We have a Change Password form on our website where an Umbraco Member can change their password by entering their current password and a new password.

If I use Services.MemberService.SavePassword(member, newPassword) I can update the member's password, but this doesn't check that the current password they entered is valid.

If I use MembersMembershipProvider.ChangePassword(username, currentPassword, newPassword) I can change the password, but again this doesn't check that the current password they entered is valid - possibly because allowManuallyChangingPassword="true" in web.config (I need this set to true to allow users to reset their passwords if they forget their current password)

I've tried using MembersMembershipProvider.ValidateUser(username, currentPassword) to validate the current password, but this always returns false, and appears to set the IsLockedOut flag.

How can I implement Change Password whilst validating that they have provided the correct value for current password?