Section 5.5. Let Users Change Passwords

5.5. Let Users Change Passwords

Note: Allow users to change their passwords via the ChangePassword control.

Changing passwords is another common task performed by users of a web site. ASP.NET 2.0 has replaced the mundane task of writing low-level code to change passwords with a brand new ChangePassword control.

5.5.1. How do I do that?

In this lab, you will create a page that allows users to change their passwords. You will use the ChangePassword control to do the work. You will create a new Web Form in the restricted Members folder so that authenticated users can change their passwords.

  1. Using the project created in the previous lab (C:\ASPNET20\chap-5-SecurityControls), drag and drop the ChangePassword control onto the MemberDefault.aspx Web Form located in the Members folder.

  2. Apply the Elegant scheme to the ChangePassword control (through the Auto Format... link in the ChangePassword Tasks menu). The ChangePassword control will now look like that shown in Figure 5-21.

    Figure 5-21. The ChangePassword control

  3. The ChangePassword control must be used on a form that is located within an authenticated directory so that it is accessible only after a user has logged in.

  4. Press F5 to test the application. You will need to be authenticated first, so log in using the account created in the lab Section 5.2. After authentication, the MemberDefault.aspx page will be displayed. Enter the current password and the new password. Click the Change Password button to change the password.

  5. If the password is changed successfully, you will see the notification shown in Figure 5-22.

    Figure 5-22. Changing password using the ChangePassword control

    Tip: You need to set the ContinueDestinationPageUrl property of the ChangePassword control so that when the Continue button is clicked, the user can be redirected to another page. It's a good idea to set the property to point to the home page of your site.

  6. If the new passwords do not match, an error message will be displayed (see Figure 5-23).

Figure 5-23. Error in changing the password

5.5.2. What about...

...adding regular expressions to ensure that the user's new password is of a certain length and complexity?

You can do this by adding a NewPasswordRegularExpression attribute to the <asp:changepassword> element (in Source View):

<asp:changepassword  runat="server"      PasswordHintText = "Password must be 8 characters long                           and includes two numbers and two                           special character."      NewPasswordRegularExpression =         '@\"(?=.{8,})(?=(.*\d){2,})(?=(.*\W){2,})'       NewPasswordRegularExpressionErrorMessage=         "Error: Your password must be 8 characters long          and includes two numbers and two special character." > </asp:changepassword>

If you apply the Elegant scheme to the ChangePassword control, it will appear like Figure 5-24 during runtime (shown displaying the different error messages).

Figure 5-24. The ChangePassword control with the error messages

5.5.3. Where can I learn more?

For more information on using regular expressions for pattern matching, check out the book Mastering Regular Expressions by Jeffrey E. F. Friedl (O'Reilly).

ASP. NET 2.0(c) A Developer's Notebook 2005
ASP. NET 2.0(c) A Developer's Notebook 2005
Year: 2005
Pages: 104 © 2008-2017.
If you may any questions please contact us: