SqlMembershipProvider::ResetPassword Method (String^, String^)
Resets a user's password to a new, automatically generated password.
Assembly: System.Web (in System.Web.dll)
public: virtual String^ ResetPassword( String^ username, String^ passwordAnswer ) override
Parameters
- username
-
Type:
System::String^
The user to reset the password for.
- passwordAnswer
-
Type:
System::String^
The password answer for the specified user.
| Exception | Condition |
|---|---|
| System.Web.Security::MembershipPasswordException | passwordAnswer is invalid. - or - The user account is currently locked. |
| System::NotSupportedException | EnablePasswordReset is set to false. |
| System.Configuration.Provider::ProviderException | username is not found in the membership database. - or - The change password action was canceled by a subscriber to the ValidatingPassword event and the FailureInformation property was null. - or - An error occurred while retrieving the password from the database. |
| System::ArgumentException | username is an empty string (""), contains a comma, or is longer than 256 characters. - or - passwordAnswer is an empty string, or is longer than 128 characters, and RequiresQuestionAndAnswer is true. - or - passwordAnswer is longer than 128 characters after encoding. |
| System::ArgumentNullException | |
| Exception | An unhandled exception occurred. |
This method is called by the Membership class to reset the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config) to a new, randomly generated value. The new password is returned.
Note |
|---|
The random password created by the ResetPassword method is not guaranteed to pass the regular expression in the PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties. |
The ResetPassword method is most commonly used when the PasswordFormat property is set to Hashed. If a user forgets a password that is hashed, the password cannot be retrieved. However, the provider can reset the password to a new, automatically generated password if the user supplies the correct password answer.
If an incorrect password answer is supplied to the ResetPassword method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the UnlockUser method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.
You can call the ResetPassword method directly by first obtaining a reference to the SqlMembershipProvider instance from the Provider property of the Membership class. The generated password will be at least 14 characters long, or the length specified in the MinRequiredPasswordLength property, and will contain the number of non-alphanumeric characters specified in the MinRequiredNonAlphanumericCharacters property. The password is not guaranteed to pass the regular expression contained in the PasswordStrengthRegularExpression property, if one is specified.
Leading and trailing spaces are trimmed from all parameter values.
The following code example resets a user's password and returns the new, automatically generated password.
Note |
|---|
This example uses the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type. |
Available since 2.0
.jpeg?cs-save-lang=1&cs-lang=cpp)