I don't want to have the security question and answer feature that ASP.Net Membership Provider gives, but I DO want to enable a lost/forgotten password page.
This page would be where a user would enter his/her email address and an email would be sent to that address if the user was registered for them to reset their password via a link sent to that registered email address
I've created the custom table to track such requests, the random key assigned to the request as well as an expiry date on the request. However in writing the code to actually reset the password, I realised that there doesn't seem to be a method that does something like ResetPassword(email, newPassword) without needing to use the Security Q&A bit (which I don't have).
Is there any way to simply reset a user's password via a built in Membership function?
If not, how would I need to get this done?
Thanks in advance for any help given. -Nissan
What I ended up doing was the following
public string ResetPassword(string email)
{
var m_userName = Membership.GetUserNameByEmail(email);
var m_user = Membership.GetUser(m_userName);
return m_user.ResetPassword();
}
then I added a new method to use this value to change the password
public bool ChangeLostPassword(string email, string newPassword)
{
var resetPassword = ResetPassword(email);
var currentUser = Membership.GetUser(Membership.GetUserNameByEmail(email), true);
return currentUser.ChangePassword(resetPassword, newPassword);
}
Why don't you change this options in web.config?
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
in
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" ...
..........
来源:https://stackoverflow.com/questions/920334/how-to-not-use-asp-net-membership-security-question-and-answer-for-custom-passwo