Edit

Share via


SqlMembershipProvider.ChangePasswordQuestionAndAnswer Method

Definition

Updates the password question and answer for a user in the SQL Server membership database.

public:
 override bool ChangePasswordQuestionAndAnswer(System::String ^ username, System::String ^ password, System::String ^ newPasswordQuestion, System::String ^ newPasswordAnswer);
public override bool ChangePasswordQuestionAndAnswer (string username, string password, string newPasswordQuestion, string newPasswordAnswer);
override this.ChangePasswordQuestionAndAnswer : string * string * string * string -> bool
Public Overrides Function ChangePasswordQuestionAndAnswer (username As String, password As String, newPasswordQuestion As String, newPasswordAnswer As String) As Boolean

Parameters

username
String

The user to change the password question and answer for.

password
String

The password for the specified user.

newPasswordQuestion
String

The new password question for the specified user.

newPasswordAnswer
String

The new password answer for the specified user.

Returns

true if the update was successful; otherwise, false. A value of false is also returned if the password is incorrect, the user is locked out, or the user does not exist in the database.

Exceptions

username is an empty string (""), contains a comma, or is longer than 256 characters.

-or-

password is an empty string or is longer than 128 characters.

-or-

newPasswordQuestion is an empty string or is longer than 256 characters.

-or-

newPasswordAnswer is an empty string or is longer than 128 characters.

-or-

The encoded version of newPasswordAnswer is longer than 128 characters.

username is null.

-or-

password is null.

-or-

newPasswordQuestion is null and RequiresQuestionAndAnswer is true.

-or-

newPasswordAnswer is null and RequiresQuestionAndAnswer is true.

An error occurred when changing the password question and answer in the database.

Examples

The following code example updates the password question and answer for a user.

Note

This example uses the Provider property of the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void ChangePasswordQuestion_OnClick(object sender, EventArgs args)
{
  try
  {
    if (Membership.Provider.ChangePasswordQuestionAndAnswer(User.Identity.Name,
                                                            PasswordTextbox.Text, 
                                                            QuestionTextbox.Text, 
                                                            AnswerTextbox.Text))
      Msg.Text = "Password question and answer changed.";
    else
      Msg.Text = "Change failed. Please reenter your values and try again.";
  }
  catch (System.Configuration.Provider.ProviderException e)
  {
    Msg.Text = "Change failed. Please reenter your values and try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Change Password Question and Answer</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password Question and Answer for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                    ControlToValidate="PasswordTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Question:</td>
      <td><asp:Textbox id="QuestionTextbox" MaxLength="256" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="QuestionRequiredValidator" runat="server"
                                    ControlToValidate="QuestionTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Answer:</td>
      <td><asp:Textbox id="AnswerTextbox" MaxLength="128" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                    ControlToValidate="AnswerTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordQuestionButton" 
                      Text="Change Password Question and Answer" 
                      OnClick="ChangePasswordQuestion_OnClick" 
                      runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub ChangePasswordQuestion_OnClick(sender As Object, args As EventArgs)

  Try
    If Membership.Provider.ChangePasswordQuestionAndAnswer(User.Identity.Name, _
                                                          PasswordTextbox.Text, _ 
                                                          QuestionTextbox.Text, _
                                                          AnswerTextbox.Text) Then
      Msg.Text = "Password question and answer changed."
    Else
      Msg.Text = "Change failed. Please reenter your values and try again."
    End If
  Catch e As System.Configuration.Provider.ProviderException
    Msg.Text = "Change failed. Please reenter your values and try again."
  End Try

End Sub

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Change Password Question and Answer</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password Question and Answer for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                    ControlToValidate="PasswordTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Question:</td>
      <td><asp:Textbox id="QuestionTextbox" MaxLength="256" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="QuestionRequiredValidator" runat="server"
                                    ControlToValidate="QuestionTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>New Password Answer:</td>
      <td><asp:Textbox id="AnswerTextbox" MaxLength="128" Columns="60" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                    ControlToValidate="AnswerTextbox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordQuestionButton" 
                      Text="Change Password Question and Answer" 
                      OnClick="ChangePasswordQuestion_OnClick" 
                      runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>

Remarks

This method is called by the MembershipUser class to update the password question and answer for a user in the SQL Server database that is specified in the ASP.NET application's configuration file (Web.config). The password answer is encrypted using the format that is specified in the PasswordFormat property.

Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. The ChangePasswordQuestionAndAnswer method updates the password question and answer for a membership user.

If an incorrect password is supplied to the ChangePasswordQuestionAndAnswer method, the internal counters that track invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by calling the UnlockUser method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.

The maximum length for the password question is 256 characters. The maximum length for the password answer is 128 characters.

For more information, see RequiresQuestionAndAnswer, ResetPassword, and GetPassword.

Leading and trailing spaces are trimmed from all parameter values.

Applies to

See also