I want to reset user's password only if question and answer that user provided is true.I use resetpassword method with passwordanswer parameter. but still password reset always however password answer isn't corrct. :(
how can I reset only if user provided correct question and answer? here is my code:
try
{
MembershipUser user = Membership.GetUser(Membership.GetUserNameByEmail(txtEmail.Text));
if (user != null)
{
if (user.PasswordQuestion == ddlSecurityQuestion.SelectedIndex.ToString())
{
user.ChangePassword(user.ResetPassword(txtSecurityQuestionAnswer.Text), txtNewPassword.Text);
lblError.Text = Resources.Titles.DearUser + user.UserName + Resources.Messages.PasswordRecoveryDone;
}
else
{
lblError.Text = Resources.Messages.QuestionAnswerIsInvalid;
return;
}
}
else
{
lblError.Text = Resources.Messages.EmailIsInvalid;
return;
}
}
catch
{
lblError.Text = Resources.Messages.QuestionAnswerIsInvalid;
throw;
}
but always reset. I don't know how to check password answer when my password hashed and I can't get password.
I found What's wrong with my reset method. I set requiresQuestionAndAnswer to false in web.config. when this option set to false, reset method using PasswordAnswer working however Supplied answer was wrong. When I change requiresQuestionAndAnswer to true, with wrong answer this method throw an exception.