SqlMembershipProvider.ChangePassword(String, String, String) Method

Definition

Modifies a user's password.

public:
 override bool ChangePassword(System::String ^ username, System::String ^ oldPassword, System::String ^ newPassword);
public override bool ChangePassword (string username, string oldPassword, string newPassword);
override this.ChangePassword : string * string * string -> bool
Public Overrides Function ChangePassword (username As String, oldPassword As String, newPassword As String) As Boolean

Parameters

username
String

The user to update the password for.

oldPassword
String

The current password for the specified user.

newPassword
String

The new password for the specified user.

Returns

true if the password was updated successfully. false if the supplied old password is invalid, the user is locked out, or the user does not exist in the database.

Exceptions

username is an empty string (""), contains a comma, or is longer than 256 characters.

-or-

oldPassword is an empty string or longer than 128 characters.

-or-

newPassword is an empty string or longer than 128 characters.

-or-

The encoded version of newPassword is greater than 128 characters.

-or-

The change-password action was canceled by a subscriber to the ValidatingPassword event, and the FailureInformation property was null.

-or-

The length of newPassword is less than the minimum length specified in the MinRequiredPasswordLength property.

-or-

The number of non-alphabetic characters in newPassword is less than the required number of non-alphabetic characters specified in the MinRequiredNonAlphanumericCharacters property.

-or-

newPassword does not pass the regular expression defined in the PasswordStrengthRegularExpression property.

username is null.

-or-

oldPassword is null.

-or-

newPassword is null.

username was not found in the database.

An error occurred while setting the new password value at the database.

An unhandled exception occurred.

Examples

The following code example modifies the password for the specified user.

Note

This example uses the Provider property of the Membership class to call the SqlMembershipProvider specified as the defaultProvider in the Web.config file. If you need to access the default provider as the type SqlMembershipProvider, you can cast the Provider property of the Membership class. To access other configured providers as a specific provider type, you can access them by their configured name with the Providers property of the Membership class and cast them as the specific provider type.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void ChangePassword_OnClick(object sender, EventArgs args)
{
  try
  {
    // Update the password.

    if (Membership.Provider.ChangePassword(User.Identity.Name, OldPasswordTextbox.Text, PasswordTextbox.Text))
    {
      Msg.Text = "Password changed.";
      return;
    }
  }
  catch
  {
  }

  Msg.Text = "Password change failed. Please re-enter your values and try again.";
}


</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Change Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" />

  <table cellpadding="3" border="0">
    <tr>
      <td>Old Password:</td>
      <td><asp:Textbox id="OldPasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                      ControlToValidate="OldPasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
                                      ControlToValidate="PasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" 
                                      ErrorMessage="Required" />
          <asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" ControlToCompare="PasswordTextBox"
                                      ErrorMessage="Confirm password must match password." />
      </td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordButton" Text="Change Password" 
                      OnClick="ChangePassword_OnClick" runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub ChangePassword_OnClick(sender As Object, args As EventArgs)
  Try
    ' Update the password.

    If Membership.Provider.ChangePassword(User.Identity.Name, _
                                          OldPasswordTextbox.Text, _
                                          PasswordTextbox.Text) Then 
      Msg.Text = "Password changed."
      Return
    End If
  Catch
  End Try

  Msg.Text = "Password change failed. Please re-enter your values and try again."
End Sub

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Change Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Change Password for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" />

  <table cellpadding="3" border="0">
    <tr>
      <td>Old Password:</td>
      <td><asp:Textbox id="OldPasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="OldPasswordRequiredValidator" runat="server"
                                      ControlToValidate="OldPasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordRequiredValidator" runat="server"
                                      ControlToValidate="PasswordTextbox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><asp:Textbox id="PasswordConfirmTextbox" runat="server" TextMode="Password" /></td>
      <td><asp:RequiredFieldValidator id="PasswordConfirmRequiredValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" 
                                      ErrorMessage="Required" />
          <asp:CompareValidator id="PasswordConfirmCompareValidator" runat="server"
                                      ControlToValidate="PasswordConfirmTextbox" ForeColor="red"
                                      Display="Static" ControlToCompare="PasswordTextBox"
                                      ErrorMessage="Confirm password must match password." />
      </td>
    </tr>
    <tr>
      <td></td>
      <td><asp:Button id="ChangePasswordButton" Text="Change Password" 
                      OnClick="ChangePassword_OnClick" runat="server" /></td>
    </tr>
  </table>
</form>

</body>
</html>

Remarks

This method is called by the Membership class to update the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config).

The maximum password length is 128 characters.

If an incorrect password is supplied to the ChangePassword method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the UnlockUser method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the MaxInvalidPasswordAttempts and PasswordAttemptWindow properties.

You can call the ChangePassword method directly by first obtaining a reference to the SqlMembershipProvider instance through the Provider property of the Membership class. The Provider property exposes the defaultProvider specified in the Web.config file for the application. Configured providers that are not the default provider referenced using the Providers property.

You can also change user passwords by using the ChangePassword method.

Leading and trailing spaces are trimmed from all parameter values.

Applies to

See also