Membership.RequiresQuestionAndAnswer Property

Gets a value indicating whether the default membership provider requires the user to answer a password question for password reset and retrieval.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

No code example is currently available or this language may not be supported.
/** @property */
public static boolean get_RequiresQuestionAndAnswer ()

public static function get RequiresQuestionAndAnswer () : boolean

Not applicable.

Property Value

true if a password answer is required for password reset and retrieval; otherwise, false.

Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. Users can supply a question and answer when their user name is created that they can later use to retrieve or reset a forgotten password.

RequiresQuestionAndAnswer is checked when ResetPassword or GetPassword is called. The provider provided with the .NET Framework throws a NotSupportedException if RequiresQuestionAndAnswer is true and the supplied password answer is a null reference (Nothing in Visual Basic).

If EnablePasswordReset and EnablePasswordRetrieval are both false, RequiresQuestionAndAnswer can still be used to enforce the creation of questions and answers when new users are created; however, the question and answer will not be used. You will be able to retrieve the question by using the MembershipUser class.

For more information, see ResetPassword and GetPassword.

The following code example shows the membership Element (ASP.NET Settings Schema) element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application use an instance of the SqlMembershipProvider, enables password reset, and requires a password answer when performing a reset.

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
  <providers>
    <add name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="SqlServices"
      enablePasswordRetrieval="false"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      passwordFormat="Hashed"
      applicationName="MyApplication" />
  </providers>
</membership>

The following code sample checks the value of RequiresQuestionAndAnswer and adds the necessary controls for a password question and answer to be supplied when creating a user.

Security noteSecurity Note:

This example includes a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio).

No code example is currently available or this language may not be supported.

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show: