If you run an ASP.NET website using webforms combined with member access, you can easily add a Change Password feature by utilizing built-in controls. This works well on Umbraco websites using Public Access.

This article focuses on implementation using Webforms. In a future article, I will discuss how this class can be applied to sites running MVC/Razor.

What does the ChangePassword class do?

This class allows you to offer users the ability to change their password once they have logged in. This is useful if a password needs to be changed for security purposes or perhaps just a personal preference. This class is different from the PasswordRecovery class which I discussed in a previous article.

Getting started using the ChangePassword class

First off, the page running this control does not need to be behind a secured section/folder. This differs from the PasswordRecovery class which should always be outside a secured section/folder for obvious reasons.

The first thing you will want to do is create a new page template to run the control. Implementation is quite easy, just add the following code to your page wherever you want the form to appear. Below is the most basic implementation.

<form runat="server">
   <asp:ChangePassword ID="ChangePassword1" runat="server"></asp:ChangePassword>
</form>

This will generate a headline followed by a three input fields, and a submit button with the following labels:

• Current Password
• New Password
• Confirm Password

When submitted, the page is reloaded with either a success or failure message based on your input. The user is NOT logged out at this point. If successful, the new password is stored and hashed.

I prefer however that the user is logged out upon successful submission and that user be returned to the login page. This is easily achieved by modifying the parameters as follows.

<form runat="server">
   <asp:ChangePassword ID="ChangePassword1" SuccessPageUrl="/login/" OnChangedPassword="LoginStatus1_LoggedOut" runat="server"></asp:ChangePassword>
</form>

The OnChangePassword parameter is an event handler that is fired upon a successful submission. The following event handler code should also appear in the HTML of the change password page.

<script runat="server">
protected void LoginStatus1_LoggedOut(object sender, EventArgs e)
    {
        FormsAuthentication.SignOut();
        Roles.DeleteCookie();
        Session.Clear();
    }
</script>

The SuccessPageUrl parameter returns the member to the login page. Modify this value to accommodate your site structure.

Additional ChangePassword class parameters

There are dozens of additional parameters that can be added to this control. You can control or override field labels, assign classes for styling and much more. For a complete list of all parameters and code examples, visit the ChangePassword MSDN page.

Filed in // Content Management Systems, Web Hosting