public ActionResult ForgotPassword(ForgotPasswordViewModel model)
{
// Get the userName by the email address
string userName = Membership.GetUserNameByEmail(model.Email);
if (String.IsNullOrEmpty(userName))
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName));
return View(model);
}
// Get the user by the userName
MembershipUser user = Membership.GetUser(userName);
if (user == null)
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName));
return View(model);
}
else if (!user.IsApproved)
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.UserNotYetApproved));
return View(model);
}
else if (user.IsLockedOut)
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.UserAccountLocked));
return View(model);
}
else
{
if (ModelState.IsValid)
{
RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel();
rpsModel = ResetPassword(userName, model.PasswordAnswer, GetLoginUrl());
if (rpsModel.RegisterPasswordSuccess)
{
return RedirectToAction("ForgotPasswordSuccess", new { userName = userName });
}
else
{
ModelState.AddModelError("", rpsModel.ErrorMessage);
return View(model);
}
}
}
return View(model);
}
public ActionResult QuestionAndAnswer(QuestionAndAnswerModel model, string userName, string PasswordQuestion, string PasswordAnswer)
{
if (ModelState.IsValid)
{
RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel();
rpsModel = ResetPassword(userName, PasswordAnswer, GetLoginUrl());
if (rpsModel.RegisterPasswordSuccess)
{
return RedirectToAction("PasswordResetFinal", new { userName = userName });
}
else
{
ModelState.AddModelError("", rpsModel.ErrorMessage);
return View(model);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
/// <summary>
/// ResetPassword
/// </summary>
/// <param name="userName">User Name</param>
/// <param name="passwordAnswer">Password Answer</param>
/// <param name="loginUrl">Login URL</param>
/// <returns>RegisterPasswordSuccessModel Model</returns>
public RegisterPasswordSuccessModel ResetPassword(string userName, string passwordAnswer, string loginUrl)
{
bool resetPasswordSucceeded = false;
bool changePasswordSucceeded = false;
bool emailPasswordSucceeded = false;
string errorMsg = ErrorCodeToString(AccountCreateStatus.Default);
string resetPasswordNew;
//-- Set initial model values
RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel();
rpsModel.ErrorMessage = errorMsg;
rpsModel.RegisterPasswordSuccess = false;
if (ModelState.IsValid)
{
try
{
if (!Membership.EnablePasswordReset)
{
rpsModel.ErrorMessage = ErrorCodeToString(AccountCreateStatus.PasswordResetDisabled);
return rpsModel;
}
MembershipUser currentUser = Membership.GetUser(userName);
if (currentUser == null)
{
rpsModel.ErrorMessage = ErrorCodeToString(AccountCreateStatus.InvalidUserName);
return rpsModel;
}
else
{
//-- Attempt to reset password
if (String.IsNullOrEmpty(passwordAnswer))
{
resetPasswordNew = currentUser.ResetPassword();
}
else
{
resetPasswordNew = currentUser.ResetPassword(passwordAnswer);
}
//-- Check to see if a new password was created.
if (String.IsNullOrEmpty(resetPasswordNew))
{
//-- error creating password
resetPasswordSucceeded = false;
errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordCreateFailed);
}
else
{
// At this point the account has a new randomly generated password.
// This is typically a very strong password but almost impossible for
// user to type correctly.
//
// The code below changes the new password to a human friendly password
// (but also much less secure one.) Use this code at your own risk.
string friendlyPassword = General.GenerateHumanFriendlyPassword();
//-- Update Password with new friendly password
changePasswordSucceeded = currentUser.ChangePassword(resetPasswordNew, friendlyPassword);
if (!changePasswordSucceeded)
{
//-- error creating password
resetPasswordSucceeded = false;
errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordCreateFailed);
}
else
{
//-- E-mail the new password to the user.
emailPasswordSucceeded = EmailNewPassword(userName, friendlyPassword, GetLoginUrl());
if (!emailPasswordSucceeded)
{
//-- error creating password
resetPasswordSucceeded = false;
errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordEmailFailed);
}
else
{
//-- everything has been created successfully
resetPasswordSucceeded = true;
}
}
}
}
}
catch (MembershipPasswordException)
{
resetPasswordSucceeded = false;
errorMsg = ErrorCodeToString(AccountCreateStatus.InvalidPasswordAnswer);
}
catch (Exception)
{
resetPasswordSucceeded = false;
}
//-- Check Reset Password Success
if (resetPasswordSucceeded)
{
rpsModel.ErrorMessage = "";
rpsModel.RegisterPasswordSuccess = true;
}
else
{
rpsModel.ErrorMessage = errorMsg;
}
}
return rpsModel;
}
public ActionResult PasswordReset(PasswordResetModel model, string userName)
{
if (!Membership.EnablePasswordReset)
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.PasswordResetDisabled));
return View(model);
}
MembershipUser currentUser = Membership.GetUser(userName);
if (currentUser == null)
{
ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName));
return View(model);
}
if (ModelState.IsValid)
{
if (Membership.RequiresQuestionAndAnswer)
{
return RedirectToAction("QuestionAndAnswer", new { userName = userName });
}
else
{
RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel();
rpsModel = ResetPassword(userName, null, GetLoginUrl());
if (rpsModel.RegisterPasswordSuccess)
{
return RedirectToAction("PasswordResetFinal", new { userName = userName });
}
else
{
ModelState.AddModelError("", rpsModel.ErrorMessage);
return View(model);
}
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
