How do you configure to " Allow for password reset by providing a secret question" ?
Also, can we Audit who updated a record?
Thanks
How do you configure to " Allow for password reset by providing a secret question" ?
Also, can we Audit who updated a record?
Thanks
This is a feature of the membership provider. You need to set the requiresQuestionAndAnswer parameter to "true" in the web.config to turn it on. One warning though - it expects this to be configured from the start, so if you have existing users in the database you may run into problems logging in or resetting their passwords.
As for auditing, that is not built in. As the FBA Pack works against a membership provider - it would have to be the membership provider that supported the auditing. Since none of the standard membership provider functions provide a "changed by" parameter, you'd have to write a custom membership provider to do this, and extend the FBA Pack code specifically for that custom provider. Note that the sql membership provider does store when many events happened (account created, last login date, last password attempt failure....), but it does not store who made the changes (Probably assuming that a request to create an account is from the user itself, and any changes to the account are from the same authenticated user).
Thanks for the quick reply. When i set the requiresQuestionandanswer parameter to "true", i created a new user and set a set question and answer. when i clicked on change password, it did not ask for my security question. only asked for current password and to enter new password.
As a site collection admin, i cannot reset passwords for users with this configuration? I get this following error message when try to reset password for a user.
"Your current membershipprovider settings prevent a user's password from being reset. To allow for resetting of a password by an administrator, you must have enablePasswordReset="true" and requiresQuestionAndAnswer="false" in your membership provider settings in your web.config."
Sorry - it doesn't ask the question when the user changes their password (they need their existing password, which sort of makes the additional question redundant). It does ask the user the question if they've forgotten their password and need it reset.
And no, you can't reset the user's password when this configuration is on, as the membership provider requires the answer to the question to reset the password. Pretty silly I think, which is why I don't use it myself.
This all make sense. thank you so much for quick replies :)