F9 Group Marketing and Technology Blog

When a visitor registers a new account on an ASP.NET website that uses the Membership system, they are prompted (by default) for their username, password, e-mail address, and other pertinent information. Along with functionality for registering new accounts, the ASP.NET Membership system provides page developers techniques for modifying information about users. For instance, with just a couple of lines of code you can change an existing user’s e-mail address, approve a user, or unlock them (if their account was locked out). However, there are certain bits of user information that cannot be modified through the Membership API, such as the username. For most sites this is a non-issue. Once a visitor has registered an account that username is fixed; if they want a different username, well, they’ll just have to register a new account. But consider a website that has customized the account creation process so that instead of prompting the user for both a username and e-mail address, the user is only asked to enter an e-mail address and that it is used as both their username and e-mail address on file. Anytime a user switched e-mail addresses – which can happen when changing jobs, changing ISPs, or moving to the new, hip, web-based e-mail provider of the day – they need to also change their username on your site

The ASP.NET Toolbox includes two Web controls for managing users’ passwords: the ChangePassword control and the PasswordRecovery control. The ChangePassword control allows a user signed into the site to change their password by entering their existing password and their new, desired password. The PasswordRecovery control is used to reset or recover a user’s password in the event that it has been forgotten. The PasswordRecovery control is used by anonymous users who need to be reminded of their password. Assuming that the Membership system is configured to require that users have a security question and answer (the default behavior), the user is presented with their security question and must correctly enter their security answer in order to have their password reset or recovered. While there are two controls for managing passwords, there are no Web controls in the Toolbox for managing a user’s security question and answer. In other words, there’s no built-in control that allows a signed in user to change her security question and answer. The good news is that while no control offers this functionality it’s not difficult to implement this feature ourselves. The MembershipUser class has a ChangePasswordQuestionAndAnswer method that modifies the security question and answer information using the configured Membership provider. This article shows how to build a page that permits a signed in user to change their security question and answer, and a demo application is available for download at the end of the article that showcases this functionality in action. Read on to learn more! Read More >