ASP.NET 2.0 Moves User Authentication One Step Forward, Page 2
Update the Password
Registered users can modify their passwords easily by using the ChangePassword() method of the Membership class. This method accepts two parameters, such as old password and new password (See Listing 6).
Listing 6. Users can modify their passwords
Dim users as Membership User users = Membership.GetUser() users.ChangePassword(txtOldPass.Text, txtNewPass.Text) Membership.UpdateUser()
Each time you update a password, you must call the UpdateUser() method. You also can modify the password's question and answer by using the ChangePasswordQuestionAndAnswer() method.
Whidbey's Built-in ASP.NET Security Controls
Visual Studio 2005 ships with built-in server controls such as Login, Login Status, and so forth. These controls automatically perform all the important functionalities associated with authentication using minimal code. You easily can implement and customize them (see Figures 2 and 3) by selecting the appropriate options from the Properties window. For instance, the Login control calls the ValidateUser() method of the Membership class. If the user's credentials are correct, it calls the FormsAuthentication.RedirectFromLoginPage method, issues a cookie, and redirects the user to the original page from where they came.
Figure 2. Login Control, Before Customization
Figure 3. Login Control, After Customization
A complete discussion of all security server controls is outside the scope of this article. Check out MSDN's documentation for additional information regarding these controls.
About the Author
Anand Narayanaswamy (Microsoft MVP) works as an independent consultant and runs NetAns Technologies (http://www.netans.com), which provides affordable Web hosting services for the community. Anand also runs LearnXpress.com (http://www.learnXpress.com), Dotnetalbum.com (http://www.dotnetalbum.com), and Csharpfaq.com (http://www.csharpfaq.com). Anand regularly contributes articles and product and book reviews for various Web sites. He can be reached at email@example.com.