How do you change a hashed password using asp.net membership provider if you don't know the current password?

Problem, there's no method:

bool ChangePassword(string newPassword);

You have to know the current password (which is probably hashed and forgotten).


Solution 1:

This is an easy one that I wasted too much time on. Hopefully this post saves someone else the pain of slapping their forehead as hard as I did.

Solution, reset the password randomly and pass that into the change method.

MembershipUser u = Membership.GetUser();
u.ChangePassword(u.ResetPassword(), "myAwesomePassword");

Solution 2:

You are not able to change the password if the requiresQuestionAndAnswer="true"

I got the work around for this

Created two membership providers in web.config

i am using the AspNetSqlMembershipProviderReset provider for reseting the password since it has the requiresQuestionAndAnswer= false where as AspNetSqlMembershipProvider is the default provider used.

i wrote the following code to reset the password for the user.

public bool ResetUserPassword(String psUserName, String psNewPassword) { try { // Get Membership user details using secound membership provider with required question answer set to false.

        MembershipUser currentUser = Membership.Providers["AspNetSqlMembershipProviderReset"].GetUser(psUserName,false);

        //Reset the user password.
        String vsResetPassword = currentUser.ResetPassword();            

        //Change the User password with the required password            
        currentUser.ChangePassword(vsResetPassword, psNewPassword);
        //Changed the comments to to force the user to change the password on next login attempt
        currentUser.Comment = "CHANGEPASS";
        //Check if the user is locked out and if yes unlock the user
        if (currentUser.IsLockedOut == true)
        {
            currentUser.UnlockUser();
        }
        Membership.Providers["AspNetSqlMembershipProviderReset"].UpdateUser(currentUser);            return true;
    }
    catch (Exception ex)
    {
        throw ex;
        return false;
    }
}