We have implemented a Custom Membership provider and have a change password control on a webpage that uses this provider. The ChangePassword method in this membership provider class checks some business logic about password strength and validity by connecting to an external webservice. The webservice has the ability to return exactly what is wrong with the new password if any (length problems, special character required etc.).
Now, the signature of the ChangePassword method that has to be overriden by a custom provider is:
public override bool ChangePassword(string username, string oldPassword, string newPassword)
So even though I know the exact problem with the new password the user supplies, I am not able to display it on the webpage because I can only return a true or false from this method and the change password control then takes over and does its own magic depending on the boolean return value. I can hook up the OnChangePasswordError
event of the ChangePassword
control to show a static error message, or I can even setup the FailureText
property of this control to some hard-coded string when an error occurs, but I am unable to provide to the user what exactly is wrong with the password they supplied.
protected void OnPasswordChangeError(object sender, EventArgs e)
{
throw new MembershipPasswordException("Tell user what exactly is wrong with the password they supplied");
}
The MembershipProvider
class has a ValidatingPassword
event, that is raised BEFORE the password is changed, and I can throw an exception here by checking if the password meets the criteria, but still that exception does not seem to be passed to the ChangePassword control. Here is the code for the ValidatingPassword eventHandler:
void MyMembershipProvider_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
{
//if password not valid
e.Cancel = true;
e.FailureInformation = new MembershipPasswordException();
e.FailureInformation;
}
how to send specific information from the ChangePassword method of the Membership provider class to the ChangePassword control to display the correct, non static/hardcoded password change error messages to the user? Is there a way to hook up the ValidatePasswordEventArgs to the EventArgs in the EventHandler for the OnChangePassword method so that I can get the FailureInformation in the ChangePassword control?
From my initial research this does not seem to be possible. Though I feel that the MS team would not have overlooked this and there should be a way.
A few pointers:
MembershipUser.ChangePassword fails without warning
http://forums.asp.net/t/983613.aspx
Best Answer
OK, so I finally figured a workaround. It is not the cleanest, but the only one I could come up with or found anywhere that was close to what should have been inclued by default.
Note: I did not have the option to persist this in a database or a cookie.
I created a
ChangePasswordNew
method that has the same behavior as theMembershipProvider
ChangePassword
method, but returns string instead of bool. So my new method would look like this:Now, subscribe to the
onPasswordChanging
event of theChangePassword
Control:Note: In this case, if there is an error on password change, i.e. response is not "success", the Memebership Provider
ChangePassword
method will still be called and will return an error again. But I am already setting theFailureText
property to the descriptive error returned from response in the first call, which was my objective. I did not mind two method calls in my case. Your case may be different.Hope this helps someone!