Allow for password reset by providing a secret question

Oct 8, 2012 at 8:18 PM

How do you configure to " Allow for password reset by providing a secret question" ?

Also,  can we Audit who updated a record?

Thanks

Coordinator
Oct 9, 2012 at 4:17 AM

This is a feature of the membership provider. You need to set the requiresQuestionAndAnswer parameter to "true" in the web.config to turn it on.  One warning though - it expects this to be configured from the start, so if you have existing users in the database you may run into problems logging in or resetting their passwords.

As for auditing, that is not built in.  As the FBA Pack works against a membership provider - it would have to be the membership provider that supported the auditing.  Since none of the standard membership provider functions provide a "changed by" parameter, you'd have to write a custom membership provider to do this, and extend the FBA Pack code specifically for that custom provider.  Note that the sql membership provider does store when many events happened (account created, last login date, last password attempt failure....), but it does not store who made the changes (Probably assuming that a request to create an account is from the user itself, and any changes to the account are from the same authenticated user).

Oct 9, 2012 at 2:42 PM

Thanks for the quick reply. When i set the requiresQuestionandanswer parameter to "true", i created a new user and set a set question and answer. when i clicked on change password, it did not ask for my security question. only asked for current password and to enter new password.

As a site collection admin, i cannot reset passwords for users with this configuration? I get this following error message when try to reset password for a user.

"Your current membershipprovider settings prevent a user's password from being reset. To allow for resetting of a password by an administrator, you must have enablePasswordReset="true" and requiresQuestionAndAnswer="false" in your membership provider settings in your web.config."

Coordinator
Oct 9, 2012 at 2:49 PM

Sorry - it doesn't ask the question when the user changes their password (they need their existing password, which sort of makes the additional question redundant).  It does ask the user the question if they've forgotten their password and need it reset.

And no, you can't reset the user's password when this configuration is on, as the membership provider requires the answer to the question to reset the password. Pretty silly I think, which is why I don't use it myself.

Oct 9, 2012 at 3:18 PM

This all make sense. thank you so much for quick replies :)

Aug 6, 2013 at 7:27 AM
Hi Team,

I have deployed the FBA pack and now while reseting the password for one user as fbaadmin i get the below error.

"Your current membershipprovider settings prevent a user's password from being reset. To allow for resetting of a password by an administrator, you must have enablePasswordReset="true" and requiresQuestionAndAnswer="false" in your membership provider settings in your web.config."

Please help me to resolve this. I am not able to figure it.

Sou
Coordinator
Aug 6, 2013 at 3:10 PM
The FBA Pack runs against the membership provider - which is what Sharepoint uses to authenticate FBA users. There are some options that need to be set on the membership provider in order to allow for password resets. The options for the membership provider are set within the web.config for SharePoint. This blog post has info on setting up FBA for SharePoint - including modifying the web.config:

http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
Aug 20, 2013 at 6:10 AM
Thanks for the reply. However I am still not able to resolve the above issue. Please help me with a solution to resolve that.

Sou
Coordinator
Aug 20, 2013 at 2:22 PM
Did you manage to find the web.config entries and modify them?
Aug 20, 2013 at 2:23 PM
i resolved it. thanks.
Jan 27, 2014 at 3:26 PM
If you still remember, could you include what you did to resolve this error. I am experiencing the same and cannot resolve it.
Coordinator
Jan 27, 2014 at 3:31 PM
You need to find all of the membership entries in your sharepoint web configs. Possible locations:
SecurityTokenService
Central Admin
All SharePoint web applications
machine.config

If you search these config files for:
requiresQuestionAndAnswer

you should see
requiresQuestionAndAnswer="true"

change it to:

requiresQuestionAndAnswer="false"

Also, if you have multiple sharepoint servers, this needs to be done on all servers.
Jan 27, 2015 at 6:34 PM
I just had the same issue guys- I checked all of the web configs. Ended up being the simplest things. By Default, it seems that the Web Services (STS, etc,) have the APP Pool as local service. Just change this to the farm account or another that has DB access. As soon as I did this to all servers, I refreshed my error-ed out password reset page and it loaded. I then proceeded to reset a password for a user, no issue, tested it and it worked. All without having to do a reset on the web app.