ActiveDirectoryMembershipProvider.RequiresQuestionAndAnswer Property

Note: This property is new in the .NET Framework version 2.0.

Gets a value indicating whether the membership provider is configured to require a password question and answer when creating a user.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

Syntax

public override bool RequiresQuestionAndAnswer { get; }

/** @property */
public boolean get_RequiresQuestionAndAnswer ()

public override function get RequiresQuestionAndAnswer () : boolean

Property Value

true if the ActiveDirectoryMembershipProvider object is configured to require a password question and answer for a user; otherwise, false. The default is false.

Exceptions

Exception type	Condition
InvalidOperationException	An attempt to access the RequiresQuestionAndAnswer property was made before the ActiveDirectoryMembershipProvider instance was initialized.

Remarks

The RequiresQuestionAndAnswer property is set in your application's configuration file using the requiresQuestionAndAnswer attribute of the membership Element (ASP.NET Settings Schema) element. If the property is not set in the application's configuration file, the RequiresQuestionAndAnswer property is set to the default value of false.

When the requiresQuestionAndAnswer attribute is set to true, you must also set these additional attributes.

• attributeMapPasswordQuestion and attributeMapPasswordAnswer must be mapped to attributes in the Active Directory schema.

If the above criteria are not met, a ProviderException is thrown at initialization.

Note
You can require a password question and answer when creating a user, but set the EnablePasswordReset property to false to prevent users from changing their passwords using the ActiveDirectoryMembershipProvider class.

Example

The following code example shows a Web.config entry that configures an ActiveDirectoryMembershipProvider instance to enable password resets. It uses the explicit credentials of a user given the "reset password" access right.

Security Note
When you place user credentials in your Web.config file, there are potential security threats. Users with access rights to the directory containing the Web.config file can read the file, and thus see the credentials. For details on how to protect against this threat, see Encrypting Configuration Information Using Protected Configuration.

<configuration>
  <connectionStrings>
    <add name="ADService" connectionString="LDAP://ldapServer/" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <add name="AspNetActiveDirectoryMembershipProvider" 
          type="System.Web.Security.ActiveDirectoryMembershipProvider, 
          System.Web, Version=2.0.3600, Culture=neutral,
          PublicKeyToken=b03f5f7f11d50a3a"
          connectionUsername="UserWithResetPasswordRights"
          connectionPassword="PasswordForUser"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          attributeMapPasswordQuestion="PasswordQuestionADAttribute"
          attributeMapPasswordAnswer="PasswordAnswerADAttribute"
          attributeMapFailedPasswordAnswerCount="AnswerCountADAttribute"
          attributeMapFailedPasswordAnswerTime="AnswerTimeADAttribute"
          attributeMapFailedPasswordAnswerLockoutTime="LockOutTimeADAttribute" />
      </providers>
    </membership>
  </system.web>
</configuration>

Platforms

Windows 98, Windows 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

Version Information

.NET Framework

Supported in: 2.0

See Also

Reference

ActiveDirectoryMembershipProvider Class
ActiveDirectoryMembershipProvider Members
System.Web.Security Namespace

Other Resources

Introduction to Membership