of course, running the sendemail code with elevated privileges is a much simpler solution than messing around with other email configurations-much better idea.

Glad it's helped...look forward to future releases.

Tobias.

On 5 Jan 2012, at 23:18, "ccoulson" <notifications@codeplex.com> wrote:

From: ccoulson

I think you hit the nail on the head Tobias. Thank you very much.

Usually when i'm testing, i'm either accessing as anonymous, or i'm logged in as a different user than the one that i'm recovering. (The web part really is meant to run as anonymous, because if you're logged in, obviously you don't need to recover your password). I think if you're logged in and recover your own password, you'll essentially be logged out of SharePoint and no longer be able to send the email. I'll update the code in the next release to elevate privileges before sending the email, which should fix this issue. I've raise the issue here:

http://sharepoint2010fba.codeplex.com/workitem/683

In the meantime, the work around is to run the web part anonymously.

May 9, 2012 at 9:44 AM

Hi,

Sorry to reopen an old post, just bored of banging my head against a brick wall now.

I've created the anonymous access page as outlined above, and I only installed the pack about 3 weeks ago, so I assume it has the updates you mention.

On this page that I've deployed, and activated, I can now access it without having to login, and have the password recovery control on it, and that's working as expected.

I also have the membership request control on, and while it appears to run on the page, as soon as I go to submit, it seems to do something then redirects me to the login page. (Copied below incase anyone can see whats happening)

http://admin-pc:16132/_login/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F%255Flayouts%252FSharePointProject3%252FPasswordRecovery%252Easpx&Source=%2F%5Flayouts%2FSharePointProject3%2FPasswordRecovery%2Easpx

No user is added to the database, in an unapproved state so I'm not sure what I'm doing wrong.

This is what I have in the content bit of the page:

<FBA:PasswordRecoveryWebPart runat="server"  />
<h1>User Registration</h1>
<FBA:MembershipRequestWebPart runat="server"  />

As you can see, it's very basic, out of the box, password recovery works, membership request doesn't. Do I need some sort of template in my membership request control?

Thanks in advance!

Coordinator
May 9, 2012 at 2:49 PM

It sounds like SharePoint is catching one of the operations that's happening behind the scenes as needing authentication, so it's redirecting you to the login page. Try changing the Site Collection's anonymous access settings to Lists and Libraries:

 Go to ‘Site Settings’, ‘Site Permissions’. Click on ‘Anonymous Access’. From the ‘Anonymous users can access: ‘ dialog, choose ‘Lists and Libraries’ and click OK. 

This will still keep the site secured to members only, unless you specifically enable anonymous access for lists and libraries. 

This has worked for me in the past, when there were issues loading the xslt templates and no anonymous permission on the site.  Since your password recovery control is working, i'm not sure this will fix it for you - but something to try.

May 15, 2012 at 9:25 AM

Great, Cheers Chris,

Sorry for the late reply, got taken off the project to work on something else.

Setting the 'List and Libraries' to anonymous solved the problem.

I was then getting 'Unknown error' on submission but after looking round the discussions, worked out it was an email issue. Downloaded smtp4dev (http://smtp4dev.codeplex.com/) as I'm on a Win 7 machine, which provides a useful smtp service and has solved all, membership is now working!

Thanks Again,
Bav 

Jun 1, 2012 at 7:50 PM
Edited Jun 2, 2012 at 12:49 AM

 1

Coordinator
Jun 1, 2012 at 8:03 PM

Do you get the warning if the file is closed when you compile? I find that Visual Studio will generate a lots of warnings for tags and other issues it doesn't recognize when the file is open.

Jan 31, 2014 at 10:35 AM
Hi Guys,

I am facing the same problem of Redirection as everyone mentioned over here. for this I have used following tricks
1)creating Standard sharePoint page and making anonymous access to page
2)also use creating Application Page with making anonymous access to page using UnsecuredLayoutsPageBase class and set AllowAnonymousAccess and AllowNullWeb to true.
yet my page Redirects to same Login page.

for this now I hv decided to Deploy Latest FBA pack with version 1.3.1 but problem is that i hv already user created in SharePoint and corresponding Database also. so what wl happen with existing users if i wl deploy new FBA pack. will there be existing users as it is or everything wl go??
Kindly Help me in this regards

Regards,
Sachin
Coordinator
Jan 31, 2014 at 5:48 PM
Deploying over the FBA Pack will just update the FBA Pack. It won't affect any existing users on the system. (It's just management tools/web parts on top of your existing SharePoint FBA setup, so it doesn't touch the users/membership setup at all during deployment).
Feb 3, 2014 at 5:29 AM
with the help of latest FBA pack, can i solve my problem of redirection to application page or is there any another alternative.
kindly let me know in this concerns
Coordinator
Feb 3, 2014 at 1:47 PM
Sorry, I missed your earlier mention of redirecting to the same login page. It will redirect to the same login page if the person logging in doesn't have access to all or part of the page that they're being redirected to. So I think it really has to do with the permissions of the person logging in. Try giving them site collection admin privileges and I bet they'll be able to login.

Then you'll just have to find what's causing the redirect. Fiddler is usually a good tool to determine what's causing it, as you can see the last item that was requested before the user was redirected back to the login page.

I've found that with publishing sites, I may not have published an image used in the master page - which causes everybody but admins to be redirected.
Feb 4, 2014 at 8:09 AM
Edited Feb 4, 2014 at 8:33 AM
Scenario is just like this, User has forgot his password and unable to login, so what i have to do is that i hv already custom login page with all neccessary code of authenticating user and authorised user wl directly go inside home page. now i hv to give Password reset link on this custom login page and after clicking on this link it should redirect to Password Recovery Application page and on this page i hv to use Password Recovery Web part which is in FBA pack. for this i hv use following code
<%@ Register TagPrefix="FBA" Namespace="Visigo.Sharepoint.FormsBasedAuthentication"
    Assembly="Visigo.Sharepoint.FormsBasedAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9dba9f460226d31d" %>

and

<FBA:PasswordRecoveryWebPart runat="server"  />
so why there is a need to give access to this application page and permission management all those things as simply i hv to redirect the user to this application page.
one more thing, i hv putted this PasswordRecovery.aspx page inside SharePoint Mapped Folder i.e. _layout and my CustomLogin.aspx page is also present in this folder.

Kindly help me why m unable to redirect or what m exactly missing over here. what is the proper solution to resolve this issue.
Coordinator
Feb 4, 2014 at 1:33 PM
Sorry - I had it in my head you were getting redirected to the login page after logging in.

If you're getting redirected to the login page after redirecting to the Application Page with only the PasswordRecoveryWebPart on it, then there's an issue with that application page. You have to make sure that it inherit's from UnsecuredLayoutsPageBase and overridding AllowAnonymousAccess and AllowSecureWeb:
//override the allow anonymous property to true
        protected override bool AllowAnonymousAccess
        {
            get
            {
                return true;
            }
        }
        protected override bool AllowNullWeb
        {
            get
            {
                return true;
            }
        }
(See above for the full code)

Once this page is created, you should be able to type in it's url and access it at any time, whether you're logged in or not.

If you still have issues, you've likely included some element on the page that requires permissions to access (image, image displayed by master page....). Make sure your master page is set to simple.master (just like the login page). Other master pages includes elements that you have to have permissions to access.
Feb 6, 2014 at 4:43 AM
Edited Feb 6, 2014 at 4:53 AM
I have already used the same code in my project(for PasswordRecovery.aspx.cs and PasswordRecovery.cs) as you have written above.
previously at @Page attribute, there is DynamicMasterPageFile = "~masterurl/default.master" now instead i set MasterPageFile = "~/_layouts/simple.master" still same issue.
here my CustomLogin Page is inherited from System.Web.UI.Page and m using element(image) which need permission on CustomLogin page only not inside PasswordRecovery.aspx. also m not using any master page at CustomLogin page and PasswordRecovery page.
for redirection i hv used simple code i.e. Response.Redirect("~/_layouts/PasswordRecoveryWebPart/PasswordRecovery.aspx") on Link button click event.
only these things i have used in my project nothing else, still m facing the same problem of redirection. m totally confused why this is happening so
kindly help me what should be actual problem and what extra things i should used here to ovecome the problem
Coordinator
Feb 6, 2014 at 2:10 PM
If you're using the above code and inheriting from UnsecuredLayoutsPageBase, it sounds like you're doing everything right - so off the top of my head i'm not sure what would be causing it to redirect to the login page.

You may be interested in our support plan (http://www.visigo.com/purchase.html) - we could have a call and I could take a look at your environment and code over TeamViewer to help you get this resolved.