How do you change a hashed password using asp.net membership provider if you don't know the current password?
Problem, there's no method:
bool ChangePassword(string newPassword);
You have to know the current password (which is probably hashed and forgotten).
Solution 1:
This is an easy one that I wasted too much time on. Hopefully this post saves someone else the pain of slapping their forehead as hard as I did.
Solution, reset the password randomly and pass that into the change method.
MembershipUser u = Membership.GetUser();
u.ChangePassword(u.ResetPassword(), "myAwesomePassword");
Solution 2:
You are not able to change the password if the requiresQuestionAndAnswer="true"
I got the work around for this
Created two membership providers in web.config
i am using the AspNetSqlMembershipProviderReset provider for reseting the password since it has the requiresQuestionAndAnswer= false where as AspNetSqlMembershipProvider is the default provider used.
i wrote the following code to reset the password for the user.
public bool ResetUserPassword(String psUserName, String psNewPassword) { try { // Get Membership user details using secound membership provider with required question answer set to false.
MembershipUser currentUser = Membership.Providers["AspNetSqlMembershipProviderReset"].GetUser(psUserName,false);
//Reset the user password.
String vsResetPassword = currentUser.ResetPassword();
//Change the User password with the required password
currentUser.ChangePassword(vsResetPassword, psNewPassword);
//Changed the comments to to force the user to change the password on next login attempt
currentUser.Comment = "CHANGEPASS";
//Check if the user is locked out and if yes unlock the user
if (currentUser.IsLockedOut == true)
{
currentUser.UnlockUser();
}
Membership.Providers["AspNetSqlMembershipProviderReset"].UpdateUser(currentUser); return true;
}
catch (Exception ex)
{
throw ex;
return false;
}
}