0

What I'm trying to do: I'm creating a user through the CreateUserWizard control and I'm trying to set the password to a randomly generated alphanumeric password. The Password TextBox is invisible to the user(an administrator).

My attempted solution: I find the Password TextBox and try to change the value, but the value won't set. My code is as follows:

CreateUserWizard1_CreatingUser(object sender, LoginCancelEventArgs e) 
{
    TextBox Password = (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("Password");
    Password.Text = "randomAlphaNumericPassword";
}

The Password control is found, the Text property appears to be set, but once it leaves the event method it forgets the new value and goes back to what it originally was. I know that it's an actual reference, but can't understand why the value won't set.

Here's my asp markup:

<asp:CreateUserWizard ID="CreateUserWizard1" runat="server"
    EnableViewState="False" LoginCreatedUser="False" 
    oncreateduser="CreateUserWizard1_CreatedUser"
    oncreatinguser="CreateUserWizard1_CreatingUser" 
    CompleteSuccessText="A new account has been successfully created!" 
    ContinueDestinationPageUrl="~/Accounts.aspx" 
    CreateUserButtonText="Create Account" 
    AutoGeneratePassword="False">
    <WizardSteps>
        <asp:CreateUserWizardStep ID="CreateUserWizardStep1" runat="server">
            <ContentTemplate>
            ...
                <asp:TextBox ID="Password" runat="server" Visible="false"></asp:TextBox>
            </ContentTemplate>
        </asp:CreateUserWizardStep>
        ...
    </WizardSteps>
psubsee2003
  • 8,563
  • 8
  • 61
  • 79
user1590606
  • 1
  • 2
    I have some pretty messed up dreams, not sure if I should help... – MStodd Sep 13 '12 at 21:01
  • @MStodd Not sure if I should be disappointed or creeped out. – user1590606 Sep 13 '12 at 21:10
  • Why do you think the value won't set? I just whipped up a page with the same code as yours. My password text box got filled with 'randomAlphaNumericPassword' after I hit 'Create Account'. I also set Password to a private member variable and checked it in Page_PreRender. The text was set in there – MStodd Sep 13 '12 at 21:19
  • This does not strike me as a good way to go about setting a random password, TBH. It sounds both roundabout and insecure. – Ann L. Sep 13 '12 at 21:24
  • @MStodd It keeps failing minimum length password validation, which it shouldn't. – user1590606 Sep 13 '12 at 21:46
  • Where's the code for that validation? – MStodd Sep 13 '12 at 21:49
  • @AnnL. From what I understand CreateUserWizard does this as well if you set password to AutoGeneratePassword to true. Whether it's done on the client side or the server side someone could still capture. I'm using SSL so it won't be a problem in that sense. I understand how it appears to be unsafe though. – user1590606 Sep 13 '12 at 21:53
  • @MStodd There isn't any. I imagine there is a default that it uses if you don't specify it. It says the password is less than 7 characters and must contain at least one non-alphanumeric character. – user1590606 Sep 13 '12 at 21:59
  • How can you tell that the control loses the value after leaving the event? Which is the point in the page's lifecycle that you define as "after the event method"? – Thanasis Ioannidis Sep 13 '12 at 23:01
  • @Saysmaster I assumed it lost its value after the CreatingUser event because it kept giving me a password strength failure. Turns out the "Password is less than 7 characters and must contain at least one non-alphanumeric character" gets shown if either of those conditions have been met. I changed my the settings for my sqlmembership provider in the web.config to require a minimum of 0 non-alphanumeric characters and it now works. – user1590606 Sep 14 '12 at 13:54

2 Answers2

0

Is there something early in you Page life-cycle such as on Page_Load that sets the value to a default? If so make sure you are doing it inside the following code block

if(!IsPostBack)
{
   // set default value
}
chead23
  • 1,859
  • 11
  • 12
0

I figured it out. The value was setting properly, but I assumed it wasn't because I kept getting a password failure message, "Password is less than 7 characters and must contain at least one non-alphanumeric character" even though my password was longer than 7 characters.

My mistake was assuming that both the conditions in the message were true. This was not the case. This message displays if either condition is true.

I changed my web.config file to have a minimum requirement of 0 non-alphanumeric characters and everything worked after that. I didn't specify anything before, so it defaulted to a minimum of 1 non-alphanumeric characters.

If I had to give credit to someone, it would be MStodd for asking about the validation code for the control. That made me look more carefully at the problem.

Thanks for the help everyone.

user1590606
  • 1