public override string ResetPassword (string username, string answer)
{
if (!EnablePasswordReset)
throw new NotSupportedException ("this provider has not been configured to allow the resetting of passwords");
CheckParam ("username", username, 256);
if (RequiresQuestionAndAnswer)
CheckParam ("answer", answer, 128);
using (DbConnection connection = CreateConnection ()) {
PasswordInfo pi = GetPasswordInfo (username);
if (pi == null)
throw new ProviderException (username + "is not found in the membership database");
string newPassword = GeneratePassword ();
EmitValidatingPassword (username, newPassword, false);
string db_password = EncodePassword (newPassword, pi.PasswordFormat, pi.PasswordSalt);
string db_answer = EncodePassword (answer, pi.PasswordFormat, pi.PasswordSalt);
DbCommand command = factory.CreateCommand ();
command.Connection = connection;
command.CommandText = @"aspnet_Membership_ResetPassword";
command.CommandType = CommandType.StoredProcedure;
AddParameter (command, "@ApplicationName", ApplicationName);
AddParameter (command, "@UserName", username);
AddParameter (command, "@NewPassword", db_password);
AddParameter (command, "@MaxInvalidPasswordAttempts", MaxInvalidPasswordAttempts);
AddParameter (command, "@PasswordAttemptWindow", PasswordAttemptWindow);
AddParameter (command, "@PasswordSalt", pi.PasswordSalt);
AddParameter (command, "@CurrentTimeUtc", DateTime.UtcNow);
AddParameter (command, "@PasswordFormat", (int) pi.PasswordFormat);
AddParameter (command, "@PasswordAnswer", db_answer);
DbParameter retValue = AddParameter (command, "@ReturnVal", ParameterDirection.ReturnValue, DbType.Int32, null);
command.ExecuteNonQuery ();
int returnValue = GetReturnValue (retValue);
if (returnValue == 0)
return newPassword;
else if (returnValue == 3)
throw new MembershipPasswordException ("Password Answer is invalid");
else if (returnValue == 99)
throw new MembershipPasswordException ("The user account is currently locked out");
else
throw new ProviderException ("Failed to reset password");
}
}