Nissan
Nissan

Reputation: 1995

How to not use ASP.Net Membership Security Question and Answer for custom password recovery?

I don't want to have the security question and answer feature that ASP.Net Membership Provider gives, but I DO want to enable a lost/forgotten password page.

This page would be where a user would enter his/her email address and an email would be sent to that address if the user was registered for them to reset their password via a link sent to that registered email address

I've created the custom table to track such requests, the random key assigned to the request as well as an expiry date on the request. However in writing the code to actually reset the password, I realised that there doesn't seem to be a method that does something like ResetPassword(email, newPassword) without needing to use the Security Q&A bit (which I don't have).

Is there any way to simply reset a user's password via a built in Membership function?

If not, how would I need to get this done?

Thanks in advance for any help given. -Nissan

Upvotes: 2

Views: 7721

Answers (2)

Eduardo Molteni
Eduardo Molteni

Reputation: 39453

Why don't you change this options in web.config?

         enablePasswordRetrieval="false"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"

in

<membership>
   <providers>
      <clear/>
      <add name="AspNetSqlMembershipProvider" ...
      ..........

Upvotes: 3

Nissan
Nissan

Reputation: 1995

What I ended up doing was the following

public string ResetPassword(string email)
        {
            var m_userName = Membership.GetUserNameByEmail(email);
            var m_user = Membership.GetUser(m_userName);
            return m_user.ResetPassword();
        }

then I added a new method to use this value to change the password

public bool ChangeLostPassword(string email, string newPassword)
    {
        var resetPassword = ResetPassword(email);
        var currentUser = Membership.GetUser(Membership.GetUserNameByEmail(email), true);
        return currentUser.ChangePassword(resetPassword, newPassword);

    }

Upvotes: 3

Related Questions