This method is called by the System.Web.Security.Membership class to update the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config).

The maximum password length is 128 characters.

If an incorrect password is supplied to the SqlMembershipProvider.ChangePassword(string, string, string) method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the SqlMembershipProvider.UnlockUser(string) method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the SqlMembershipProvider.MaxInvalidPasswordAttempts and SqlMembershipProvider.PasswordAttemptWindow properties.

You can call the SqlMembershipProvider.ChangePassword(string, string, string) method directly by first obtaining a reference to the System.Web.Security.SqlMembershipProvider instance through the Membership.Provider property of the System.Web.Security.Membership class. The Membership.Provider property exposes the defaultProvider specified in the Web.config file for the application. Configured providers that are not the default provider referenced using the Membership.Providers property.

You can also change user passwords by using the MembershipUser.ChangePassword(string, string) method.

Leading and trailing spaces are trimmed from all parameter values.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0