locked
membership not update email address RRS feed

  • Question

  • User-1767698477 posted
      

    I'm trying to get the code below to update the membership user with a different email address. This is on my update_profile page. I thought that u.ChangePasswordQuestionAndAnswer(txtPassword.Text, TxtSecurityQuestion.Text, TxtSecurityAnswer.Text) is supposed to go and look to see if email address that was typed into the textbox already exists in the membership table, and if it does generate the exception error message. No error is being generated and it says it updates the profile each time and of course this is not really happening. I have used breakpoints, and it is completely skipped over the catch exception test. I'm attempting to change to an email address that already exists in the table, so it should be generating an error message. Is it not searching to see if the email already exists?

            'have to look and see if email was changed
            Dim u As MembershipUser = Membership.GetUser(User.Identity.Name)
            If txtEmail.Text <> Session("Email") Or TxtSecurityQuestion.Text <> u.PasswordQuestion Then
                Try
                    u.Email = txtEmail.Text
                    u.ChangePasswordQuestionAndAnswer(txtPassword.Text, TxtSecurityQuestion.Text, TxtSecurityAnswer.Text)
                    Membership.UpdateUser(u)
                Catch e As System.Configuration.Provider.ProviderException
                    lblresult.Text = e.Message
                    Exit Sub
                End Try
            End If

    Saturday, May 16, 2020 5:00 AM

Answers

  • User-1767698477 posted

    It was removed before and I had breakpoints. I could see it skipping entirely the exception block. What I found out is that performing 2 changes in the same block of code creates a problem. I'm updating once for the email and once for the security question and answer update.  The former is not successful since requiresUniqueEmail="true" is in web.config, but the latter is successful so asp.net assumes it was successful for everything and just skips the exception message.   I blocked out the u.ChangepasswordQuestionandanswer...... and I'm getting the exception error now for the email.  I'm going to use a separate block of code to handle changing the security question and answer.

    My idea was to use the security question and answer to update the email address. I don't see how it is possible to test a textbox for the correct answer to the security question. How can I access the current security question answer so I can store it in a session variable and test it when someone wants to update their email address?

    I understand https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membershipcreatestatus?view=netframework-4.8  which is membershipCreateStatus which provides errors when creating the username. But I don't see a similar one for updating the user in the membership that uses the security question and answer. It appears, unless I'm mistaken that the security question and answer is only for resetting the password which I do on a non-authenticated page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 16, 2020 5:11 PM

All replies

  • User475983607 posted

    The catch block is empty so you are hiding the exception from yourself.  

    Saturday, May 16, 2020 6:55 AM
  • User-1767698477 posted

    It was removed before and I had breakpoints. I could see it skipping entirely the exception block. What I found out is that performing 2 changes in the same block of code creates a problem. I'm updating once for the email and once for the security question and answer update.  The former is not successful since requiresUniqueEmail="true" is in web.config, but the latter is successful so asp.net assumes it was successful for everything and just skips the exception message.   I blocked out the u.ChangepasswordQuestionandanswer...... and I'm getting the exception error now for the email.  I'm going to use a separate block of code to handle changing the security question and answer.

    My idea was to use the security question and answer to update the email address. I don't see how it is possible to test a textbox for the correct answer to the security question. How can I access the current security question answer so I can store it in a session variable and test it when someone wants to update their email address?

    I understand https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membershipcreatestatus?view=netframework-4.8  which is membershipCreateStatus which provides errors when creating the username. But I don't see a similar one for updating the user in the membership that uses the security question and answer. It appears, unless I'm mistaken that the security question and answer is only for resetting the password which I do on a non-authenticated page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 16, 2020 5:11 PM