Export (0) Print
Expand All

MembershipUser.ResetPassword Method

Resets a user's password to a new, automatically generated password.

Namespace:  System.Web.Security
Assembly:  System.Web.ApplicationServices (in System.Web.ApplicationServices.dll)

public virtual string ResetPassword()

Return Value

Type: System.String
The new password for the membership user.

ExceptionCondition
PlatformNotSupportedException

This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.

ResetPassword calls the MembershipProvider.ResetPassword method of the membership provider referenced by the ProviderName property to reset the password for the membership user to a new, automatically generated password. The new password is then returned to the caller.

If EnablePasswordReset is false, the membership provider will return an exception.

If RequiresQuestionAndAnswer is true, you must use the ResetPassword overload that takes a password answer as a parameter and supply the password answer for the membership user. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.

The following code example resets a user's password and returns the new, automatically generated password. Note that RequiresQuestionAndAnswer is assumed to be false.

Security noteSecurity Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

MembershipUser u;

public void Page_Load(object sender, EventArgs args)
{
  if (!Membership.EnablePasswordReset)
  {
    FormsAuthentication.RedirectToLoginPage();
  }

  Msg.Text = "";

  if (!IsPostBack)
  {
    Msg.Text = "Please supply a username.";
  }
  else
  {
    VerifyUsername();
  }
}


public void VerifyUsername()
{
    u = Membership.GetUser(UsernameTextBox.Text, false);

    if (u == null)
    {
      Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";

      ResetPasswordButton.Enabled = false;
    }
    else
    {
      ResetPasswordButton.Enabled = true;
    }
}

public void ResetPassword_OnClick(object sender, EventArgs args)
{
  string newPassword;

  u = Membership.GetUser(UsernameTextBox.Text, false);

  if (u == null)
  { 
    Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
    return;
  }

  try
  {
    newPassword = u.ResetPassword();
  }
  catch (MembershipPasswordException e)
  {
    Msg.Text = "Invalid password answer. Please re-enter and try again.";
    return;
  }
  catch (Exception e)
  {
    Msg.Text = e.Message;
    return;
  }

  if (newPassword != null)
  {
    Msg.Text = "Password reset. Your new password is: " + Server.HtmlEncode(newPassword);
  }
  else
  {
    Msg.Text = "Password reset failed. Please re-enter your values and try again.";
  }
}


</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Reset Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  <asp:Button id="ResetPasswordButton" Text="Reset Password" 
              OnClick="ResetPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft