Change a users password without knowing the old password nor the answer to the password question

  • Thread starter Thread starter AAaron123
  • Start date Start date
A

AAaron123

I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!

I googled a few times, also without success.

I think I need a custom provider since the default one I use to create a
user account is:

<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

Based on the note below I wonder if I could change the password if I knew
how to make a second AspNetSqlMembershipProvider in my solution and somehow
get ResetPassword to use it. Is something like that possible?

Maybe I need a folder with its own web.config file or a completly separate
application?

Can anyone give me a little direction or code ?

Thanks in advance for any help at all


In some organizations, a Customer Service department may wish to change a
user's password to a new known value, perhaps in response to a customer
request. The ChangePassword method, which appears to handle this need,
unfortunately requires the original user password which is usually
unavailable to the site administrator. By setting
"requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
"enablePasswordReset" to true in web.config, the ResetPassword and
ChangePassword methods can be used to change a user's password to a known
value, regardless of the password format:
 
Hi AAraon123,
AAaron123 said:
I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!
I use this:
[WebMethod]
public string ResetPassword(string application, string userName)
{
Membership.ApplicationName = application;
if (Membership.EnablePasswordReset &&
!Membership.RequiresQuestionAndAnswer)
{
MembershipUser membershipUser =
Membership.GetUser(userName);
return membershipUser.ResetPassword();
}
return String.Empty;
}

with these settings:
<membership defaultProvider="MyProvider">
<providers>
<add connectionStringName="MyProvider" enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Stibil" name="MyProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
 
Back
Top