## WebSecurity.ResetPassword() Method
The `WebSecurity.ResetPassword()` method is used to reset a user's password by validating a unique password reset token. This method is part of the ASP.NET Web Pages SimpleMembership system and is typically used in "Forgot Password" workflows.
---
## Definition
Resets a user's password to a new value, provided that a valid password reset token is supplied.
---
## Syntax
```csharp
public static bool ResetPassword(string passwordResetToken, string newPassword)
```
---
## Parameters
| Parameter | Type | Description |
| :--- | :--- | :--- |
| `passwordResetToken` | `String` | A unique token generated for the user to authorize the password reset. |
| `newPassword` | `String` | The new password to be set for the user account. |
---
## Return Value
* **Type:** `Boolean`
* **Description:** Returns `true` if the password was successfully reset; otherwise, `false`.
---
## Errors and Exceptions
An `InvalidOperationException` will be thrown if you attempt to access any member of the `WebSecurity` class under the following conditions:
* The `InitializeDatabaseConnection()` method has not been called first to initialize the membership database.
* **SimpleMembership** is not initialized (or has been explicitly disabled in the website configuration).
---
## Remarks
Use the `ResetPassword` method when a user has forgotten their password and needs to set a new one without knowing their current password.
### How the Reset Process Works:
1. **Generate a Token:** A password reset token must first be generated using the `WebSecurity.GeneratePasswordResetToken()` method.
2. **Send the Token:** Typically, this token is sent to the user via email as part of a confirmation link (e.g., `https://example.com/Account/ResetPassword?token=XYZ`).
3. **Reset the Password:** When the user clicks the link, they are directed to a page where they can enter a new password. The token and the new password are then passed to `WebSecurity.ResetPassword()`.
---
## Code Example
The following example demonstrates a typical implementation of a password reset page using Razor syntax (`.cshtml`).
```cshtml
@{
var newPassword = "";
var confirmPassword = "";
var token = "";
bool isResetSuccessful = false;
string message = "";
if (IsPost)
{
newPassword = Request;
confirmPassword = Request;
token = Request;
// Basic validation
if (string.IsNullOrEmpty(token))
{
message = "A valid password reset token is required.";
}
else if (newPassword != confirmPassword)
{
message = "The new password and confirmation password do not match.";
}
else
{
// Reset the password using the token
isResetSuccessful = WebSecurity.ResetPassword(token, newPassword);
if (isResetSuccessful)
{
message = "Your password has been successfully reset!";
}
else
{
message = "Password reset failed. The token may be invalid or expired.";
}
}
}
}
Reset Password
Change Password
@if (!string.IsNullOrEmpty(message))
{
@message
}
@if (!isResetSuccessful)
{
}
```
---
## Technical Specifications
| Property | Value |
| :--- | :--- |
| **Namespace** | `WebMatrix.WebData` |
| **Assembly** | `WebMatrix.WebData.dll` |