Changing a users password without knowing the old password nor the answer to the password question

  • Thread starter Thread starter AAaron123
  • Start date Start date
A

AAaron123

I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!

I googled a few times, also without success.

I think I need a custom provider since the default one I use to create a
user account is:

<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

Based on the note below I wonder if I could change the password if I knew
how to make a second AspNetSqlMembershipProvider in my solution and somehow
get ResetPassword to use it. Is something like that possible?

Maybe I need a folder with its own web.config file or a completly separate
application?

Can anyone give me a little direction or code ?

Thanks in advance for any help at all


In some organizations, a Customer Service department may wish to change a
user's password to a new known value, perhaps in response to a customer
request. The ChangePassword method, which appears to handle this need,
unfortunately requires the original user password which is usually
unavailable to the site administrator. By setting
"requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
"enablePasswordReset" to true in web.config, the ResetPassword and
ChangePassword methods can be used to change a user's password to a known
value, regardless of the password format:
 
When you setup the SQL Server membership provider, it creates a number of
stored procedures as well as the necessary tables. Look at some of the
stored procs to see if you can call them directly to accomplish what you
want:
aspnet_Membership_SetPassword
aspnet_Membership_ResetPassword
 
Without documentation I don't think I could use them. For example,
PasswordSalt and PasswordFormat; I have no idea how to specify them. I
searched in Help for PasswordSalt and did get hits but I don't think they
apply.

If I, for example, Google for Set Password AspNetSqlMembershipProvider I
get many hits but they all seem to be looking for help, not giving it.
Actually, there are also some good tutorial articles that get close to my
problem, but not close enough. I Googled many combinations of keys with the
same result. I beginning to think no one knows how to do it.

I suppose it's possible that except with some very low level coding it can't
be done - maybe MS wanted it that way.

Thanks for replying
 
Back
Top