In ASP.NET Membership, why would resetPassword cause a “Specified Method not supported” error?

Question

using System.Web.Security;

I'm creating a resetPassword form in MVC4:

using System.Web.Security;

[HttpPost]
[AllowAnonymous]
public ActionResult ResetPassword(ResetPasswordModel model)
{
    MembershipUser u = Membership.GetUser(model.Username);

    if (HashResetParams(u.UserName, u.ProviderUserKey.ToString()) == model.Key)
    {
        string resetCode = u.ResetPassword();
        u.ChangePassword(resetCode, model.Password);
    }

    return View("ChangePasswordSuccess");
}

Any idea why I'm getting a "ResetPassword- Specified Method not supported" error when I hit the line:

string resetCode = u.ResetPassword();

I wonder if it has something to do with MVC4 projects defaulting to use the SimpleMembership implementation.

Also, I've seen various approaches on how to reset passwords in ASP.NET Membership, perhaps there's a better way?

Answer 1

If you are using the SimpleMembershipProvider then yes:

By design, the SimpleMembershipProvider class does not implement the full range of functionality that is possible in ASP.NET membership providers, as defined in the MembershipProvider class that is used by all ASP.NET membership providers. Some members are available in the class because they are inherited from the base class, but will throw an exception if you access them.

The alternative would be to use the SqlMembershipProvider

You should have something similar to this in your web.config:

<membership defaultProvider="SqlProvider"
      userIsOnlineTimeWindow="15">
      <providers>
        <add 
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="SqlServices"
          applicationName="MyApplication"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false"
          passwordFormat="Hashed"
          maxInvalidPasswordAttempts="5"
          passwordAttemptWindow="10" />
      </providers>
    </membership>

Answer 2

try to use:

string token = WebSecurity.GeneratePasswordResetToken(userName);
WebSecurity.ResetPassword(token, newPassword);