Changing a users password without knowing the old password nor the answer to the password question



I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!

I googled a few times, also without success.

I think I need a custom provider since the default one I use to create a
user account is:

<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"

Based on the note below I wonder if I could change the password if I knew
how to make a second AspNetSqlMembershipProvider in my solution and somehow
get ResetPassword to use it. Is something like that possible?

Maybe I need a folder with its own web.config file or a completly separate

Can anyone give me a little direction or code ?

Thanks in advance for any help at all

In some organizations, a Customer Service department may wish to change a
user's password to a new known value, perhaps in response to a customer
request. The ChangePassword method, which appears to handle this need,
unfortunately requires the original user password which is usually
unavailable to the site administrator. By setting
"requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
"enablePasswordReset" to true in web.config, the ResetPassword and
ChangePassword methods can be used to change a user's password to a known
value, regardless of the password format:

Paul Shapiro

When you setup the SQL Server membership provider, it creates a number of
stored procedures as well as the necessary tables. Look at some of the
stored procs to see if you can call them directly to accomplish what you


Without documentation I don't think I could use them. For example,
PasswordSalt and PasswordFormat; I have no idea how to specify them. I
searched in Help for PasswordSalt and did get hits but I don't think they

If I, for example, Google for Set Password AspNetSqlMembershipProvider I
get many hits but they all seem to be looking for help, not giving it.
Actually, there are also some good tutorial articles that get close to my
problem, but not close enough. I Googled many combinations of keys with the
same result. I beginning to think no one knows how to do it.

I suppose it's possible that except with some very low level coding it can't
be done - maybe MS wanted it that way.

Thanks for replying

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Latest member

Latest Threads