public override bool ChangePasswordQuestionAndAnswer(string username,
string password,
string newPwdQuestion,
string newPwdAnswer)
{
if (!ValidateUser(username, password))
return false;
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand("UPDATE Users " +
" SET PasswordQuestion = @Question, PasswordAnswer = @Answer" +
" WHERE Username = @Username AND ApplicationName = @ApplicationName", conn);
cmd.Parameters.AddWithValue("@Question", newPwdQuestion);
cmd.Parameters.AddWithValue("@Answer", EncodePassword(newPwdAnswer));
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@ApplicationName", pApplicationName);
int rowsAffected = 0;
try
{
conn.Open();
rowsAffected = cmd.ExecuteNonQuery();
}
catch (SqlException e)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(e, "ChangePasswordQuestionAndAnswer");
throw new ProviderException(exceptionMessage);
}
else
{
throw e;
}
}
finally
{
conn.Close();
}
if (rowsAffected > 0)
{
return true;
}
return false;
}