Membership.EnablePasswordReset Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Gets a value indicating whether the current membership provider is configured to allow users to reset their passwords.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public static bool EnablePasswordReset { get; }

Property Value

Type: System.Boolean

true if the membership provider supports password reset; otherwise, false.

Password reset is the ability for ASP.NET membership to replace the current password for a user name with a new, randomly generated password when a user has forgotten their password or the current password is no longer valid. This is especially useful when password format is set to Hashed, as users cannot retrieve hashed password values.

The following code example shows the element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application use an instance of the SqlMembershipProvider and enables password reset.

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
    <add name="SqlProvider"
      applicationName="MyApplication" />

The following code example first verifies that EnablePasswordReset is true, then resets a user's password and returns the new, automatically generated password.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

public void Page_Load(object sender, EventArgs args)
  if (!Membership.EnablePasswordReset)

  Msg.Text = "";

  if (!IsPostBack)
    Msg.Text = "Please enter a user name.";

public void VerifyUsername()
    MembershipUser user = Membership.GetUser(UsernameTextBox.Text, false);

    if (user == null)
      Msg.Text = "The user name " + Server.HtmlEncode(UsernameTextBox.Text) + " was not found. Please check the value and reenter your user name.";

      QuestionLabel.Text = "";
      QuestionLabel.Enabled = false;
      AnswerTextBox.Enabled = false;
      ResetPasswordButton.Enabled = false;
      QuestionLabel.Text = user.PasswordQuestion;
      QuestionLabel.Enabled = true;
      AnswerTextBox.Enabled = true;
      ResetPasswordButton.Enabled = true;

public void ResetPassword_OnClick(object sender, EventArgs args)
  string newPassword = "";

    newPassword = Membership.Provider.ResetPassword(UsernameTextBox.Text, AnswerTextBox.Text);
  catch (NotSupportedException e)
    Msg.Text = "An error has occurred resetting your password: " + e.Message + "." +
               "Please check your values and try again.";
  catch (MembershipPasswordException e)
    Msg.Text = "Invalid password answer. Please reenter the answer and try again.";
  catch (System.Configuration.Provider.ProviderException e)
    Msg.Text = "The specified user name does not exist. Please check your value and try again.";

  if (newPassword != "")
    Msg.Text = "Password reset. Your new password is: " + Server.HtmlEncode(newPassword);
    Msg.Text = "Password reset failed. Please reenter your values and try again.";

<html xmlns="" >
<title>Sample: Reset Password</title>

<form id="form1" runat="server">
  <h3>Reset Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />

  Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
          <asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                      ControlToValidate="AnswerTextBox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" Enabled="false" /><br />

  <asp:Button id="ResetPasswordButton" Text="Reset Password" 
              OnClick="ResetPassword_OnClick" runat="server" Enabled="false" />



.NET Framework
Available since 2.0
Return to top