This documentation is archived and is not being maintained.

SqlMembershipProvider.ChangePasswordQuestionAndAnswer Method

Updates the password question and answer for a user in the SQL Server membership database.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override bool ChangePasswordQuestionAndAnswer(
	string username,
	string password,
	string newPasswordQuestion,
	string newPasswordAnswer
)

Parameters

username
Type: System.String
The user to change the password question and answer for.
password
Type: System.String
The password for the specified user.
newPasswordQuestion
Type: System.String
The new password question for the specified user.
newPasswordAnswer
Type: System.String
The new password answer for the specified user.

Return Value

Type: System.Boolean
true if the update was successful; otherwise, false. A value of false is also returned if the password is incorrect, the user is locked out, or the user does not exist in the database.

ExceptionCondition
System.ArgumentException

username is an empty string (""), contains a comma, or is longer than 256 characters.

- or -

password is an empty string or is longer than 128 characters.

- or -

newPasswordQuestion is an empty string or is longer than 256 characters.

- or -

newPasswordAnswer is an empty string or is longer than 128 characters.

- or -

The encoded version of newPasswordAnswer is longer than 128 characters.

System.ArgumentNullException

username is null.

- or -

password is null.

- or -

newPasswordQuestion is null and RequiresQuestionAndAnswer is true.

- or -

newPasswordAnswer is null and RequiresQuestionAndAnswer is true.

ProviderException

An error occurred when changing the password question and answer in the database.

This method is called by the MembershipUser class to update the password question and answer for a user in the SQL Server database that is specified in the ASP.NET application's configuration file (Web.config). The password answer is encrypted using the format that is specified in the PasswordFormat property.

Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. The ChangePasswordQuestionAndAnswer method updates the password question and answer for a membership user.

If an incorrect password is supplied to the ChangePasswordQuestionAndAnswer method, the internal counters that track invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by calling the UnlockUser method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.

The maximum length for the password question is 256 characters. The maximum length for the password answer is 128 characters.

For more information, see RequiresQuestionAndAnswer, ResetPassword, and GetPassword.

Leading and trailing spaces are trimmed from all parameter values.

The following code example updates the password question and answer for a user.

NoteNote

This example uses the Provider property of the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type.


<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void ChangePasswordQuestion_OnClick(object sender, EventArgs args)
{
  try
  {
    if (Membership.Provider.ChangePasswordQuestionAndAnswer(User.Identity.Name,
                                                            PasswordTextbox.Text, 
                                                            QuestionTextbox.Text, 
                                                            AnswerTextbox.Text))
      Msg.Text = "Password question and answer changed.";
    else
      Msg.Text = "Change failed. Please reenter your values and try again.";
  }
  catch (System.Configuration.Provider.ProviderException e)
  {
    Msg.Text = "Change failed. Please reenter your values and try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Change Password Question and Answer</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password Question and Answer for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                    ControlToValidate="PasswordTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Question:</td>
      <td><asp:Textbox id="QuestionTextbox" MaxLength="256" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="QuestionRequiredValidator" runat="server"
                                    ControlToValidate="QuestionTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Answer:</td>
      <td><asp:Textbox id="AnswerTextbox" MaxLength="128" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                    ControlToValidate="AnswerTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordQuestionButton" 
                      Text="Change Password Question and Answer" 
                      OnClick="ChangePasswordQuestion_OnClick" 
                      runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Show: