Validate Old Password Before Change Password

Question

I tried to change password my account in LDAP using ActiveDirectoryMembershipProvider.ChangePassword

MembershipUser currentUser = Membership.GetUser(User.Identity.Name, userIsOnline: true);
changePasswordSucceeded = currentUser.ChangePassword(model.OldPassword, model.NewPassword);

If i enter wrong old password, the ChangePassword return false. My question is: is false result from ChangePassword method means my old password is wrong? If not, how can i detect if I enter wrong password?

Thanks!

Answer 1

The MembershipUser.ChangePassword() method returns true if the update was successful. It does not provide any information if the oldpassword has been wrong or not.

As this method calls the ChangePassword() method of the underlaying membership provider it could also throw an exception if the membership provider has restriction on e.g the size of the password which the new password didn`t match.

Throws ArgumentException if

• newPassword is less than the minimum password size specified in the MinRequiredPasswordLength property

• newPassword contains fewer than the number of non-alphabetic characters specified in the MinRequiredNonAlphanumericCharacters property

• newPassword fails validation by the regular expression defined in the PasswordStrengthRegularExpression property.

Throws MembershipPasswordException if

• newPassword does not meet the complexity requirements defined by the Active Directory server.

To check your old password you can use the MembershipProvider.ValidateUser() method.