How do you change a hashed password using asp.net membership provider if you don’t know the current password?

by

Problem, there’s no method:

bool ChangePassword(string newPassword);

You have to know the current password (which is probably hashed and forgotten).

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

This is an easy one that I wasted too much time on. Hopefully this post saves someone else the pain of slapping their forehead as hard as I did.

Solution, reset the password randomly and pass that into the change method.

MembershipUser u = Membership.GetUser();
u.ChangePassword(u.ResetPassword(), "myAwesomePassword");

Method 2

You are not able to change the password if the requiresQuestionAndAnswer=”true”

I got the work around for this

Created two membership providers in web.config

i am using the AspNetSqlMembershipProviderReset provider for reseting the password since it has the requiresQuestionAndAnswer= false where as AspNetSqlMembershipProvider is the default provider used.

i wrote the following code to reset the password for the user.

public bool ResetUserPassword(String psUserName, String psNewPassword)
{
try
{
// Get Membership user details using secound membership provider with required question answer set to false.

        MembershipUser currentUser = Membership.Providers["AspNetSqlMembershipProviderReset"].GetUser(psUserName,false);

        //Reset the user password.
        String vsResetPassword = currentUser.ResetPassword();            

        //Change the User password with the required password            
        currentUser.ChangePassword(vsResetPassword, psNewPassword);
        //Changed the comments to to force the user to change the password on next login attempt
        currentUser.Comment = "CHANGEPASS";
        //Check if the user is locked out and if yes unlock the user
        if (currentUser.IsLockedOut == true)
        {
            currentUser.UnlockUser();
        }
        Membership.Providers["AspNetSqlMembershipProviderReset"].UpdateUser(currentUser);            return true;
    }
    catch (Exception ex)
    {
        throw ex;
        return false;
    }
}


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x