SqlMembershipProvider.ResetPassword Method (String, String)
Resets a user's password to a new, automatically generated password.
Assembly: System.Web (in System.Web.dll)
Public Overrides Function ResetPassword ( username As String, passwordAnswer As String ) As String
Parameters
- username
-
Type:
System.String
The user to reset the password for.
- passwordAnswer
-
Type:
System.String
The password answer for the specified user.
| Exception | Condition |
|---|---|
| System.Web.Security.MembershipPasswordException | passwordAnswer is invalid. - or - The user account is currently locked. |
| System.NotSupportedException | EnablePasswordReset is set to false. |
| System.Configuration.Provider.ProviderException | username is not found in the membership database. - or - The change password action was canceled by a subscriber to the ValidatingPassword event and the FailureInformation property was null. - or - An error occurred while retrieving the password from the database. |
| System.ArgumentException | username is an empty string (""), contains a comma, or is longer than 256 characters. - or - passwordAnswer is an empty string, or is longer than 128 characters, and RequiresQuestionAndAnswer is true. - or - passwordAnswer is longer than 128 characters after encoding. |
| System.ArgumentNullException | |
| Exception | An unhandled exception occurred. |
This method is called by the Membership class to reset the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config) to a new, randomly generated value. The new password is returned.
Note |
|---|
The random password created by the ResetPassword method is not guaranteed to pass the regular expression in the PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties. |
The ResetPassword method is most commonly used when the PasswordFormat property is set to Hashed. If a user forgets a password that is hashed, the password cannot be retrieved. However, the provider can reset the password to a new, automatically generated password if the user supplies the correct password answer.
If an incorrect password answer is supplied to the ResetPassword method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the UnlockUser method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.
You can call the ResetPassword method directly by first obtaining a reference to the SqlMembershipProvider instance from the Provider property of the Membership class. The generated password will be at least 14 characters long, or the length specified in the MinRequiredPasswordLength property, and will contain the number of non-alphanumeric characters specified in the MinRequiredNonAlphanumericCharacters property. The password is not guaranteed to pass the regular expression contained in the PasswordStrengthRegularExpression property, if one is specified.
Leading and trailing spaces are trimmed from all parameter values.
The following code example resets a user's password and returns the new, automatically generated password.
Note |
|---|
This example uses the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type. |
<%@ Page Language="VB" %> <%@ Import Namespace="System.Web.Security" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Public Sub Page_Load(sender As Object, args As EventArgs) If Not Membership.EnablePasswordReset Then FormsAuthentication.RedirectToLoginPage() End If Msg.Text = "" If Not IsPostBack Then Msg.Text = "Please enter a user name." Else VerifyUsername() End If End Sub Public Sub VerifyUsername() Dim user As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False) If user Is Nothing Then Msg.Text = "The user name " & Server.HtmlEncode(UsernameTextBox.Text) & " was not found. Please check the value and reenter your user name." QuestionLabel.Text = "" QuestionLabel.Enabled = False AnswerTextBox.Enabled = False ResetPasswordButton.Enabled = False Else QuestionLabel.Text = user.PasswordQuestion QuestionLabel.Enabled = True AnswerTextBox.Enabled = True ResetPasswordButton.Enabled = True End If End Sub Public Sub ResetPassword_OnClick(sender As Object, args As EventArgs) Dim newPassword As String = "" Try newPassword = Membership.Provider.ResetPassword(UsernameTextBox.Text, AnswerTextBox.Text) Catch e As NotSupportedException Msg.Text = "An error has occurred resetting your password: " & e.Message & "." & _ "Please check your values and try again." Catch e As MembershipPasswordException Msg.Text = "Invalid password answer. Please reenter the answer and try again." Return Catch e As System.Configuration.Provider.ProviderException Msg.Text = "The specified user name does not exist. Please check your value and try again." End Try If newPassword <> "" Then Msg.Text = "Password reset. Your new password is: " & Server.HtmlEncode(newPassword) Else Msg.Text = "Password reset failed. Please reenter your values and try again." End If End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Sample: Reset Password</title> </head> <body> <form id="form1" runat="server"> <h3>Reset Password</h3> <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br /> Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" /> <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server" ControlToValidate="UsernameTextBox" ForeColor="red" Display="Static" ErrorMessage="Required" /><br /> Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br /> Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="False" /> <asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server" ControlToValidate="AnswerTextBox" ForeColor="red" Display="Static" ErrorMessage="Required" Enabled="False" /><br /> <asp:Button id="ResetPasswordButton" Text="Reset Password" OnClick="ResetPassword_OnClick" runat="server" Enabled="False" /> </form> </body> </html>
Available since 2.0
.jpeg?cs-save-lang=1&cs-lang=vb)