This documentation is archived and is not being maintained.

SqlMembershipProvider.ChangePassword Method

Modifies a user's password.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override bool ChangePassword(
	string username,
	string oldPassword,
	string newPassword
)

Parameters

username
Type: System.String
The user to update the password for.
oldPassword
Type: System.String
The current password for the specified user.
newPassword
Type: System.String
The new password for the specified user.

Return Value

Type: System.Boolean
true if the password was updated successfully. false if the supplied old password is invalid, the user is locked out, or the user does not exist in the database.

ExceptionCondition
System.ArgumentException

username is an empty string (""), contains a comma, or is longer than 256 characters.

- or -

oldPassword is an empty string or longer than 128 characters.

- or -

newPassword is an empty string or longer than 128 characters.

- or -

The encoded version of newPassword is greater than 128 characters.

- or -

The change-password action was canceled by a subscriber to the ValidatingPassword event, and the FailureInformation property was null.

- or -

The length of newPassword is less than the minimum length specified in the MinRequiredPasswordLength property.

- or -

The number of non-alphabetic characters in newPassword is less than the required number of non-alphabetic characters specified in the MinRequiredNonAlphanumericCharacters property.

- or -

newPassword does not pass the regular expression defined in the PasswordStrengthRegularExpression property.

System.ArgumentNullException

username is null.

- or -

oldPassword is null.

- or -

newPassword is null.

MembershipPasswordException

username was not found in the database.

System.Configuration.Provider.ProviderException

An error occurred while setting the new password value at the database.

Exception

An unhandled exception occurred.

This method is called by the Membership class to update the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config).

The maximum password length is 128 characters.

If an incorrect password is supplied to the ChangePassword method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the UnlockUser method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.

You can call the ChangePassword method directly by first obtaining a reference to the SqlMembershipProvider instance through the Provider property of the Membership class. The Provider property exposes the defaultProvider specified in the Web.config file for the application. Configured providers that are not the default provider referenced using the Providers property.

You can also change user passwords by using the ChangePassword method.

Leading and trailing spaces are trimmed from all parameter values.

The following code example modifies the password for the specified user.

NoteNote

This example uses the Provider property of the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type.


<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void ChangePassword_OnClick(object sender, EventArgs args)
{
  try
  {
    // Update the password.

    if (Membership.Provider.ChangePassword(User.Identity.Name, OldPasswordTextbox.Text, PasswordTextbox.Text))
    {
      Msg.Text = "Password changed.";
      return;
    }
  }
  catch
  {
  }

  Msg.Text = "Password change failed. Please re-enter your values and try again.";
}


</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Change Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" />

  <table cellpadding="3" border="0">
    <tr>
      <td>Old Password:</td>
      <td><asp:Textbox id="OldPasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                      ControlToValidate="OldPasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
                                      ControlToValidate="PasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" 
                                      ErrorMessage="Required" />
          <asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" ControlToCompare="PasswordTextBox"
                                      ErrorMessage="Confirm password must match password." />
      </td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordButton" Text="Change Password" 
                      OnClick="ChangePassword_OnClick" runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Show: