I have created one web application in which user have an option to reset his/her password.
When he clicks on reset password.. an email will be sent to him with link to reset password..
after clicking on link, it takes to the change password page. where users enters new password..
i have following fields in aspx UI page :
<div id="changePassDiv">
<div>
<asp:TextBox ID="txtNewPassword" TextMode="Password" runat="server" class="form-control input-sm" placeholder="" TabIndex="1"></asp:TextBox>
</div>
<div>
<asp:TextBox ID="txtConfirm" runat="server" class="form-control input-sm" TextMode="Password" placeholder="" TabIndex="1"></asp:TextBox>
<asp:CompareValidator ID="cmp" runat="server" ControlToValidate="txtConfirm" ControlToCompare="txtNewPassword" ErrorMessage="Password doesn't match!" Display="Dynamic"></asp:CompareValidator>
</div>
<div><asp:Button ID="SubmitButton" runat="server" Class="btn btn-default-color btn-sm" Text="Submit" OnClick="SubmitButton_Click" OnClientClick="ga('send', 'event', 'contact', 'Click', 'Submit');" CausesValidation="true" ValidationGroup="DetailsGroup" /></div>
</div>
My code behind aspx.cs :
public partial class reset : System.Web.UI.Page
{
string userName = ""; string useremail = "";
protected void Page_Load(object sender, EventArgs e)
{
if (Request["email"] != "" && Request["email"] != null)
{
useremail = Server.UrlDecode(DLSecurity.DecryptString(Request.QueryString["email"].ToString()));
}
if (!Page.IsPostBack)
{
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
if (useremail == "")
{
return;
}
userName = Membership.GetUserNameByEmail(DLSecurity.EncryptString(useremail));
MembershipUser mu = Membership.GetUser(userName);
string password = mu.ResetPassword();
if (mu.ChangePassword(password, txtNewPassword.Text))
{
InvalidCredentialsMessage.Text = "Password changed successfully!";
InvalidCredentialsMessage.ForeColor = Color.Green;
InvalidCredentialsMessage.Font.Size = 12;
ScriptManager.RegisterStartupScript(this, GetType(), "Success", "alert('Please enter your Username/Email Id!');", true);
//ClientScript.RegisterStartupScript(this.GetType(), "redirect user to homepage", "alert('password changed successfully. you are being redirected to homepage.');window.location.href='/homepage';", true);
}
else
{
InvalidCredentialsMessage.Text = "Password is not changed please try again!";
InvalidCredentialsMessage.ForeColor = Color.Red;
InvalidCredentialsMessage.Font.Size = 12;
}
}
catch (Exception ex)
{
InvalidCredentialsMessage.Text = ex.Message;
if (ex.Message.ToLower().IndexOf("non alpha numeric characters") != -1)
InvalidCredentialsMessage.Text = "Password should consist of minimum 7 characters with atleast one capital alpahabet, one small alphabet, one special character and one numeric value";
if (ex.Message.ToLower().IndexOf("value cannot be null") != -1)
InvalidCredentialsMessage.Text = "you are trying to change another user password!";
InvalidCredentialsMessage.ForeColor = Color.Red;
InvalidCredentialsMessage.Font.Size = 9;
}
}
}
when user clicks on reset link from email, it goes to change password window, when he fills new password & clicks on submit, it throws following error :
Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentException: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.]
System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument) +11859663
System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument) +143
System.Web.UI.WebControls.HiddenField.LoadPostData(String postDataKey, NameValueCollection postCollection) +54
System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad) +580
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +931
Note: i have tried adding <%@ Page EnableEventValidation="true" %> but it didn't workde
