Changing a users password without knowing the old password nor the answer to the password question

Discussion in 'ASP .Net' started by AAaron123, Jan 15, 2009.

  1. AAaron123

    AAaron123 Guest

    I've been trying to create the capability of changing a users password
    without knowing the old password nor the answer to the password question.

    Without success!

    I googled a few times, also without success.

    I think I need a custom provider since the default one I use to create a
    user account is:

    <membership>
    <providers>
    <add name="AspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
    enablePasswordReset="true" requiresQuestionAndAnswer="true"
    applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
    maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
    passwordStrengthRegularExpression=""/>
    </providers>
    </membership>

    Based on the note below I wonder if I could change the password if I knew
    how to make a second AspNetSqlMembershipProvider in my solution and somehow
    get ResetPassword to use it. Is something like that possible?

    Maybe I need a folder with its own web.config file or a completly separate
    application?

    Can anyone give me a little direction or code ?

    Thanks in advance for any help at all


    In some organizations, a Customer Service department may wish to change a
    user's password to a new known value, perhaps in response to a customer
    request. The ChangePassword method, which appears to handle this need,
    unfortunately requires the original user password which is usually
    unavailable to the site administrator. By setting
    "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
    "enablePasswordReset" to true in web.config, the ResetPassword and
    ChangePassword methods can be used to change a user's password to a known
    value, regardless of the password format:
    AAaron123, Jan 15, 2009
    #1
    1. Advertising

  2. AAaron123

    Paul Shapiro Guest

    When you setup the SQL Server membership provider, it creates a number of
    stored procedures as well as the necessary tables. Look at some of the
    stored procs to see if you can call them directly to accomplish what you
    want:
    aspnet_Membership_SetPassword
    aspnet_Membership_ResetPassword

    "AAaron123" <> wrote in message
    news:...
    > I've been trying to create the capability of changing a users password
    > without knowing the old password nor the answer to the password question.
    >
    > Without success!
    >
    > I googled a few times, also without success.
    >
    > I think I need a custom provider since the default one I use to create a
    > user account is:
    >
    > <membership>
    > <providers>
    > <add name="AspNetSqlMembershipProvider"
    > type="System.Web.Security.SqlMembershipProvider, System.Web,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
    > enablePasswordReset="true" requiresQuestionAndAnswer="true"
    > applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
    > maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    > minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
    > passwordStrengthRegularExpression=""/>
    > </providers>
    > </membership>
    >
    > Based on the note below I wonder if I could change the password if I knew
    > how to make a second AspNetSqlMembershipProvider in my solution and
    > somehow
    > get ResetPassword to use it. Is something like that possible?
    >
    > Maybe I need a folder with its own web.config file or a completly separate
    > application?
    >
    > Can anyone give me a little direction or code ?
    >
    > Thanks in advance for any help at all
    >
    >
    > In some organizations, a Customer Service department may wish to change a
    > user's password to a new known value, perhaps in response to a customer
    > request. The ChangePassword method, which appears to handle this need,
    > unfortunately requires the original user password which is usually
    > unavailable to the site administrator. By setting
    > "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true
    > and
    > "enablePasswordReset" to true in web.config, the ResetPassword and
    > ChangePassword methods can be used to change a user's password to a known
    > value, regardless of the password format:
    >
    >
    >
    Paul Shapiro, Jan 16, 2009
    #2
    1. Advertising

  3. AAaron123

    AAaron123 Guest

    Without documentation I don't think I could use them. For example,
    PasswordSalt and PasswordFormat; I have no idea how to specify them. I
    searched in Help for PasswordSalt and did get hits but I don't think they
    apply.

    If I, for example, Google for Set Password AspNetSqlMembershipProvider I
    get many hits but they all seem to be looking for help, not giving it.
    Actually, there are also some good tutorial articles that get close to my
    problem, but not close enough. I Googled many combinations of keys with the
    same result. I beginning to think no one knows how to do it.

    I suppose it's possible that except with some very low level coding it can't
    be done - maybe MS wanted it that way.

    Thanks for replying


    "Paul Shapiro" <> wrote in message
    news:...
    > When you setup the SQL Server membership provider, it creates a number of
    > stored procedures as well as the necessary tables. Look at some of the
    > stored procs to see if you can call them directly to accomplish what you
    > want:
    > aspnet_Membership_SetPassword
    > aspnet_Membership_ResetPassword
    >
    > "AAaron123" <> wrote in message
    > news:...
    >> I've been trying to create the capability of changing a users password
    >> without knowing the old password nor the answer to the password question.
    >>
    >> Without success!
    >>
    >> I googled a few times, also without success.
    >>
    >> I think I need a custom provider since the default one I use to create a
    >> user account is:
    >>
    >> <membership>
    >> <providers>
    >> <add name="AspNetSqlMembershipProvider"
    >> type="System.Web.Security.SqlMembershipProvider, System.Web,
    >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    >> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
    >> enablePasswordReset="true" requiresQuestionAndAnswer="true"
    >> applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
    >> maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
    >> minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
    >> passwordStrengthRegularExpression=""/>
    >> </providers>
    >> </membership>
    >>
    >> Based on the note below I wonder if I could change the password if I knew
    >> how to make a second AspNetSqlMembershipProvider in my solution and
    >> somehow
    >> get ResetPassword to use it. Is something like that possible?
    >>
    >> Maybe I need a folder with its own web.config file or a completly
    >> separate
    >> application?
    >>
    >> Can anyone give me a little direction or code ?
    >>
    >> Thanks in advance for any help at all
    >>
    >>
    >> In some organizations, a Customer Service department may wish to change a
    >> user's password to a new known value, perhaps in response to a customer
    >> request. The ChangePassword method, which appears to handle this need,
    >> unfortunately requires the original user password which is usually
    >> unavailable to the site administrator. By setting
    >> "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true
    >> and
    >> "enablePasswordReset" to true in web.config, the ResetPassword and
    >> ChangePassword methods can be used to change a user's password to a known
    >> value, regardless of the password format:
    >>
    >>
    >>

    >
    AAaron123, Jan 16, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page