public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            /*
             * Takes, as input, a user name, a password (the user's current password), and a
             * new password and updates the password in the membership data source.
             * ChangePassword returns true if the password was updated successfully. Otherwise,
             * it returns false. Before changing a password, ChangePassword calls the provider's
             * virtual OnValidatingPassword method to validate the new password. It then
             * changes the password or cancels the action based on the outcome of the call. If the
             * user name, password, new password, or password answer is not valid,
             * ChangePassword does not throw an exception; it simply returns false. Following a
             * successful password change, ChangePassword updates the user's
             * LastPasswordChangedDate.
             */

            bool result = false;

            if (
                (username == null) || (username == String.Empty)
                || (oldPassword == null) || (oldPassword == String.Empty)
                || (newPassword == null) || (newPassword == String.Empty)
                )
            {
                return result;
            }

            SiteSettings siteSettings = GetSiteSettings();
            if (siteSettings == null) { return result; }

            if (newPassword.Length < siteSettings.MinRequiredPasswordLength)
            {
                throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordNotLongEnoughMessage.config"));
            }

            int countNonAlphanumericCharacters = 0;
            for (int i = 0; i < newPassword.Length; i++)
            {
                if (!char.IsLetterOrDigit(newPassword, i))
                {
                    countNonAlphanumericCharacters++;
                }
            }

            if (countNonAlphanumericCharacters < siteSettings.MinRequiredNonAlphanumericCharacters)
            {
                throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordRequiresMoreNonAlphanumericCharactersMessage.config"));
            }

            if (siteSettings.PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(newPassword, siteSettings.PasswordStrengthRegularExpression))
                {
                    throw new ArgumentException(
                        ResourceHelper.GetMessageTemplate("PasswordDoesntMatchRegularExpressionMessage.config"));
                }
            }

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
            OnValidatingPassword(e);

            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                else
                {
                    throw new ArgumentException("The custom password validation failed.");
                }
            }

            SiteUser siteUser = new SiteUser(siteSettings, username);
            if (siteUser.UserId == -1) { return result; }

            if (
                ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Hashed)
                && (!siteSettings.UseLdapAuth)
                )
            {
                if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword,MembershipPasswordFormat.Hashed))
                {
                    siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
                    siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Hashed);
                    siteUser.MustChangePwd = false;
                    siteUser.PasswordFormat = siteSettings.PasswordFormat;
                    result = siteUser.Save();
                }
            }
            else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Encrypted)
            {
                if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword, MembershipPasswordFormat.Encrypted))
                {
                    siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
                    siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Encrypted);
                    siteUser.MustChangePwd = false;
                    siteUser.PasswordFormat = siteSettings.PasswordFormat;
                    result = siteUser.Save();
                }
            }
            else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Clear)
            {
                if (siteUser.Password == oldPassword)
                {
                    siteUser.Password = newPassword;
                    siteUser.MustChangePwd = false;
                    siteUser.PasswordFormat = siteSettings.PasswordFormat;
                    result = siteUser.Save();
                }
            }

            if (result)
            {
                if (WebConfigSettings.LogIpAddressForPasswordChanges)
                {
                   log.Info("password for user " + siteUser.Name + " was changed from ip address " + SiteUtils.GetIP4Address());
                }

                siteUser.UpdateLastPasswordChangeTime();
            }

            return result;
        }
        public override string ResetPassword(string userName, string passwordAnswer)
        {
            /*
            Takes, as input, a user name and a password answer and replaces the user's current password
             * with a new, random password. ResetPassword then returns the new password. A
             * convenient mechanism for generating a random password is the
             * Membership.GeneratePassword method. If the user name is not valid, ResetPassword
             * throws a ProviderException. ResetPassword also checks the value of the
             * RequiresQuestionAndAnswer property before resetting a password. If
             * RequiresQuestionAndAnswer is true, ResetPassword compares the supplied password
             * answer to the stored password answer and throws a MembershipPasswordException if
             * the two don't match. Before resetting a password, ResetPassword verifies that
             * EnablePasswordReset is true. If EnablePasswordReset is false, ResetPassword throws
             * a NotSupportedException. If the user whose password is being changed is currently
             * locked out, ResetPassword throws a MembershipPasswordException. Before resetting a
             * password, ResetPassword calls the provider's virtual OnValidatingPassword method to
             * validate the new password. It then resets the password or cancels the action based on
             * the outcome of the call. If the new password is invalid, ResetPassword throws a
             * ProviderException. Following a successful password reset, ResetPassword updates the
             * user's LastPasswordChangedDate.
            */
            SiteSettings siteSettings = GetSiteSettings();

            if (!siteSettings.AllowPasswordReset)
            {
                throw new Exception("The method or operation is not implemented.");
            }

            String newPassword = null;

            if ((userName != null) && (siteSettings != null))
            {
                SiteUser siteUser = new SiteUser(siteSettings, userName);
                if (siteUser.UserId > -1)
                {

                    if (siteUser.IsLockedOut)
                    {
                        throw new MembershipPasswordException(
                            ResourceHelper.GetMessageTemplate("UserAccountLockedMessage.config"));
                    }

                    bool okToResetPassword = false;
                    if (siteSettings.RequiresQuestionAndAnswer)
                    {
                        if ((passwordAnswer != null) && (passwordAnswer == siteUser.PasswordAnswer))
                        {
                            okToResetPassword = true;
                        }
                        else
                        {
                            // if wrong answer or user is locked out
                            throw new MembershipPasswordException(ResourceHelper.GetMessageTemplate("PasswordWrongAnswerToQuestionMessage.config"));
                        }

                    }
                    else
                    {
                        okToResetPassword = true;
                    }

                    if (okToResetPassword)
                    {

                        newPassword = SiteUser.CreateRandomPassword(siteSettings.MinRequiredPasswordLength + 2, WebConfigSettings.PasswordGeneratorChars);

                        switch (PasswordFormat)
                        {
                            case MembershipPasswordFormat.Clear:
                                siteUser.Password = newPassword;
                                break;
                            default:
                                siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
                                siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, PasswordFormat);
                                break;
                        }

                        siteUser.MustChangePwd = siteSettings.RequirePasswordChangeOnResetRecover;
                        siteUser.PasswordFormat = siteSettings.PasswordFormat;
                        siteUser.Save();

                        siteUser.UpdateLastPasswordChangeTime();

                    }
                }
                else
                {
                    throw new ProviderException(ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config"));

                }

            }

            return newPassword;
        }