Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Identity change password

I need ability to change password for user by admin. So, admin should not enter a current password of user, he should have ability to set a new password. I look at ChangePasswordAsync method, but this method requires to enter old password. So, this method is not appropriate for this task. Therefore I have made it by the following way:

    [HttpPost]     public async Task<ActionResult> ChangePassword(ViewModels.Admin.ChangePasswordViewModel model)     {         var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();         var result = await userManager.RemovePasswordAsync(model.UserId);         if (result.Succeeded)         {             result = await userManager.AddPasswordAsync(model.UserId, model.Password);             if (result.Succeeded)             {                 return RedirectToAction("UserList");             }             else             {                 ModelState.AddModelError("", result.Errors.FirstOrDefault());             }         }         else         {             ModelState.AddModelError("", result.Errors.FirstOrDefault());         }         return View(model);     } 

it works, but theoretically we can receive error on AddPasswordAsync method. So, old password will be removed but new is not set. It's not good. Any way to do it in "one transaction"? PS. I seen ResetPasswordAsync method with reset token, seems, it's more safe (because can't be unstable situation with user) but in any case, it does by 2 actions.

like image 418
Oleg Sh Avatar asked Mar 27 '15 00:03

Oleg Sh


People also ask

How can I change my password in asp net?

After successful login a Change password link will be visible. Here by clicking the link a new page will appear where the user must enter the Current Password, New Password and Confirm Password and then click on the Update button to change his/her password respectively.

Is ASP NET identity?

ASP.NET Core Identity: Is an API that supports user interface (UI) login functionality. Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.

Is ASP NET identity free?

IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core.


2 Answers

EDIT: I know the OP requested an answer which performs the task in one transaction but I think the code is useful to people.

All the answers use the PasswordHasher directly which isn't a good idea as you will lose some baked in functionality (validation etc).

An alternative (and I would assume the recommended approach) is to create a password reset token and then use that to change the password. Example:

var user = await UserManager.FindByIdAsync(id);  var token = await UserManager.GeneratePasswordResetTokenAsync(user);  var result = await UserManager.ResetPasswordAsync(user, token, "MyN3wP@ssw0rd"); 
like image 140
Lee Gunn Avatar answered Sep 20 '22 09:09

Lee Gunn


This method worked for me:

public async Task<IHttpActionResult> changePassword(UsercredentialsModel usermodel) {   ApplicationUser user = await AppUserManager.FindByIdAsync(usermodel.Id);   if (user == null)   {     return NotFound();   }   user.PasswordHash = AppUserManager.PasswordHasher.HashPassword(usermodel.Password);   var result = await AppUserManager.UpdateAsync(user);   if (!result.Succeeded)   {     //throw exception......   }   return Ok(); } 
like image 42
bryan c Avatar answered Sep 20 '22 09:09

bryan c