Tutorials References Exercises Sign Up Menu
Create Website Get Certified Pro

WebSecurity - GeneratePasswordResetToken()

❮ WebSecurity


The GeneratePasswordResetToken() method generates a password reset token that can be sent to a user in email.

C# and VB Syntax

WebSecurity.GeneratePasswordResetToken(userName, expiration)


Parameter Type Description
userName String The user name
expiration Integer The time in minutes until the token expires. Default is 1440 (24 hours)

Return Value

Type Description
String A reset token.

Errors and Exceptions

Any access to the WebSecurity object throws an InvalidOperationException if:

  • The InitializeDatabaseConnection() method has not been called
  • SimpleMembership is not initialized (or disabled in the website configuration)


Use the ResetPassword() method if the user has forgotten his password. The ResetPassword() method requires a password reset token.

A confirmation token can be created by the CreateAccount(), CreateUserAndAccount(), or GeneratePasswordResetToken() methods.

The password can be reset by code, but the common procedure is to send an email to the user (with the token and a link to a page) so he can confirm the new password with the new token:

newPassword = Request["newPassword"];
confirmPassword = Request["confirmPassword"];
token = Request["token"];
if IsPost
    // input testing is ommitted here to save space
    retunValue = ResetPassword(token, newPassword);
<h1>Change Password</h1>

<form method="post" action="">

<label for="newPassword">New Password:</label>
<input type="password" id="newPassword" name="newPassword" title="New password" />

<label for="confirmPassword">Confirm Password:</label>
<input type="password" id="confirmPassword" name="confirmPassword" title="Confirm new password" />

<label for="token">Pasword Token:</label>
<input type="text" id="token" name="token" title="Password Token" />

<p class="form-actions">
<input type="submit" value="Change Password" title="Change password" />


❮ WebSecurity