## WebSecurity.GeneratePasswordResetToken() Method
The `WebSecurity.GeneratePasswordResetToken()` method is a built-in utility in ASP.NET Web Pages (SimpleMembership) that generates a unique password reset token. This token can be sent to a user via email, allowing them to securely reset their forgotten password within a specified timeframe.
---
## Definition
Generates a unique security token that can be used to reset a user's password. This token is typically sent to the user's registered email address as part of a password recovery link.
---
## Syntax
### C# and VB.NET Syntax
```csharp
public static string GeneratePasswordResetToken(string userName, int expirationInMinutes = 1440)
```
---
## Parameters
| Parameter | Type | Description |
| :--- | :--- | :--- |
| `userName` | `String` | The username of the user who requested the password reset. |
| `expiration` | `Integer` | *(Optional)* The expiration time of the token in minutes. The default value is `1440` (24 hours). |
---
## Return Value
| Type | Description |
| :--- | :--- |
| `String` | A unique security token string that represents the password reset request. |
---
## Errors and Exceptions
An `InvalidOperationException` is thrown if you attempt to call this method under the following conditions:
* The `InitializeDatabaseConnection()` method of the `WebSecurity` class has not been called first to initialize the membership database.
* **SimpleMembership** is not initialized or has been explicitly disabled in the website configuration.
---
## Remarks
* To complete the password reset process after generating a token, use the `WebSecurity.ResetPassword()` method. The `ResetPassword()` method requires the token generated by `GeneratePasswordResetToken()` along with the user's new password.
* Security tokens can be created during different stages of user management using methods like `CreateAccount()`, `CreateUserAndAccount()`, or `GeneratePasswordResetToken()`.
* While passwords can be reset programmatically, the standard security workflow involves:
1. Generating a token using `GeneratePasswordResetToken()`.
2. Sending an email to the user containing a link with the token appended as a query string parameter.
3. Directing the user to a password reset page where they enter their new password and submit the token.
---
## Code Example
The following example demonstrates how to handle a password reset request on a webpage. The page receives the token (usually from an email link) and allows the user to submit a new password.
```cshtml
@{
var newPassword = "";
var confirmPassword = "";
var token = "";
bool isResetSuccessful = false;
string errorMessage = "";
// Retrieve the token from the query string (if coming from an email link)
token = Request;
if (IsPost)
{
newPassword = Request;
confirmPassword = Request;
token = Request;
// Basic validation
if (string.IsNullOrEmpty(newPassword) || string.IsNullOrEmpty(confirmPassword))
{
errorMessage = "Passwords cannot be empty.";
}
else if (newPassword != confirmPassword)
{
errorMessage = "The new password and confirmation password do not match.";
}
else if (string.IsNullOrEmpty(token))
{
errorMessage = "A valid password reset token is required.";
}
else
{
// Attempt to reset the password using the token
isResetSuccessful = WebSecurity.ResetPassword(token, newPassword);
if (!isResetSuccessful)
{
errorMessage = "The password reset token is invalid or has expired.";
}
}
}
}
Reset Password
Change Password
@if (IsPost)
{
if (isResetSuccessful)
{
Your password has been successfully reset!
}
else
{
@errorMessage
}
}
@if (!isResetSuccessful)
{
}
```
---
## Technical Data
| Property | Value |
| :--- | :--- |
| **Namespace** | `WebMatrix.WebData` |
| **Assembly** | `WebMatrix.WebData.dll` |