Search code examples
c#asp.netasp.net-membershiproleprovidersqlmembershipprovider

Cannot login with new password after resetting using SqlMembership Provider

After resetting the password using SqlMembership provider.I am unable to login with the new password. Below is the line of code used to reset the password for dbo.aspnet_Membership table. Password is encrypted . Everytime I reset the password a new encrypted value is stored inside the table. But unable to login.

My webconfig setting:

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"    connectionStringName="xxxx" applicationName="xxxx" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" />
  </providers>
</membership>

C# code:

Membership user= Membership.GetUser(txtUser.Text);
user.ResetPassword(txtNewPassword.Text);

Can anyone help me with this.Why I can't still login with the new password?

Solution

  • ResetPassword is not actually the function you should be using for setting a new user password. See:

    http://msdn.microsoft.com/en-us/library/d94bdzz2(v=vs.110).aspx

    ResetPassword is for generating a new random password (imagine a forgot my password link). The constructor you're using (string) isn't for the new password, it's for answering a secret question if applicable.

    The method you should actually be using is ChangePassword. See:

    http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword(v=vs.110).aspx

    You'd consume that similar to:

    Membership user= Membership.GetUser(txtUser.Text);
user.ChangePassword(oldPasswordString, txtNewPassword.Text);