public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new NotSupportedException("Password reset is not enabled.");
}
if (answer == null && RequiresQuestionAndAnswer)
{
UpdateFailureCount(username, "passwordAnswer");
throw new ProviderException("Password answer required for password reset.");
}
string newPassword =
System.Web.Security.Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);
ValidatePasswordEventArgs args =
new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
if (args.FailureInformation != null)
throw args.FailureInformation;
else
throw new MembershipPasswordException("Reset password canceled due to password validation failure.");
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand("SELECT PasswordAnswer, IsLockedOut FROM Users " +
" WHERE Username = @Username AND ApplicationName = @ApplicationName", conn);
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@ApplicationName", pApplicationName);
int rowsAffected = 0;
string passwordAnswer = "";
SqlDataReader reader = null;
try
{
conn.Open();
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.HasRows)
{
reader.Read();
if (reader.GetBoolean(1))
throw new MembershipPasswordException("The supplied user is locked out.");
passwordAnswer = reader.GetString(0);
}
else
{
throw new MembershipPasswordException("The supplied user name is not found.");
}
if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer))
{
UpdateFailureCount(username, "passwordAnswer");
throw new MembershipPasswordException("Incorrect password answer.");
}
SqlCommand updateCmd = new SqlCommand("UPDATE Users " +
" SET Password = @Password, LastPasswordChangedDate = @LastPasswordChangedDate" +
" WHERE Username = @Username AND ApplicationName = @ApplicationName AND IsLockedOut = False", conn);
updateCmd.Parameters.AddWithValue("@Password", EncodePassword(newPassword));
updateCmd.Parameters.AddWithValue("@LastPasswordChangedDate", DateTime.Now);
updateCmd.Parameters.AddWithValue("@Username", username);
updateCmd.Parameters.AddWithValue("@ApplicationName", pApplicationName);
rowsAffected = updateCmd.ExecuteNonQuery();
}
catch (SqlException e)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(e, "ResetPassword");
throw new ProviderException(exceptionMessage);
}
else
{
throw e;
}
}
finally
{
if (reader != null) { reader.Close(); }
conn.Close();
}
if (rowsAffected > 0)
{
return newPassword;
}
else
{
throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset.");
}
}