1

Im a beginner programming in asp.net. I have mysql integration for the identity in ASP.NET with this powerful tutorial...

The question is: How to Create a default password (ex: default) after i create an employee data with this function:

Controller:

[HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Create(dbemployee dbemployee)
        {
            if (ModelState.IsValid)
            {                
                db.dbemployees.Add(dbemployee);
                db.SaveChanges();
                return RedirectToAction("Index");
            }

            ViewBag.iDept = new SelectList(db.dbtodepts, "iDept", "sDept", dbemployee.iDept);
            ViewBag.iSmokers = new SelectList(db.dbtoflagies, "iFlag", "sFlag", dbemployee.iSmokers);
            ViewBag.iEmpGender = new SelectList(db.dbtogenders, "iGender", "sGender", dbemployee.iEmpGender);
            ViewBag.iGrade = new SelectList(db.dbtogrades, "iGrade", "sGrade", dbemployee.iGrade);
            ViewBag.iJob = new SelectList(db.dbtojobs, "iJob", "sJobName", dbemployee.iJob);
            ViewBag.iEmpLastEdu = new SelectList(db.dbtolasteducations, "iLastEdu", "sLastEdu", dbemployee.iEmpLastEdu);
            ViewBag.iEmpMaritalStat = new SelectList(db.dbtomaritalstats, "iMaritalStat", "sMaritalStat", dbemployee.iEmpMaritalStat);
            ViewBag.iEmpReligion = new SelectList(db.dbtoreligions, "iReligion", "sReligion", dbemployee.iEmpReligion);
            return View(dbemployee);
        }

Of course this function is autogenerated by scaffolding, and my imagine is should add the code like this: 

RegisterViewModel reg = new RegisterViewModel(); 
          reg.Password.Insert("default").GetHashCode.ToString();

And as we know, the code above is totally wrong.. Sorry for my english skill, but i hope someone understand my case. Thanks.. :)

Improve this question
5
  • There was a duplicate question this week (or maybe last week) - how to generate a password (NOT default, that's just asking to get hacked). The quick & dirty answer was to use the GeneratePassword functionality from the old Membership provider. Have to search for the duplicate to find how to do this for Identity Commented Apr 8, 2016 at 11:00
  • 1
    Check this question but not the accepted answer. Identity does not generate passwords, it sends reset links. It's safer than sending even a randomly generated password in clear text. You can use the same functions as eg the Reset page in the MVC template to generate a single-use reset token and send it to new users, forcing them to select a new password. This is better because a) the token can't be reused and b) it expires, reducing the risk from accidental disclosure Commented Apr 8, 2016 at 11:06
  • Thaks for the comment @PanagiotisKanavos ... But can u give me some reference link about your 2nd comment. I interested with your logic. Commented Apr 8, 2016 at 11:24
  • 1
    You have to consider users, and users are simply lazy. It sounds bad but it's true, nonetheless. If you give them a default password, they will use that. Then, all your users (or at least a large majority) are all using the same password, which is bad. If you generate a password and send it to them by email, it's better, but they still won't change it. That will just be their password. But, if like Identity does, you only generate a reset, the user is forced to choose a new password, after clicking the link in the email. This makes your app infinitely more secure. Commented Apr 8, 2016 at 12:41
  • Similarly with Panagiotis Kanavos, but you make me feel more considered how bad the question i have.. :D Thanks @ChrisPratt.. Commented Apr 10, 2016 at 1:30

1 Answer 1

Reset to default
2

ASP.NET Identity does not include default password creation methods, as it relays on password reset links, that are way safer way of handling passwords. Have you considered that approach in your app?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.