I’m trying to implement a question and answer password reset page, but this line:
string tempPassword =
Membership.Provider.ResetPassword(username, TextBoxSecurityAnswer.Text);
is throwing a MembershipPasswordException even if the security answer being passed in is the correct one for the username. The base exception is a System.Exception and it just says COMPlusExceptionCode with a value of -532459699.
I’m using MySql and their .NET Connector v6.2.5 (which is the latest I could use since my project is .NET v3.5). My web.config settings for the membership provider look like this:
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear/>
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=5.2.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
connectionStringName="Membership"
applicationName="/"
passwordFormat="hashed"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
requiresQuestionAndAnswer="true" />
</providers>
</membership>
Anyone have any idea what’s going on?
Ok, I figured it out. And wow, do I feel dumb. But maybe someone else will do the same dumb thing.
I had changed the data for the security answer directly in the database for the account in question, and when I did that, the security answer was no longer hashed in the database. I imagine the Membership Provider was trying to take what was in the database, assume it was hashed, and whatever it came up with didn’t match the supplied answer, so it threw the exception. Makes sense.