We have implemented a Custom Membership provider and have a change password control on a webpage that uses this provider. The ChangePassword method in this membership provider class checks some business logic about password strength and validity by connecting to an external webservice. The webservice has the ability to return exactly what is wrong with the new password if any (length problems, special character required etc.).
Now, the signature of the ChangePassword method that has to be overriden by a custom provider is:
public override bool ChangePassword(string username, string oldPassword, string newPassword)
So even though I know the exact problem with the new password the user supplies, I am not able to display it on the webpage because I can only return a true or false from this method and the change password control then takes over and does its own magic depending on the boolean return value. I can hook up the OnChangePasswordError
event of the ChangePassword
control to show a static error message, or I can even setup the FailureText
property of this control to some hard-coded string when an error occurs, but I am unable to provide to the user what exactly is wrong with the password they supplied.
protected void OnPasswordChangeError(object sender, EventArgs e)
{
throw new MembershipPasswordException("Tell user what exactly is wrong with the password they supplied");
}
The MembershipProvider
class has a ValidatingPassword
event, that is raised BEFORE the password is changed, and I can throw an exception here by checking if the password meets the criteria, but still that exception does not seem to be passed to the ChangePassword control. Here is the code for the ValidatingPassword eventHandler:
void MyMembershipProvider_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
{
//if password not valid
e.Cancel = true;
e.FailureInformation = new MembershipPasswordException();
e.FailureInformation;
}
how to send specific information from the ChangePassword method of the Membership provider class to the ChangePassword control to display the correct, non static/hardcoded password change error messages to the user? Is there a way to hook up the ValidatePasswordEventArgs to the EventArgs in the EventHandler for the OnChangePassword method so that I can get the FailureInformation in the ChangePassword control?
From my initial research this does not seem to be possible. Though I feel that the MS team would not have overlooked this and there should be a way.
A few pointers:
http://stackoverflow.com/questions/892256/membershipuser-changepassword-fails-without-warning http://forums.asp.net/t/983613.aspx