Posted - 04/24/2009 : 08:35:20
| Hi All,
I have a client app and web app that provides password change functionality using sp_password.
The administrator role within the system can change all passwords.
The business roles within the system can change their own passwords.
We have encountered an infrequent issue when some users fail to change their own passwords.
An audit trail shows that the users were previously able to login, change password, logout and login again using the new password.
During debugging, the audit trail also stores the value of the passwords submitted by the users.
Currently, an 'alter login' script is executed within Query Analyzer to reset the login.
The system will be updated to use 'alter login' instead of 'sp_password' in my systems changepassword stored procedure.
I would like to determine why the issue occurred regardless.
What else would cause sp_password to fail when the following is true?
1. The user changed his password successfully in the past.
2. The user completed a login after the password change.
3. The user login was not altered by other functionality.
4. The user provided the correct login and current password.
Is it possible that a login can loose permission due to some process, lock or server event?
Is there a particular event that I could add to a trace to identify when a system stored procedure failed?