This method resets a user's password and returns a new automatically generated password.
Declaration
// C# public override string ResetPassword(string userName, string passwordAnswer);
Parameters
userName
The user to reset the password for.
passwordAnswer
The password answer for the specified user.
Return Value
The new password for the specified user.
Exceptions
ArgumentNullException - The userName parameter is a null reference, or the passwordAnswer parameter is null when the RequiresQuestionAndAnswer property is true.
System.Web.Security.MembershipPasswordException - The passwordAnswer parameter is invalid or the user identified by the userName parameter is locked out.
ArgumentException - One of the following conditions exists:
The userName parameter is an empty string, contains a comma, or is longer than 256 characters.
The passwordAnswer parameter is an empty string and RequiresQuestionAndAnswer property is true, or the passwordAnswer parameter is longer than 128 characters (including the encoded version).
System.Configuration.Provider.ProviderException - One of the following conditions exists:
userName was not found in the membership database.
The reset-password operation was canceled by a subscriber to the ValidatingPassword event and the FailureInformation property was a null reference.
An error occurred when resetting the password in the membership database.
NotSupportedException - The EnablePasswordReset property is set to false.
Exception - An unhandled exception occurred.
Remarks
Leading and trailing spaces are trimmed from the userName and passwordAnswer parameter values.
The ResetPassword method is most commonly used when the PasswordFormat property is set to Hashed. If a user forgets a password that is in hashed format, the password cannot be retrieved. However, the provider can reset the password to a new, automatically generated password if the user supplies the correct password answer. The ResetPassword method requires that the EnablePasswordReset property is set to true. If an incorrect password answer is supplied to the ResetPassword method, then the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the UnlockUser method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero.
The random password generated by the ResetPassword method is not guaranteed to pass the regular expression in the PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties.