asp.net - Hashed passwords and PasswordRecovery control - Stack Overflow: "UPDATE:
1) For some reason it works now. Namely, if we set requiresQuestionAndAnswer to false, then PR also sends email to firstUser
2) If passwords are stored in hashed form, then if:
a) enablePasswordRetrieval='true' and enablePasswordReset is set to either true or false --> PR generates exception
b) if enablePasswordRetrieval='false' and enablePasswordReset='false' --> PR generates exception
c) if enablePasswordRetrieval is set to false and enablePasswordReset is set to true, then PR automatically generates new pwd and emails it.
Similarly, if pwd is not hashed, but we have enablePasswordRetrieval='false', then enablePasswordReset must be set to true (so that PR generates a new pwd and emails it), else we get an exception"
No comments:
Post a Comment