MembershipUser.ResetPassword Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Resets a user's password to a new, automatically generated password.
Overloads
| ResetPassword() |
Resets a user's password to a new, automatically generated password. |
| ResetPassword(String) |
Resets a user's password to a new, automatically generated password. |
ResetPassword()
Resets a user's password to a new, automatically generated password.
public:
virtual System::String ^ ResetPassword();public virtual string ResetPassword ();abstract member ResetPassword : unit -> string
override this.ResetPassword : unit -> stringPublic Overridable Function ResetPassword () As StringReturns
The new password for the membership user.
Exceptions
This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.
Examples
The following code example resets a user's password and returns the new, automatically generated password. Note that RequiresQuestionAndAnswer is assumed to be false.
Important
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
MembershipUser u;
public void Page_Load(object sender, EventArgs args)
{
if (!Membership.EnablePasswordReset)
{
FormsAuthentication.RedirectToLoginPage();
}
Msg.Text = "";
if (!IsPostBack)
{
Msg.Text = "Please supply a username.";
}
else
{
VerifyUsername();
}
}
public void VerifyUsername()
{
u = Membership.GetUser(UsernameTextBox.Text, false);
if (u == null)
{
Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
ResetPasswordButton.Enabled = false;
}
else
{
ResetPasswordButton.Enabled = true;
}
}
public void ResetPassword_OnClick(object sender, EventArgs args)
{
string newPassword;
u = Membership.GetUser(UsernameTextBox.Text, false);
if (u == null)
{
Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
return;
}
try
{
newPassword = u.ResetPassword();
}
catch (MembershipPasswordException e)
{
Msg.Text = "Invalid password answer. Please re-enter and try again.";
return;
}
catch (Exception e)
{
Msg.Text = e.Message;
return;
}
if (newPassword != null)
{
Msg.Text = "Password reset. Your new password is: " + Server.HtmlEncode(newPassword);
}
else
{
Msg.Text = "Password reset failed. Please re-enter your values and try again.";
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Reset Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
<asp:Button id="ResetPasswordButton" Text="Reset Password"
OnClick="ResetPassword_OnClick" runat="server" Enabled="false" />
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Dim u As MembershipUser
Public Sub Page_Load(sender As Object, args As EventArgs)
If Not Membership.EnablePasswordReset Then
FormsAuthentication.RedirectToLoginPage()
End If
Msg.Text = ""
If Not IsPostBack Then
Msg.Text = "Please supply a username."
Else
VerifyUsername()
End If
End Sub
Public Sub VerifyUsername()
u = Membership.GetUser(UsernameTextBox.Text, False)
If u Is Nothing Then
Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."
ResetPasswordButton.Enabled = False
Else
ResetPasswordButton.Enabled = True
End If
End Sub
Public Sub ResetPassword_OnClick(sender As Object, args As EventArgs)
Dim newPassword As String
u = Membership.GetUser(UsernameTextBox.Text, False)
If u Is Nothing Then
Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."
Return
End If
Try
newPassword = u.ResetPassword()
Catch e As MembershipPasswordException
Msg.Text = "Invalid password answer. Please re-enter and try again."
Return
Catch e As Exception
Msg.Text = e.Message
Return
End Try
If Not newPassword Is Nothing Then
Msg.Text = "Password reset. Your new password is: " & Server.HtmlEncode(newPassword)
Else
Msg.Text = "Password reset failed. Please re-enter your values and try again."
End If
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Reset Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
<asp:Button id="ResetPasswordButton" Text="Reset Password"
OnClick="ResetPassword_OnClick" runat="server" Enabled="False" />
</form>
</body>
</html>
Remarks
ResetPassword calls the MembershipProvider.ResetPassword method of the membership provider referenced by the ProviderName property to reset the password for the membership user to a new, automatically generated password. The new password is then returned to the caller.
If EnablePasswordReset is false, the membership provider will return an exception.
If RequiresQuestionAndAnswer is true, you must use the ResetPassword overload that takes a password answer as a parameter and supply the password answer for the membership user. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.
See also
Applies to
ResetPassword(String)
Resets a user's password to a new, automatically generated password.
public:
virtual System::String ^ ResetPassword(System::String ^ passwordAnswer);public virtual string ResetPassword (string passwordAnswer);abstract member ResetPassword : string -> string
override this.ResetPassword : string -> stringPublic Overridable Function ResetPassword (passwordAnswer As String) As StringParameters
- passwordAnswer
- String
The password answer for the membership user.
Returns
The new password for the membership user.
Exceptions
This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.
Examples
The following code example resets a user's password and returns the new, automatically generated password.
Important
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
MembershipUser u;
public void Page_Load(object sender, EventArgs args)
{
if (!Membership.EnablePasswordReset)
{
FormsAuthentication.RedirectToLoginPage();
}
Msg.Text = "";
if (!IsPostBack)
{
Msg.Text = "Please supply a username.";
}
else
{
VerifyUsername();
}
}
public void VerifyUsername()
{
u = Membership.GetUser(UsernameTextBox.Text, false);
if (u == null)
{
Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
QuestionLabel.Text = "";
QuestionLabel.Enabled = false;
AnswerTextBox.Enabled = false;
ResetPasswordButton.Enabled = false;
}
else
{
QuestionLabel.Text = u.PasswordQuestion;
QuestionLabel.Enabled = true;
AnswerTextBox.Enabled = true;
ResetPasswordButton.Enabled = true;
}
}
public void ResetPassword_OnClick(object sender, EventArgs args)
{
string newPassword;
u = Membership.GetUser(UsernameTextBox.Text, false);
if (u == null)
{
Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
return;
}
try
{
newPassword = u.ResetPassword(AnswerTextBox.Text);
}
catch (MembershipPasswordException e)
{
Msg.Text = "Invalid password answer. Please re-enter and try again.";
return;
}
catch (Exception e)
{
Msg.Text = e.Message;
return;
}
if (newPassword != null)
{
Msg.Text = "Password reset. Your new password is: " + Server.HtmlEncode(newPassword);
}
else
{
Msg.Text = "Password reset failed. Please re-enter your values and try again.";
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Reset Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />
Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
<asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
ControlToValidate="AnswerTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" Enabled="false" /><br />
<asp:Button id="ResetPasswordButton" Text="Reset Password"
OnClick="ResetPassword_OnClick" runat="server" Enabled="false" />
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Dim u As MembershipUser
Public Sub Page_Load(sender As Object, args As EventArgs)
If Not Membership.EnablePasswordReset Then
FormsAuthentication.RedirectToLoginPage()
End If
Msg.Text = ""
If Not IsPostBack Then
Msg.Text = "Please supply a username."
Else
VerifyUsername()
End If
End Sub
Public Sub VerifyUsername()
u = Membership.GetUser(UsernameTextBox.Text, False)
If u Is Nothing Then
Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."
QuestionLabel.Text = ""
QuestionLabel.Enabled = False
AnswerTextBox.Enabled = False
ResetPasswordButton.Enabled = False
Else
QuestionLabel.Text = u.PasswordQuestion
QuestionLabel.Enabled = True
AnswerTextBox.Enabled = True
ResetPasswordButton.Enabled = True
End If
End Sub
Public Sub ResetPassword_OnClick(sender As Object, args As EventArgs)
Dim newPassword As String
u = Membership.GetUser(UsernameTextBox.Text, False)
If u Is Nothing Then
Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."
Return
End If
Try
newPassword = u.ResetPassword(AnswerTextBox.Text)
Catch e As MembershipPasswordException
Msg.Text = "Invalid password answer. Please re-enter and try again."
Return
Catch e As Exception
Msg.Text = e.Message
Return
End Try
If Not newPassword Is Nothing Then
Msg.Text = "Password reset. Your new password is: " & Server.HtmlEncode(newPassword)
Else
Msg.Text = "Password reset failed. Please re-enter your values and try again."
End If
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Reset Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />
Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="False" />
<asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
ControlToValidate="AnswerTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" Enabled="False" /><br />
<asp:Button id="ResetPasswordButton" Text="Reset Password"
OnClick="ResetPassword_OnClick" runat="server" Enabled="False" />
</form>
</body>
</html>
Remarks
ResetPassword calls the MembershipProvider.ResetPassword method of the membership provider referenced by the ProviderName property to reset the password for the membership user to a new, automatically generated password. The new password is then returned to the caller.
If EnablePasswordReset is false, the membership provider will return an exception.
If RequiresQuestionAndAnswer is false, you can supply null for the answer parameter, or use the ResetPassword overload that does not take any parameters.
If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.
