0

I'm trying to make a website with asp.net mvc 4 and entity framework 6 where user can update their password in UserPassword view. Password is stored as Session. I'm storing the passwords in mssql database. Everything is working fine but whenever I click to change the password, it's not changing at all. I look at my table & I can see the previous password. Here are my codes,

Controller

[HttpPost]
    public ActionResult UserPassword(UserInfo pass)
    {
        if (Session["UserNAME"] != null)
        {
            var PrevPass = testdb.UserInfoes.Where(a => a.Password.Equals(pass.Password)).FirstOrDefault();
            if (Session["UserPASS"] == PrevPass)
            {
                if (ModelState.IsValid)
                {
                    testdb.Entry(pass).State = System.Data.Entity.EntityState.Modified;
                    testdb.SaveChanges();
                    Session["UserPass"] = PrevPass.Password.ToString();
                    return RedirectToAction("UserLogin");
                }
            }
            else
            {
                return RedirectToAction("ProfileView");
            }
            return View(pass);
        }
        else
        {
            return RedirectToAction("Login");
        }
    }

View

@using (Html.BeginForm("UserPassword", "Home", FormMethod.Post)) {
        @Html.ValidationSummary(true)

        <div class="editor-label">
            <strong>Current Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.Password)
            @Html.ValidationMessageFor(a => a.Password)
        </div>
        <div class="editor-label">
            <strong>New Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.Password)
            @Html.ValidationMessageFor(a => a.Password)
        </div>
        <div class="editor-label">
            <strong>Retype Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.Password)
            @Html.ValidationMessageFor(a => a.Password)
        </div><br />
        <p><input type="submit" class="btn btn-info" value="Update" /></p>
    }

Model

public partial class UserInfo
{
    public string UserId { get; set; }
    public string Name { get; set; }
    public string Password { get; set; }
    public string AddressLine1 { get; set; }
    public string Phone { get; set; }
    public string Email { get; set; }
    public System.DateTime CreatedDate { get; set; }
    public System.DateTime ModifiedDate { get; set; }
    public string IsInfoMatched { get; set; }
    public string IsApproved { get; set; }
    public string IsActive { get; set; }
    public string IsReportView { get; set; }
}

Is there something wrong in my code? If so, please I need a solution badly. I'm new to asp.net so I'm trying hard to master it. Your help will be a lifesaving for me. Tnx.

Improve this question
9
  • 1
    You have 3 html helpers generating controls for property Password! Only the first one will bind when you post back. Whatever you think your entering under the headings of New Password and Retype Password are being ignored. You need to show the model for UserInfo Commented Feb 3, 2015 at 5:07
  • I knew it. Please can you show me how can I bind all 3 of them? How can I modify the model for UserInfo? Commented Feb 3, 2015 at 5:09
  • How would I know how to modify it - you haven't shown what you have so far! Read my last comment again :) Commented Feb 3, 2015 at 5:12
  • Btw, the model is generated from EF6. I used database 1st approach. Commented Feb 3, 2015 at 5:16
  • 1
    If this is a specific form to allow a user to change their password, then create a view model to represent what you want - e.g. with properties for OldPassword, NewPassword and ConfirmPassword with validation attributes including [Compare]. But stop right now. Your code suggests your not even hashing your passwords in the database. Create a new project with forms authentication in VS and study the code in the AccountController and its associated view models to see how you should be handling all this. Commented Feb 3, 2015 at 5:27

2 Answers 2

Reset to default
1

Please try below code For Change Password

Your Model will be

public partial class UserChangePassword
{
    public string UserId { get; set; }
    public string OldPassword { get; set; }
    public string NewPassword{ get; set; }
    public string ComparePassword{ get; set; }
}

Your View Will be

@using (Html.BeginForm("UserPassword", "Home", FormMethod.Post)) {
        @Html.ValidationSummary(true)

        <div class="editor-label">
            <strong>Current Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.OldPassword)
            @Html.ValidationMessageFor(a => a.OldPassword)
        </div>
        <div class="editor-label">
            <strong>New Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.NewPassword)
            @Html.ValidationMessageFor(a => a.NewPassword)
        </div>
        <div class="editor-label">
            <strong>Retype Password</strong>
        </div>
        <div class="editor-field">
            @Html.PasswordFor(a => a.ConfirmPassword)
            @Html.ValidationMessageFor(a => a.ConfirmPassword)
        </div><br />
        <p><input type="submit" class="btn btn-info" value="Update" /></p>
    }

And your action will be

[HttpPost]
public ActionResult UserPassword(UserChangePassword model)
{
     var user= testdb.UserInfoes.Where(a => a.UserId.Equals(model.UserId)).FirstOrDefault();

     if (Session["UserPASS"] !=null&& ModelState.IsValid && model.OldPassword==user.Password)
     {
         user.Password=model.NewPassword;
         testdb.Entry(user).State = System.Data.Entity.EntityState.Modified;
         testdb.SaveChanges();
         Session["UserPass"] = model.NewPassword.ToString();
         return RedirectToAction("UserLogin");
     }
     else
     {
           //False section
     }   
}

And am not encouraging to use Session for keeping login details. Use forms authentication instead. And using hashing password is a very good practice when considering security.

Hope it will work..

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hi, tnx for your help. Just one question. How am I going to store the UserId value from model according to my Session value?
Hi, tnx for this code. I just needed to add @Html.HiddenFor(a => a.UserId, new{ @Value = @Session["UserId"] }) for setting the UserId according to view. I voted your answer. Tnx. :)
If you are using forms authentication, no need to use this Session, You will get user id by Simply using User.Identity.Name.
Which one is better & why?
Obviously forms authentication is the best way. we can do lot of thing on authentication using this way. Please have look on default MVC4 internet application, which using forms authentication. We can keep auth data in cookie as encrypted manner.
0

I guess you made your view strong by bind it with model class, If so When you are clicking on update button make sure you are getting new password in your userinfo class because it is taking old password.Use Debugger to see what is in userInfo pass parameter.

Solution: Add property for newPassword as well in userInfo class then You will get the result.

Please let me know if you find any difficulty.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.