ResetPassword Requiring passwordAnswer

[Vernon Peppers]

I have a site that is using membership as provided with ASP.NET. I have a
page to reset the password, that is only available to the site administrator.
I have RequireQuestionandAnswer set to false.

web.config entries
<connectionStrings>
<add name="UserInfoConnectionString" connectionString="Data
Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data
Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>

<membership userIsOnlineTimeWindow="20">
<providers>
<add connectionStringName="UserInfoConnectionString"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresUniqueEmail="false" requiresQuestionAndAnswer="false"
maxInvalidPasswordAttempts="5" passwordFormat="Hashed" applicationName="/"
name="SQLProvider" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>

VB Code
labelReset.Text = "Password for " & ddUsers.Text & vbCrLf & "has been
changed to " & User.ResetPassword()

Whenever I run the site, and try to reset a password, I get an error that
the passwordAnswer can't be null. How do I fix this?

 

[Steven Cheng [MSFT]]

Hi vpeppers,

Regarding on the your description, you found that the "ResetPassword"
(without RequireQuestionAndAnswer) not work as expected in your ASP.NET
application, correct?

I've performed a quick test via a simple ASP.NET application that use SQL
membership provider. When you set "requiresQuestionAndAnswer" to "false",
you should be able to call "ResetPassword" without giving the answer(of the
secure question). I think the problem should be caused by something else.

In the configuration section you provided, you use the following schema to
register your customized provider:

===========
<membership userIsOnlineTimeWindow="20">
<providers>
<add connectionStringName="UserInfoConnectionString"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresUniqueEmail="false" requiresQuestionAndAnswer="false"
maxInvalidPasswordAttempts="5" passwordFormat="Hashed" applicationName="/"
name="SQLProvider" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>
==========

However, I found that you haven't specify the "defaultProvider" as below.
This is required if you want the ASP.NET membership to use your new
custoimzed provider, otherwise, the runtime may still use the default
provider(set in the machine.config level):

<membership defaultProvider="NewAspNetSqlMembershipProvider">

you can even first clear all the old providers. e.g.

=============
<membership defaultProvider="NewAspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="NewAspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MYASPDBConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
=================

Above is my test membership configure section which works as expected. You
can also try it to see whether it works.

Hope this helps you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------

From: =?Utf-8?B?VmVybm9uIFBlcHBlcnM=?= <[email protected]>
Subject: ResetPassword Requiring passwordAnswer
Date: Mon, 31 Mar 2008 19:23:02 -0700

I have a site that is using membership as provided with ASP.NET. I have a
page to reset the password, that is only available to the site administrator.
I have RequireQuestionandAnswer set to false.

web.config entries
<connectionStrings>
<add name="UserInfoConnectionString" connectionString="Data
Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrate

d

Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
<add name="ASPNETDBConnectionString" connectionString="Data
Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrate

d

 

[Vernon Peppers]

That fixed it. Thanks ever so much.

Hi vpeppers,

Regarding on the your description, you found that the "ResetPassword"
(without RequireQuestionAndAnswer) not work as expected in your ASP.NET
application, correct?

I've performed a quick test via a simple ASP.NET application that use SQL
membership provider. When you set "requiresQuestionAndAnswer" to "false",
you should be able to call "ResetPassword" without giving the answer(of the
secure question). I think the problem should be caused by something else.

In the configuration section you provided, you use the following schema to
register your customized provider:

===========
<membership userIsOnlineTimeWindow="20">
<providers>
<add connectionStringName="UserInfoConnectionString"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresUniqueEmail="false" requiresQuestionAndAnswer="false"
maxInvalidPasswordAttempts="5" passwordFormat="Hashed" applicationName="/"
name="SQLProvider" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>
==========

However, I found that you haven't specify the "defaultProvider" as below.
This is required if you want the ASP.NET membership to use your new
custoimzed provider, otherwise, the runtime may still use the default
provider(set in the machine.config level):

<membership defaultProvider="NewAspNetSqlMembershipProvider">

you can even first clear all the old providers. e.g.

=============
<membership defaultProvider="NewAspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="NewAspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MYASPDBConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
=================

Above is my test membership configure section which works as expected. You
can also try it to see whether it works.

Hope this helps you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Steven Cheng [MSFT]]

That's great! I'm glad that the problem is resolved.

Have a nice day!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?VmVybm9uIFBlcHBlcnM=?= <[email protected]>
References: <[email protected]>

Subject: RE: ResetPassword Requiring passwordAnswer
Date: Tue, 1 Apr 2008 06:20:01 -0700