Membership::RequiresQuestionAndAnswer Property
Gets a value indicating whether the default membership provider requires the user to answer a password question for password reset and retrieval.
Assembly: System.Web (in System.Web.dll)
Property Value
Type: System::Booleantrue if a password answer is required for password reset and retrieval; otherwise, false.
Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. Users can supply a question and answer when their user name is created that they can later use to retrieve or reset a forgotten password.
RequiresQuestionAndAnswer is checked when ResetPassword or GetPassword is called. The provider provided with the .NET Framework throws a NotSupportedException if RequiresQuestionAndAnswer is true and the supplied password answer is null.
If EnablePasswordReset and EnablePasswordRetrieval are both false, RequiresQuestionAndAnswer can still be used to enforce the creation of questions and answers when new users are created; however, the question and answer will not be used. You will be able to retrieve the question by using the MembershipUser class.
For more information, see ResetPassword and GetPassword.
The following code example shows the element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application use an instance of the SqlMembershipProvider, enables password reset, and requires a password answer when performing a reset.
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="MyApplication" />
</providers>
</membership>
The following code sample checks the value of RequiresQuestionAndAnswer and adds the necessary controls for a password question and answer to be supplied when creating a user.
Security Note
|
|---|
This example includes a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
Available since 2.0
