ASP.NET Password Control

safeastinkywinky

safeastinkywinky

safeastinkywinky

Associate
Joined
25 Aug 2004
Posts
163
Location
Reading
I need to replace the password for a user using ASP.NET. But I do not have the original password to the answer to the user's secret question. How do I override the PasswordControls default parameters and methods? Is there example code to do this. Do I need to change the members web.config file?
 
I've used the MS help code pretty much and tried to reset the password using:

Code: 
 string resPassword;
    string newPassword = PasswordRes.Text;
    string userIDText = UserID.Text;
    string emailText = Email.Text;
    string notSet = (string)GetLocalResourceObject("NotSet");
    try {
        MembershipUser mu = MembershipProvider.GetUser(UserID.Text, false /* isOnline */);
        mu.Email = Email.Text;
        if (
            Description.Text != null && !Description.Text.Equals(notSet)) {
            mu.Comment = Description.Text;
        }

 // Change request Q and A to false in order to reset password
        
        SqlMembershipProvider memProv = new SqlMembershipProvider();
        memProv.RequiresQuestionAndAnswer = false;
        
        // Reset the password
        
        try
        {
            resPassword = mu.ResetPassword();
        }
        catch (Exception ex)
        {
            PassInfoLabel.Text = "Invalid password answer, override q/a thing";
            return;
        }

        newPassword = mu.ResetPassword();

...But RequiresQuestionAndAnswer is read-only!!! And I need to change that as I don't have the required question and answer.

This bit of code would prob work ok, if only I could change the RequiresQuestionAndAnswer flag!

Code: 
try
  {
    if (mu.ChangePassword(resetPassword, newPassword))
    {
      Msg.Text = "Password changed.";
    }
    else
    {
      Msg.Text = "Password change failed. Please re-enter your values and try again.";
    }
  }
  catch (Exception e)
  {
    Msg.Text = "An exception occurred: " + Server.HtmlEncode(e.Message) + ". Please re-enter your values and try again.";
  }
}
 
In fact I don't think this is possible without editing the web.config file... Which I was trying to avoid in order not to make global changes. Also the code above is chopped from mine and the MS version, so objects may not correspond!

If it is possible without modifying the web.config then please let me know!
 
You must log in or register to reply here.
Back
Top Bottom