System.Web.Security.SqlMembershipProvider.ResetPassword Method

Resets a user's password to a new, automatically generated password.

Syntax

public override string ResetPassword (string username, string answer)

Parameters

answer
Documentation for this section has not yet been entered.
username
The user to reset the password for.

Returns

The new password for the specified user.

Remarks

This method is called by the System.Web.Security.Membership class to reset the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config) to a new, randomly generated value. The new password is returned.

Note:

The random password created by the SqlMembershipProvider.ResetPassword(string, string) method is not guaranteed to pass the regular expression in the SqlMembershipProvider.PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the SqlMembershipProvider.MinRequiredPasswordLength and SqlMembershipProvider.MinRequiredNonAlphanumericCharacters properties.

The SqlMembershipProvider.ResetPassword(string, string) method is most commonly used when the SqlMembershipProvider.PasswordFormat property is set to Hashed. If a user forgets a password that is hashed, the password cannot be retrieved. However, the provider can reset the password to a new, automatically generated password if the user supplies the correct password answer.

If an incorrect password answer is supplied to the SqlMembershipProvider.ResetPassword(string, string) method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the SqlMembershipProvider.UnlockUser(string) method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the SqlMembershipProvider.MaxInvalidPasswordAttempts and SqlMembershipProvider.PasswordAttemptWindow properties.

You can call the SqlMembershipProvider.ResetPassword(string, string) method directly by first obtaining a reference to the System.Web.Security.SqlMembershipProvider instance from the Membership.Provider property of the System.Web.Security.Membership class. The generated password will be at least 14 characters long, or the length specified in the SqlMembershipProvider.MinRequiredPasswordLength property, and will contain the number of non-alphanumeric characters specified in the SqlMembershipProvider.MinRequiredNonAlphanumericCharacters property. The password is not guaranteed to pass the regular expression contained in the SqlMembershipProvider.PasswordStrengthRegularExpression property, if one is specified.

Leading and trailing spaces are trimmed from all parameter values.

Requirements

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0