Change a users password without knowing the old password nor the answer to the password question

A

AAaron123

I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!

I googled a few times, also without success.

I think I need a custom provider since the default one I use to create a
user account is:

<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

Based on the note below I wonder if I could change the password if I knew
how to make a second AspNetSqlMembershipProvider in my solution and somehow
get ResetPassword to use it. Is something like that possible?

Maybe I need a folder with its own web.config file or a completly separate
application?

Can anyone give me a little direction or code ?

Thanks in advance for any help at all


In some organizations, a Customer Service department may wish to change a
user's password to a new known value, perhaps in response to a customer
request. The ChangePassword method, which appears to handle this need,
unfortunately requires the original user password which is usually
unavailable to the site administrator. By setting
"requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
"enablePasswordReset" to true in web.config, the ResetPassword and
ChangePassword methods can be used to change a user's password to a known
value, regardless of the password format:
 
O

Oriane

Hi AAraon123,
AAaron123 said:
I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!
I use this:
[WebMethod]
public string ResetPassword(string application, string userName)
{
Membership.ApplicationName = application;
if (Membership.EnablePasswordReset &&
!Membership.RequiresQuestionAndAnswer)
{
MembershipUser membershipUser =
Membership.GetUser(userName);
return membershipUser.ResetPassword();
}
return String.Empty;
}

with these settings:
<membership defaultProvider="MyProvider">
<providers>
<add connectionStringName="MyProvider" enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Stibil" name="MyProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,821
Messages
2,569,725
Members
45,511
Latest member
Osiris-Team

Latest Threads

Top