This method is called by the System.Web.Security.MembershipUser class to update the password question and answer for a user in the SQL Server database that is specified in the ASP.NET application's configuration file (Web.config). The password answer is encrypted using the format that is specified in the SqlMembershipProvider.PasswordFormat property.

Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. The SqlMembershipProvider.ChangePasswordQuestionAndAnswer(string, string, string, string) method updates the password question and answer for a membership user.

If an incorrect password is supplied to the SqlMembershipProvider.ChangePasswordQuestionAndAnswer(string, string, string, string) method, the internal counters that track invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by calling the SqlMembershipProvider.UnlockUser(string) method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the SqlMembershipProvider.MaxInvalidPasswordAttempts and SqlMembershipProvider.PasswordAttemptWindow properties.

The maximum length for the password question is 256 characters. The maximum length for the password answer is 128 characters.

For more information, see SqlMembershipProvider.RequiresQuestionAndAnswer, SqlMembershipProvider.ResetPassword(string, string), and SqlMembershipProvider.GetPassword(string, string).

Leading and trailing spaces are trimmed from all parameter values.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0