Hi Andrzej,

To set properties like the password property that is not legal for anonymous users, you must use another session with sufficient priviledges. One such session is the built in SystemSession, which has admin rights. You access the session with WAFRuntime.SystemSession

A session is associated with a content when you retrieve it, so to be able to perform the function you are looking for you must make sure you use the SystemSession when you retrieve the user content. Example:

var user = WAFRuntime.SystemSession.GetContent<SystemUser>(NodeId);

user.Password.Set(newPassword);

user.UpdateChanges();

PS: Remember that there are built in password requirements in Webnodes that are turned on by default. You can change this in the Ontology module if you need to. The default requirements are: a mix of numbers and letter, lower and upper case letters, a minimum length of 5 chars, and that the password is not found in a built in list of the most 500 000 commonly used passwords.

To test in advance if a new password meets the requirements you can call this method:

user.Password.Test(newPassword)

BTW: By default passwords are hashed, ie, impossible to retrieve once set. This is the recommended setting, however there is also an encrypted mode built in, that makes it possible to retrieve the password. The password storing mode can be specified induvidually on each password by: user.Password.Set(newPassword, mode). (If the mode is not specified, it takes the default, defined in the Ontology module)

For information about security in general see this post: http://developer.webnodes.com/security-setup

Hi, you are right, sorry!

I meant:

 user.DoesPasswordMeetRequirements(string password, out string failedRequirement)

Yes, this is the reason.

Hi, see this post: http://developer.webnodes.com/webnodes-authentication-code-behind