Export (0) Print
Expand All

ActiveDirectoryMembershipProvider.EnablePasswordReset Property

Gets a value indicating whether the ActiveDirectoryMembershipProvider instance is configured to allow users to reset their passwords.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override bool EnablePasswordReset { get; }

Property Value

Type: System.Boolean
true if password reset is allowed; otherwise, false. The default is false.

ExceptionCondition
InvalidOperationException

An attempt to access the EnablePasswordReset property was made before the ActiveDirectoryMembershipProvider instance was initialized.

The EnablePasswordReset property indicates whether you can use the ResetPassword method to reset a user's password. The EnablePasswordReset property is set in your application's configuration file using the enablePasswordReset attribute of the membership Element (ASP.NET Settings Schema) element.

You can only set the EnablePasswordReset property true when the following membership Element (ASP.NET Settings Schema) element settings have been made.

  • requiresQuestionAndAnswer must be true.

  • The Active Directory schema must be modified to contain attributes for storing the password question and answer, as well as the three tracking fields for password-answer change attempts.

  • attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributeMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockoutTime must be mapped to attributes in the Active Directory schema.

If the above criteria are not met, a ProviderException is thrown at initialization.

When the connection string in the application configuration file specifies an Active Directory domain rather than a specific server, the ActiveDirectoryMembershipProvider instance will always connect to the domain controller that has the PDC role for the domain to ensure that password changes take effect and are available when the ValidateUser method is called.

NoteNote

Even if the EnablePasswordReset property is true, you cannot reset user passwords unless the credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "reset password" access right.

The following code example shows a Web.config entry that configures an ActiveDirectoryMembershipProvider instance to enable password resets. It uses the explicit credentials of a user given the "reset password" access right.

Security noteSecurity Note

When you place user credentials in your Web.config file, there are potential security threats. Users with access rights to the directory containing the Web.config file can read the file, and thus see the credentials. For details on how to protect against this threat, see Encrypting Configuration Information Using Protected Configuration.

<configuration>
  <connectionStrings>
    <add name="ADService" connectionString="LDAP://ldapServer/" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <add name="AspNetActiveDirectoryMembershipProvider" 
          type="System.Web.Security.ActiveDirectoryMembershipProvider, 
          System.Web, Version=2.0.3600, Culture=neutral, 
          PublicKeyToken=b03f5f7f11d50a3a"
          connectionUsername="UserWithResetPasswordRights"
          connectionPassword="PasswordForUser"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          attributeMapPasswordQuestion="PasswordQuestionADAttribute"
          attributeMapPasswordAnswer="PasswordAnswerADAttribute"
          attributeMapFailedPasswordAnswerCount="AnswerCountADAttribute"
          attributeMapFailedPasswordAnswerTime="AnswerTimeADAttribute"
          attributeMapFailedPasswordAnswerLockoutTime="LockOutTimeADAttribute" />
      </providers>
    </membership>
  </system.web>
</configuration>

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft