SqlConnection.ChangePassword Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Changes the SQL Server password.
Overloads
| ChangePassword(String, SqlCredential, SecureString) |
Changes the SQL Server password for the user indicated in the SqlCredential object. |
| ChangePassword(String, String) |
Changes the SQL Server password for the user indicated in the connection string to the specified new password. |
ChangePassword(String, SqlCredential, SecureString)
Changes the SQL Server password for the user indicated in the SqlCredential object.
public:
static void ChangePassword(System::String ^ connectionString, System::Data::SqlClient::SqlCredential ^ credential, System::Security::SecureString ^ newPassword);public:
static void ChangePassword(System::String ^ connectionString, System::Data::SqlClient::SqlCredential ^ credential, System::Security::SecureString ^ newSecurePassword);public static void ChangePassword (string connectionString, System.Data.SqlClient.SqlCredential credential, System.Security.SecureString newPassword);public static void ChangePassword (string connectionString, System.Data.SqlClient.SqlCredential credential, System.Security.SecureString newSecurePassword);static member ChangePassword : string * System.Data.SqlClient.SqlCredential * System.Security.SecureString -> unitstatic member ChangePassword : string * System.Data.SqlClient.SqlCredential * System.Security.SecureString -> unitPublic Shared Sub ChangePassword (connectionString As String, credential As SqlCredential, newPassword As SecureString)Public Shared Sub ChangePassword (connectionString As String, credential As SqlCredential, newSecurePassword As SecureString)Parameters
- connectionString
- String
The connection string that contains enough information to connect to a server. The connection string should not use any of the following connection string keywords: Integrated Security = true, UserId, or Password; or ContextConnection = true.
- credential
- SqlCredential
A SqlCredential object.
- newPasswordnewSecurePassword
- SecureString
The new password.newPassword must be read only. The password must also comply with any password security policy set on the server (for example, minimum length and requirements for specific characters).
Exceptions
The connection string contains any combination of UserId, Password, or Integrated Security=true.
-or-
The connection string contains Context Connection=true.
-or-
newSecurePassword (or newPassword) is greater than 128 characters.
-or-
newSecurePassword (or newPassword) is not read only.
-or-
newSecurePassword (or newPassword) is an empty string.
One of the parameters (connectionString, credential, or newSecurePassword) is null.
See also
Applies to
ChangePassword(String, String)
Changes the SQL Server password for the user indicated in the connection string to the specified new password.
public:
static void ChangePassword(System::String ^ connectionString, System::String ^ newPassword);public static void ChangePassword (string connectionString, string newPassword);static member ChangePassword : string * string -> unitPublic Shared Sub ChangePassword (connectionString As String, newPassword As String)Parameters
- connectionString
- String
The connection string that contains enough information to connect to the server that you want. The connection string must contain the user ID and the current password.
- newPassword
- String
The new password to set. This password must comply with any password security policy set on the server, including minimum length, requirements for specific characters, and so on.
Exceptions
The connection string includes the option to use integrated security.
Or
The newPassword exceeds 128 characters.
Either the connectionString or the newPassword parameter is null.
Remarks
When you're using SQL Server on Windows Server, you can take advantage of functionality that lets the client application supply both the current and a new password in order to change the existing password. Applications can implement functionality such as prompting the user for a new password during initial login if the old one has expired, and this operation can be completed without administrator intervention.
Warning
Microsoft does not recommend providing your user name and password directly, because it's an insecure pattern. Where possible, use more secure authentication flows, such as Managed Identities for Azure resources, or Windows authentication for SQL Server.
The ChangePassword method changes the SQL Server password for the user indicated in the supplied connectionString parameter to the value supplied in the newPassword parameter. If the connection string includes the option for integrated security (that is, "Integrated Security=True" or the equivalent), an exception is thrown.
To determine that the password has expired, calling the Open method raises a SqlException. In order to indicate that the password that is contained within the connection string must be reset, the Number property for the exception contains the status value 18487 or 18488. The first value (18487) indicates that the password has expired and the second (18488) indicates that the password must be reset before logging in.
This method opens its own connection to the server, requests the password change, and closes the connection as soon as it has completed. This connection is not retrieved from or returned to the SQL Server connection pool.
See also
- Connection Strings (ADO.NET)
- Connecting to a Data Source (ADO.NET)
- Using the .NET Framework Data Provider for SQL Server
- ADO.NET Overview
