Change a users password without knowing the old password nor the answer to the password question

Discussion in 'ASP .Net' started by AAaron123, Jan 15, 2009.

  1. AAaron123

    AAaron123 Guest

    I've been trying to create the capability of changing a users password
    without knowing the old password nor the answer to the password question.

    Without success!

    I googled a few times, also without success.

    I think I need a custom provider since the default one I use to create a
    user account is:

    <membership>
    <providers>
    <add name="AspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
    enablePasswordReset="true" requiresQuestionAndAnswer="true"
    applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
    maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
    passwordStrengthRegularExpression=""/>
    </providers>
    </membership>

    Based on the note below I wonder if I could change the password if I knew
    how to make a second AspNetSqlMembershipProvider in my solution and somehow
    get ResetPassword to use it. Is something like that possible?

    Maybe I need a folder with its own web.config file or a completly separate
    application?

    Can anyone give me a little direction or code ?

    Thanks in advance for any help at all


    In some organizations, a Customer Service department may wish to change a
    user's password to a new known value, perhaps in response to a customer
    request. The ChangePassword method, which appears to handle this need,
    unfortunately requires the original user password which is usually
    unavailable to the site administrator. By setting
    "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
    "enablePasswordReset" to true in web.config, the ResetPassword and
    ChangePassword methods can be used to change a user's password to a known
    value, regardless of the password format:
    AAaron123, Jan 15, 2009
    #1
    1. Advertising

  2. AAaron123

    Oriane Guest

    Hi AAraon123,
    "AAaron123" <> a écrit dans le message de
    news:...
    > I've been trying to create the capability of changing a users password
    > without knowing the old password nor the answer to the password question.
    >
    > Without success!

    I use this:
    [WebMethod]
    public string ResetPassword(string application, string userName)
    {
    Membership.ApplicationName = application;
    if (Membership.EnablePasswordReset &&
    !Membership.RequiresQuestionAndAnswer)
    {
    MembershipUser membershipUser =
    Membership.GetUser(userName);
    return membershipUser.ResetPassword();
    }
    return String.Empty;
    }

    with these settings:
    <membership defaultProvider="MyProvider">
    <providers>
    <add connectionStringName="MyProvider" enablePasswordRetrieval="true"
    enablePasswordReset="true" requiresQuestionAndAnswer="false"
    applicationName="Stibil" name="MyProvider"
    type="System.Web.Security.SqlMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    </providers>
    </membership>
    Oriane, Jan 16, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page