SqlMembershipProvider.ChangePasswordQuestionAndAnswer Method

Updates the password question and answer for a user in the SQL Server membership database.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

'Declaration
Public Overrides Function ChangePasswordQuestionAndAnswer ( _
	username As String, _
	password As String, _
	newPasswordQuestion As String, _
	newPasswordAnswer As String _
) As Boolean
'Usage
Dim instance As SqlMembershipProvider
Dim username As String
Dim password As String
Dim newPasswordQuestion As String
Dim newPasswordAnswer As String
Dim returnValue As Boolean

returnValue = instance.ChangePasswordQuestionAndAnswer(username, password, newPasswordQuestion, newPasswordAnswer)
public boolean ChangePasswordQuestionAndAnswer (
	String username, 
	String password, 
	String newPasswordQuestion, 
	String newPasswordAnswer
)
public override function ChangePasswordQuestionAndAnswer (
	username : String, 
	password : String, 
	newPasswordQuestion : String, 
	newPasswordAnswer : String
) : boolean
Not applicable.

Parameters

username

The user to change the password question and answer for.

password

The password for the specified user.

newPasswordQuestion

The new password question for the specified user.

newPasswordAnswer

The new password answer for the specified user.

Return Value

true if the update was successful; otherwise, false. A value of false is also returned if the password is incorrect, the user is locked out, or the user does not exist in the database.

Exception typeCondition

System.ArgumentException

username is an empty string (""), contains a comma, or is longer than 256 characters.

- or -

password is an empty string or is longer than 128 characters.

- or -

newPasswordQuestion is an empty string or is longer than 256 characters.

- or -

newPasswordAnswer is an empty string or is longer than 128 characters.

- or -

The encoded version of newPasswordAnswer is longer than 128 characters.

System.ArgumentNullException

username is a null reference (Nothing in Visual Basic).

- or -

password is a null reference (Nothing in Visual Basic).

- or -

newPasswordQuestion is a null reference (Nothing in Visual Basic) and RequiresQuestionAndAnswer is true.

- or -

newPasswordAnswer is a null reference (Nothing in Visual Basic) and RequiresQuestionAndAnswer is true.

ProviderException

An error occurred when changing the password question and answer in the database.

This method is called by the MembershipUser class to update the password question and answer for a user in the SQL Server database that is specified in the ASP.NET application's configuration file (Web.config). The password answer is encrypted using the format that is specified in the PasswordFormat property.

Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. The ChangePasswordQuestionAndAnswer method updates the password question and answer for a membership user.

If an incorrect password is supplied to the ChangePasswordQuestionAndAnswer method, the internal counters that track invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by calling the UnlockUser method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.

The maximum length for the password question is 256 characters. The maximum length for the password answer is 128 characters.

For more information, see RequiresQuestionAndAnswer, ResetPassword, and GetPassword.

Leading and trailing spaces are trimmed from all parameter values.

The following code example updates the password question and answer for a user.

NoteNote:

This example uses the Provider property of the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type.

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub ChangePasswordQuestion_OnClick(sender As Object, args As EventArgs)

  Try
    If Membership.Provider.ChangePasswordQuestionAndAnswer(User.Identity.Name, _
                                                          PasswordTextbox.Text, _ 
                                                          QuestionTextbox.Text, _
                                                          AnswerTextbox.Text) Then
      Msg.Text = "Password question and answer changed."
    Else
      Msg.Text = "Change failed. Please reenter your values and try again."
    End If
  Catch e As System.Configuration.Provider.ProviderException
    Msg.Text = "Change failed. Please reenter your values and try again."
  End Try

End Sub

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Change Password Question and Answer</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password Question and Answer for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                    ControlToValidate="PasswordTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Question:</td>
      <td><asp:Textbox id="QuestionTextbox" MaxLength="256" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="QuestionRequiredValidator" runat="server"
                                    ControlToValidate="QuestionTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Answer:</td>
      <td><asp:Textbox id="AnswerTextbox" MaxLength="128" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                    ControlToValidate="AnswerTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordQuestionButton" 
                      Text="Change Password Question and Answer" 
                      OnClick="ChangePasswordQuestion_OnClick" 
                      runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show: