WebSecurity.ResetPassword Method

Resets a password by using a password reset token.

Namespace:  WebMatrix.WebData
Assembly:  WebMatrix.WebData (in WebMatrix.WebData.dll)

public static bool ResetPassword(
	string passwordResetToken,
	string newPassword


Type: System.String
A password reset token.
Type: System.String
The new password.

Return Value

Type: System.Boolean
true if the password was changed; otherwise, false.


The SimpleMembershipProvider.Initialize(String, NameValueCollection) method was not called.


The InitializeDatabaseConnection() method was not called.


The SimpleMembershipProvider membership provider is not registered in the configuration of your site. For more information, contact your site's system administrator.

If users have forgotten their password, they can request a new one. To provide a new password, do the following:

  1. Create a password-reset page that has a field where users can enter their email address.

  2. When a user has entered his or her email address in the password-reset page, verify that the email address represents a valid user. If it does, generate a password reset token by calling the GeneratePasswordResetToken(String, Int32) method.

  3. Create a hyperlink that points to a confirmation page in your site and that includes the token as a query-string parameter in the link's URL.

  4. Send the link to a user in an email message. When the user receives the email message, he or she can click the link to invoke the confirmation page.

  5. Create a confirmation page that extracts the token from the URL parameter and that lets the user enter a new password.

  6. When the user submits the new password, call the ResetPassword(String, String) method and pass the password reset token and the new password. If the token is valid, the password will be reset. If the token is not valid (for example, it has expired), display an error message.

The Starter Site template includes pages that show how to reset a password by using the GeneratePasswordResetToken(String, Int32) method. The initial steps described are in the ForgotPassword.cshtml file, and the subsequent steps are in the PasswordReset.cshtml file.

  • Medium trust for the immediate caller. This member can be used by partially trusted code.