ValidatePasswordEventArgs Constructor
Collapse the table of content
Expand the table of content

ValidatePasswordEventArgs Constructor (String, String, Boolean)


Creates a new instance of the ValidatePasswordEventArgs class.

Namespace:   System.Web.Security
Assembly:  System.Web.ApplicationServices (in System.Web.ApplicationServices.dll)

public ValidatePasswordEventArgs(
	string userName,
	string password,
	bool isNewUser


Type: System.String

The membership user name for the current create-user, change-password, or reset-password action.

Type: System.String

The new password for the specified membership user.

Type: System.Boolean

true if the event is occurring while a new user is being created; otherwise, false.

The ValidatePasswordEventArgs constructor is used by a membership provider implementation in the CreateUser, ChangePassword, and ResetPassword method implementations.

The following code example shows a sample ChangePassword implementation that creates a new ValidatePasswordEventArgs object to pass to the ValidatingPassword event.

public override bool ChangePassword(string username, string oldPwd, string newPwd)
  if (!ValidateUser(username, oldPwd))
    return false;

  ValidatePasswordEventArgs args =
    new ValidatePasswordEventArgs(username, newPwd, true);


  if (args.Cancel)
    if (args.FailureInformation != null)
      throw args.FailureInformation;
      throw new MembershipPasswordException("Change password canceled due to new password validation failure.");

  OdbcConnection conn = new OdbcConnection(ConnectionString);
  OdbcCommand cmd = new OdbcCommand("UPDATE Users " +
            " SET Password = ?, LastPasswordChangedDate = ? " +
            " WHERE Username = ? AND Password = ? AND ApplicationName = ?", conn);

  cmd.Parameters.Add("@Password", OdbcType.VarChar, 128).Value = EncodePassword(newPwd);
  cmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = DateTime.Now;
  cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;
  cmd.Parameters.Add("@OldPassword", OdbcType.VarChar, 128).Value = oldPwd;
  cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

  int rowsAffected = 0;


    rowsAffected = cmd.ExecuteNonQuery();
  catch (OdbcException)
    // Handle exception.

  if (rowsAffected > 0)
    return true;

  return false;

.NET Framework
Available since 2.0
Return to top
© 2016 Microsoft