Pretražuju se:

MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.
Vrati se nazad na sve teme

the default Admin user can be locked out  (Mono Support )

20359 put(a) pogledan, 5 odgovor(a) 25.7.2012. 18:03:10Kreirao(la) geobirbilis
geobirbilis

geobirbilis

25.7.2012. 18:03:10
I tried to log in at a MonoX installation as admin and I entered wrong pwd several times and now it tells me the account is locked!

1) I'd expect the admin account to not be lockable like that (this can be exploited)
2) How can I edit the db or visit some MonoX intallation webpage accessible only from the console (locally) to unlock the admin? Or is there other easier way?
3) If password is totally forgotten, is there a way to make blank (or change) the pwd from the db?
Ovaj sadržaj još nije ocijenjen. 
155 Reputacija 23 Ukupno objava
denis

denis

26.7.2012. 10:31:39
Hi George,
Our usual strategy is to change the name of the admin acount, which makes it more difficult to exploit this feature. You can reset the locking status by switching the value of the IsLockedOut field in the aspnet_Membership table for that particular user. There are several properties in the membership provider that control this behavior, and you can change them in the web.config file - the most important one would be "maxInvalidPasswordAttempts"
Ocjena 4,00, 1 glas(ova). 
7207 Reputacija 956 Ukupno objava
geobirbilis

geobirbilis

27.7.2012. 10:01:53
Suppose the admin password for the portal has been forgotten, how can it be reset from the DB or other tool?
Ovaj sadržaj još nije ocijenjen. 
155 Reputacija 23 Ukupno objava
geobirbilis

geobirbilis

27.7.2012. 10:12:27
btw, how come the user password is unhashed (plain text) in the dbo.aspnet_Membership table? (the respective username is in dbo.aspnet_Users)
Is it some ASP.net setting?
Ovaj sadržaj još nije ocijenjen. 
155 Reputacija 23 Ukupno objava
khorvat

khorvat

27.7.2012. 13:27:06
Hi,

you should use the password recovery screen available e.g. here, yes passwords are by default unhashed and you can change that setting in the web.config by changing the passwordFormat in Membership and Role provider settings.

e.g.
<membership defaultProvider="AspNetSqlMembershipProvider" hashAlgorithmType="SHA1" >
      <providers>
         <remove name="AspNetSqlMembershipProvider"/>              
             <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MonoX" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="MonoSoftware.MonoX.MonoXMembershipProvider, MonoX" />
        <!-- <add name="ActiveDirectoryMembershipProvider" type="MonoSoftware.MonoX.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" applicationName="MonoX"
         connectionUsername="username@yourdomain"
         connectionPassword="pwd" /> -->
  </providers>
</membership>

Regards
Ovaj sadržaj još nije ocijenjen. 
15993 Reputacija 2214 Ukupno objava
MonoX Nightly Builds MonoX Gallery MonoX Roadmap Mono Software at GitHub
Additional Resources

  • Send us an e-mail

MonoX is a Mono product. mono