public ActionResult ForgotPassword(ForgotPasswordViewModel model) { // Get the userName by the email address string userName = Membership.GetUserNameByEmail(model.Email); if (String.IsNullOrEmpty(userName)) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName)); return View(model); } // Get the user by the userName MembershipUser user = Membership.GetUser(userName); if (user == null) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName)); return View(model); } else if (!user.IsApproved) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.UserNotYetApproved)); return View(model); } else if (user.IsLockedOut) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.UserAccountLocked)); return View(model); } else { if (ModelState.IsValid) { RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel(); rpsModel = ResetPassword(userName, model.PasswordAnswer, GetLoginUrl()); if (rpsModel.RegisterPasswordSuccess) { return RedirectToAction("ForgotPasswordSuccess", new { userName = userName }); } else { ModelState.AddModelError("", rpsModel.ErrorMessage); return View(model); } } } return View(model); }
public ActionResult QuestionAndAnswer(QuestionAndAnswerModel model, string userName, string PasswordQuestion, string PasswordAnswer) { if (ModelState.IsValid) { RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel(); rpsModel = ResetPassword(userName, PasswordAnswer, GetLoginUrl()); if (rpsModel.RegisterPasswordSuccess) { return RedirectToAction("PasswordResetFinal", new { userName = userName }); } else { ModelState.AddModelError("", rpsModel.ErrorMessage); return View(model); } } // If we got this far, something failed, redisplay form return View(model); }
/// <summary> /// ResetPassword /// </summary> /// <param name="userName">User Name</param> /// <param name="passwordAnswer">Password Answer</param> /// <param name="loginUrl">Login URL</param> /// <returns>RegisterPasswordSuccessModel Model</returns> public RegisterPasswordSuccessModel ResetPassword(string userName, string passwordAnswer, string loginUrl) { bool resetPasswordSucceeded = false; bool changePasswordSucceeded = false; bool emailPasswordSucceeded = false; string errorMsg = ErrorCodeToString(AccountCreateStatus.Default); string resetPasswordNew; //-- Set initial model values RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel(); rpsModel.ErrorMessage = errorMsg; rpsModel.RegisterPasswordSuccess = false; if (ModelState.IsValid) { try { if (!Membership.EnablePasswordReset) { rpsModel.ErrorMessage = ErrorCodeToString(AccountCreateStatus.PasswordResetDisabled); return rpsModel; } MembershipUser currentUser = Membership.GetUser(userName); if (currentUser == null) { rpsModel.ErrorMessage = ErrorCodeToString(AccountCreateStatus.InvalidUserName); return rpsModel; } else { //-- Attempt to reset password if (String.IsNullOrEmpty(passwordAnswer)) { resetPasswordNew = currentUser.ResetPassword(); } else { resetPasswordNew = currentUser.ResetPassword(passwordAnswer); } //-- Check to see if a new password was created. if (String.IsNullOrEmpty(resetPasswordNew)) { //-- error creating password resetPasswordSucceeded = false; errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordCreateFailed); } else { // At this point the account has a new randomly generated password. // This is typically a very strong password but almost impossible for // user to type correctly. // // The code below changes the new password to a human friendly password // (but also much less secure one.) Use this code at your own risk. string friendlyPassword = General.GenerateHumanFriendlyPassword(); //-- Update Password with new friendly password changePasswordSucceeded = currentUser.ChangePassword(resetPasswordNew, friendlyPassword); if (!changePasswordSucceeded) { //-- error creating password resetPasswordSucceeded = false; errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordCreateFailed); } else { //-- E-mail the new password to the user. emailPasswordSucceeded = EmailNewPassword(userName, friendlyPassword, GetLoginUrl()); if (!emailPasswordSucceeded) { //-- error creating password resetPasswordSucceeded = false; errorMsg = ErrorCodeToString(AccountCreateStatus.PasswordEmailFailed); } else { //-- everything has been created successfully resetPasswordSucceeded = true; } } } } } catch (MembershipPasswordException) { resetPasswordSucceeded = false; errorMsg = ErrorCodeToString(AccountCreateStatus.InvalidPasswordAnswer); } catch (Exception) { resetPasswordSucceeded = false; } //-- Check Reset Password Success if (resetPasswordSucceeded) { rpsModel.ErrorMessage = ""; rpsModel.RegisterPasswordSuccess = true; } else { rpsModel.ErrorMessage = errorMsg; } } return rpsModel; }
public ActionResult PasswordReset(PasswordResetModel model, string userName) { if (!Membership.EnablePasswordReset) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.PasswordResetDisabled)); return View(model); } MembershipUser currentUser = Membership.GetUser(userName); if (currentUser == null) { ModelState.AddModelError("", ErrorCodeToString(AccountCreateStatus.InvalidUserName)); return View(model); } if (ModelState.IsValid) { if (Membership.RequiresQuestionAndAnswer) { return RedirectToAction("QuestionAndAnswer", new { userName = userName }); } else { RegisterPasswordSuccessModel rpsModel = new RegisterPasswordSuccessModel(); rpsModel = ResetPassword(userName, null, GetLoginUrl()); if (rpsModel.RegisterPasswordSuccess) { return RedirectToAction("PasswordResetFinal", new { userName = userName }); } else { ModelState.AddModelError("", rpsModel.ErrorMessage); return View(model); } } } // If we got this far, something failed, redisplay form return View(model); }