How to use Secret Answer in .NET with Membership.Provider
-
03-07-2019 - |
Question
I am using the Membership.Provider for security in my MVC Application. I have a forgot password page that asks for your username, and then gives you the secret question on file. My question is how to a check the secret answer against what is on file. I can't seem to find any method that does that besides
Membership.Provider.ResetPassword(userName, secretAnswer)
which basically approves anything I type in.
Solution
There's a setting in the web.config you have to set to tell the Membership Provider to use the secret question.
It's requiresQuestionAndAnswer="true"
where you set up the membership provider.
Edit:
In your comment requiresQuestionAndAnswer
is set to "false" - it should be "true"
OTHER TIPS
You have to use reset password, see example http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.resetpassword.aspx