ChangePassword.ChangingPassword Event
Occurs before the password for a user account is changed by the membership provider.
Assembly: System.Web (in System.Web.dll)
The ChangingPassword event is raised before the membership provider specified in the MembershipProvider property is called to change the password for a user account.
Use the ChangingPassword event to perform any processing that is necessary before changing the password, such as checking the new password to make sure it is not in a list of common passwords. The new authorization token for the user is set after the ChangingPassword event but before the ChangedPassword event.
The ChangingPassword event can be canceled by setting the Cancel property of the LoginCancelEventArgs object to true if the event handler determines that the membership provider should not be called.
For more information about handling events, see Handling and Raising Events.
The following code example shows how to use an ASP.NET page that uses a ChangePassword control, and includes a handler for the ChangingPassword event named ChangingPassword. The code in the event handler compares the old password stored in the CurrentPassword property to the new password stored in NewPassword. If the two passwords are the same, changing the password fails.
The ChangePassword control sets the DisplayUserName property to true to enable users to enter their user name. This means that the user does not have to log on to view the page.
The code example assumes that the ASP.NET Web site has been configured to use ASP.NET membership and Forms authentication, and that a user has been created whose name and password are known to you. For more information, see How to: Implement Simple Forms Authentication.
<%@ Page Language="C#" AutoEventWireup="True" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Page_Load(Object sender, EventArgs e) { //Manually register the event-handling methods. ChangePassword1.ChangingPassword += new LoginCancelEventHandler(this._ChangingPassword); } void _ChangingPassword(Object sender, LoginCancelEventArgs e) { if (ChangePassword1.CurrentPassword.ToString() == ChangePassword1.NewPassword.ToString()) { Message1.Visible = true; Message1.Text = "Old password and new password must be different. Please try again."; e.Cancel = true; } else { //This line prevents the error showing up after a first failed attempt. Message1.Visible = false; } } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ChangePassword including a ChangingPassword event handler</title> </head> <body> <form id="form1" runat="server"> <div style="text-align:center"> <h1>ChangePassword</h1> <asp:LoginView ID="LoginView1" Runat="server" Visible="true"> <LoggedInTemplate> <asp:LoginName ID="LoginName1" Runat="server" FormatString="You are logged in as {0}." /> <br /> </LoggedInTemplate> <AnonymousTemplate> You are not logged in </AnonymousTemplate> </asp:LoginView><br /> <asp:ChangePassword ID="ChangePassword1" Runat="server" BorderStyle="Solid" BorderWidth="1" CancelDestinationPageUrl="~/Default.aspx" DisplayUserName="true" OnChangingPassword="_ChangingPassword" ContinueDestinationPageUrl="~/Default.aspx" > </asp:ChangePassword><br /> <asp:Label ID="Message1" Runat="server" ForeColor="Red" /><br /> <asp:HyperLink ID="HyperLink1" Runat="server" NavigateUrl="~/Default.aspx"> Home </asp:HyperLink> </div> </form> </body> </html>
Available since 2.0
OnChangingPassword
ChangePassword Class
System.Web.UI.WebControls Namespace
Server Event Handling in ASP.NET Web Forms Pages
ASP.NET Login Controls Overview
Customizing the Appearance of ASP.NET Login Controls
ASP.NET Web Server Controls Templates
How to: Display Different Information to Anonymous and Logged In Users
Web Site Administration Tool Security Tab
Securing Login Controls
Basic Security Practices for Web Applications
Securing Membership