1

Closed

Password deleted on editing User

description

Steps to replicate:
  • create new user including password
  • make administrator
  • assign all surveys
  • save
Next:
  • edit user: remove administator right + remove all surveys
  • add regular role + survey through surveys box --> save + logout
  • next log in as new user: error StrongTypingException("The value for column \'Password\' in table \'Users\' is DBNull."
The password seems to have been removed. Once added again the error does not show anymore.
Closed Dec 20, 2013 at 9:23 PM by fwsmaster

comments

fwsmaster wrote Aug 3, 2013 at 10:14 PM

Solution:

Change stored procedure to :
USE [SP21FinalDev]
GO
/****** Object:  StoredProcedure [dbo].[vts_spUserUpdate]    Script Date: 3-8-2013 22:48:58 ******/
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO

ALTER PROCEDURE [dbo].[vts_spUserUpdate]
            @UserID int,
            @UserName nvarchar(255),
            @Password nvarchar(255),
            @PasswordSalt nvarchar(255),
            @LastName nvarchar(255),
            @FirstName nvarchar(255),  
            @Email nvarchar(255)
            
AS

UPDATE vts_tbUser SET
    UserName = @UserName,
    FirstName = @FirstName,
    LastName = @LastName,
    Email = @Email
WHERE UserID = @UserID

if @Password is not null or @PasswordSalt is not null
BEGIN
    UPDATE vts_tbUser SET 
        Password = @Password,
        PasswordSalt = @PasswordSalt
    WHERE UserID = @UserID
END
Change:
.. \SurveyWAP\NSurveyAdmin\UserControls__UsersOptionsControl.ascx.cs__
                    if (PasswordTextBox.Text.Length > 0)
                    {
                        if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$"))
                        {
                            MessageLabel.Visible = true;
                            ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage"));
                            return;
                        }
                        else
                        {
                            var sec = new LoginSecurity();
                            updatedUser.PasswordSalt = sec.CreateSaltKey(5);
                            updatedUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, updatedUser.PasswordSalt);
                        }

                    }
                    else
                    {
                        updatedUser.Password = null;
                        updatedUser.PasswordSalt = null;
                    }