brewhaus
  •  brewhaus
  • 68.6% (Friendly)
  • YAF Lover Topic Starter
2015-01-04T16:06:21Z
We finally got moved from vBulletin to YAF :-d
However, when we imported the users they were e-mailed an auto-generated password and security question. Those that discarded the e-mail and are trying to retrieve / change the password using the forgotten password tool are running into a problem- they are being asked for the answer to the security question, and they have no idea. Can we either change the security question to something generic so that they can easily answer it, or disable the requirement for the security question?
Sponsor
Zero2Cool
2015-01-04T19:37:09Z
Disable the security question requirement in the web.config membership area
brewhaus
  •  brewhaus
  • 68.6% (Friendly)
  • YAF Lover Topic Starter
2015-01-04T19:44:28Z
As far as I can tell, it is supposedly already off:


<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<!-- YAF's ASP.NET Membership Provider is designed to work a bit better with YAF.NET options, but is by no means required.
                    But, you will not be able to switch providers after installing your forum. -->
<add name="YafMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet" 
        requiresUniqueEmail="true" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider" />
                
<!-- Uncommend and set as default if you want to use use the built-in ASP.NET membership provider. 
       Password Type of "Encrypted" requires a machine key. -->
<!--<add name="AspNetSqlMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet"
                     enablePasswordReset="false" enablePasswordRetrieval="true" maxInvalidPasswordAttempts="5"
                     minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" passwordAttemptWindow="15"
                     passwordFormat="Encrypted" requiresQuestionAndAnswer="false" requiresUniqueEmail="true"
                     type="System.Web.Security.SqlMembershipProvider" />-->
            </providers>
        </membership>
brewhaus
  •  brewhaus
  • 68.6% (Friendly)
  • YAF Lover Topic Starter
2015-01-05T21:58:21Z
Does anyone have any more thoughts on this? I have had a couple more people e-mail about this issue, as they have tried to use the forgotten password tool and it requires them to input an answer to the security question, which they do not know.
tha_watcha
2015-01-06T04:51:23Z
Check your web.config snipped above, simply disable requiresQuestionAndAnswer for the YafMembershipProvider...

<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<!-- YAF's ASP.NET Membership Provider is designed to work a bit better with YAF.NET options, but is by no means required.
                    But, you will not be able to switch providers after installing your forum. -->
<add name="YafMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet" 
        requiresUniqueEmail="true" useSalt="true" requiresQuestionAndAnswer="false" 
        type="YAF.Providers.Membership.YafMembershipProvider" />
                
<!-- Uncommend and set as default if you want to use use the built-in ASP.NET membership provider. 
       Password Type of "Encrypted" requires a machine key. -->
<!--<add name="AspNetSqlMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet"
                     enablePasswordReset="false" enablePasswordRetrieval="true" maxInvalidPasswordAttempts="5"
                     minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" passwordAttemptWindow="15"
                     passwordFormat="Encrypted" requiresQuestionAndAnswer="false" requiresUniqueEmail="true"
                     type="System.Web.Security.SqlMembershipProvider" />-->
            </providers>
        </membership>

UserPostedImage
brewhaus
  •  brewhaus
  • 68.6% (Friendly)
  • YAF Lover Topic Starter
2015-01-06T14:31:26Z
Thank you. I was looking at the code in the string just before </providers> and say that requiresQuestionAndAnswer was false. Adding the code in the section above solved the problem.

About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved